[Pkg-openldap-devel] r1195 - in openldap/vendor/openldap-release: . build clients clients/tools contrib contrib/ldapc++ contrib/ldapc++/src contrib/ldapc++/src/ac contrib/slapd-modules contrib/slapd-modules/acl contrib/slapd-modules/addpartial contrib/slapd-modules/allop contrib/slapd-modules/autogroup contrib/slapd-modules/cloak contrib/slapd-modules/comp_match contrib/slapd-modules/denyop contrib/slapd-modules/dsaschema contrib/slapd-modules/lastmod contrib/slapd-modules/nops contrib/slapd-modules/nssov contrib/slapd-modules/passwd contrib/slapd-modules/passwd/sha2 contrib/slapd-modules/smbk5pwd contrib/slapd-modules/trace contrib/slapd-tools contrib/slapi-plugins/addrdnvalues doc doc/devel doc/guide doc/guide/admin doc/guide/images/src doc/guide/release doc/man doc/man/man1 doc/man/man3 doc/man/man5 doc/man/man8 include include/ac libraries libraries/liblber libraries/libldap libraries/libldap_r libraries/liblunicode libraries/liblunicode/ucdata libraries/liblunicode/ure libraries/liblunicode/utbm libraries/liblutil libraries/librewrite servers servers/slapd servers/slapd/back-bdb servers/slapd/back-dnssrv servers/slapd/back-hdb servers/slapd/back-ldap servers/slapd/back-ldif servers/slapd/back-meta servers/slapd/back-monitor servers/slapd/back-ndb servers/slapd/back-null servers/slapd/back-passwd servers/slapd/back-perl servers/slapd/back-relay servers/slapd/back-shell servers/slapd/back-sock servers/slapd/back-sql servers/slapd/back-sql/rdbms_depend/timesten/dnreverse servers/slapd/overlays servers/slapd/schema servers/slapd/shell-backends servers/slapd/slapi tests tests/data tests/data/regressions/its4184 tests/data/regressions/its4326 tests/data/regressions/its4336 tests/data/regressions/its4337 tests/data/regressions/its4448 tests/progs tests/scripts

vorlon at alioth.debian.org vorlon at alioth.debian.org
Tue Feb 17 16:19:06 UTC 2009


Author: vorlon
Date: 2009-02-17 16:18:54 +0000 (Tue, 17 Feb 2009)
New Revision: 1195

Added:
   openldap/vendor/openldap-release/clients/tools/ldapurl.c
   openldap/vendor/openldap-release/contrib/slapd-modules/cloak/
   openldap/vendor/openldap-release/contrib/slapd-modules/cloak/Makefile
   openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c
   openldap/vendor/openldap-release/contrib/slapd-modules/cloak/slapo-cloak.5
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/Makefile
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/README
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.c
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.h
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
   openldap/vendor/openldap-release/doc/guide/admin/limits.sdf
   openldap/vendor/openldap-release/doc/man/man1/ldapurl.1
   openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5
   openldap/vendor/openldap-release/include/lutil_meter.h
   openldap/vendor/openldap-release/libraries/libldap/deref.c
   openldap/vendor/openldap-release/libraries/libldap/gssapi.c
   openldap/vendor/openldap-release/libraries/libldap/ldap-tls.h
   openldap/vendor/openldap-release/libraries/libldap/tls2.c
   openldap/vendor/openldap-release/libraries/libldap/tls_g.c
   openldap/vendor/openldap-release/libraries/libldap/tls_m.c
   openldap/vendor/openldap-release/libraries/libldap/tls_o.c
   openldap/vendor/openldap-release/libraries/liblutil/meter.c
   openldap/vendor/openldap-release/servers/slapd/back-ndb/
   openldap/vendor/openldap-release/servers/slapd/back-ndb/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-ndb/TODO
   openldap/vendor/openldap-release/servers/slapd/back-ndb/add.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/attrsets.conf
   openldap/vendor/openldap-release/servers/slapd/back-ndb/back-ndb.h
   openldap/vendor/openldap-release/servers/slapd/back-ndb/bind.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/compare.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/config.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/delete.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/init.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/modify.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/modrdn.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/ndbio.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/proto-ndb.h
   openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp
   openldap/vendor/openldap-release/servers/slapd/back-ndb/tools.cpp
   openldap/vendor/openldap-release/servers/slapd/overlays/deref.c
   openldap/vendor/openldap-release/servers/slapd/schema/pmi.schema
   openldap/vendor/openldap-release/tests/data/ndb.conf
   openldap/vendor/openldap-release/tests/data/slapd-valregex.conf
   openldap/vendor/openldap-release/tests/scripts/monitor_data.sh
   openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load
   openldap/vendor/openldap-release/tests/scripts/test055-valregex
Removed:
   openldap/vendor/openldap-release/build/crupdate
   openldap/vendor/openldap-release/build/db.4.2.52.patch
   openldap/vendor/openldap-release/libraries/libldap/tls.c
Modified:
   openldap/vendor/openldap-release/ANNOUNCEMENT
   openldap/vendor/openldap-release/CHANGES
   openldap/vendor/openldap-release/COPYRIGHT
   openldap/vendor/openldap-release/INSTALL
   openldap/vendor/openldap-release/Makefile.in
   openldap/vendor/openldap-release/README
   openldap/vendor/openldap-release/build/config.guess
   openldap/vendor/openldap-release/build/config.sub
   openldap/vendor/openldap-release/build/dir.mk
   openldap/vendor/openldap-release/build/info.mk
   openldap/vendor/openldap-release/build/lib-shared.mk
   openldap/vendor/openldap-release/build/lib-static.mk
   openldap/vendor/openldap-release/build/lib.mk
   openldap/vendor/openldap-release/build/ltmain.sh
   openldap/vendor/openldap-release/build/man.mk
   openldap/vendor/openldap-release/build/missing
   openldap/vendor/openldap-release/build/mkdep
   openldap/vendor/openldap-release/build/mkdep.aix
   openldap/vendor/openldap-release/build/mkrelease
   openldap/vendor/openldap-release/build/mkvers.bat
   openldap/vendor/openldap-release/build/mkversion
   openldap/vendor/openldap-release/build/mod.mk
   openldap/vendor/openldap-release/build/openldap.m4
   openldap/vendor/openldap-release/build/rules.mk
   openldap/vendor/openldap-release/build/srv.mk
   openldap/vendor/openldap-release/build/top.mk
   openldap/vendor/openldap-release/build/version.h
   openldap/vendor/openldap-release/build/version.sh
   openldap/vendor/openldap-release/build/version.var
   openldap/vendor/openldap-release/clients/Makefile.in
   openldap/vendor/openldap-release/clients/tools/Makefile.in
   openldap/vendor/openldap-release/clients/tools/common.c
   openldap/vendor/openldap-release/clients/tools/common.h
   openldap/vendor/openldap-release/clients/tools/ldapcompare.c
   openldap/vendor/openldap-release/clients/tools/ldapdelete.c
   openldap/vendor/openldap-release/clients/tools/ldapexop.c
   openldap/vendor/openldap-release/clients/tools/ldapmodify.c
   openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c
   openldap/vendor/openldap-release/clients/tools/ldappasswd.c
   openldap/vendor/openldap-release/clients/tools/ldapsearch.c
   openldap/vendor/openldap-release/clients/tools/ldapwhoami.c
   openldap/vendor/openldap-release/configure
   openldap/vendor/openldap-release/configure.in
   openldap/vendor/openldap-release/contrib/ConfigOIDs
   openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT
   openldap/vendor/openldap-release/contrib/ldapc++/configure
   openldap/vendor/openldap-release/contrib/ldapc++/configure.in
   openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.cpp
   openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.h
   openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.cpp
   openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.h
   openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.cpp
   openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.h
   openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h
   openldap/vendor/openldap-release/contrib/slapd-modules/README
   openldap/vendor/openldap-release/contrib/slapd-modules/acl/README
   openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c
   openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/Makefile
   openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/addpartial-overlay.c
   openldap/vendor/openldap-release/contrib/slapd-modules/allop/README
   openldap/vendor/openldap-release/contrib/slapd-modules/allop/allop.c
   openldap/vendor/openldap-release/contrib/slapd-modules/allop/slapo-allop.5
   openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/autogroup.c
   openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile
   openldap/vendor/openldap-release/contrib/slapd-modules/denyop/denyop.c
   openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README
   openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c
   openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/lastmod.c
   openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/slapo-lastmod.5
   openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile
   openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c
   openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c
   openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h
   openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c
   openldap/vendor/openldap-release/contrib/slapd-modules/passwd/radius.c
   openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
   openldap/vendor/openldap-release/contrib/slapd-modules/trace/trace.c
   openldap/vendor/openldap-release/contrib/slapd-tools/README
   openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README
   openldap/vendor/openldap-release/doc/Makefile.in
   openldap/vendor/openldap-release/doc/devel/args
   openldap/vendor/openldap-release/doc/guide/COPYRIGHT
   openldap/vendor/openldap-release/doc/guide/admin/Makefile
   openldap/vendor/openldap-release/doc/guide/admin/README.spellcheck
   openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf
   openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf
   openldap/vendor/openldap-release/doc/guide/admin/admin.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-changes.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-common-errors.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-configs.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-contrib.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-deployments.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-ldap-result-codes.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-recommended-versions.sdf
   openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf
   openldap/vendor/openldap-release/doc/guide/admin/aspell.en.pws
   openldap/vendor/openldap-release/doc/guide/admin/backends.sdf
   openldap/vendor/openldap-release/doc/guide/admin/config.sdf
   openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf
   openldap/vendor/openldap-release/doc/guide/admin/glossary.sdf
   openldap/vendor/openldap-release/doc/guide/admin/guide.html
   openldap/vendor/openldap-release/doc/guide/admin/guide.sdf
   openldap/vendor/openldap-release/doc/guide/admin/index.sdf
   openldap/vendor/openldap-release/doc/guide/admin/install.sdf
   openldap/vendor/openldap-release/doc/guide/admin/intro.sdf
   openldap/vendor/openldap-release/doc/guide/admin/maintenance.sdf
   openldap/vendor/openldap-release/doc/guide/admin/master.sdf
   openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf
   openldap/vendor/openldap-release/doc/guide/admin/overlays.sdf
   openldap/vendor/openldap-release/doc/guide/admin/preface.sdf
   openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf
   openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf
   openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
   openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf
   openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
   openldap/vendor/openldap-release/doc/guide/admin/schema.sdf
   openldap/vendor/openldap-release/doc/guide/admin/security.sdf
   openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
   openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
   openldap/vendor/openldap-release/doc/guide/admin/title.sdf
   openldap/vendor/openldap-release/doc/guide/admin/tls.sdf
   openldap/vendor/openldap-release/doc/guide/admin/troubleshooting.sdf
   openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf
   openldap/vendor/openldap-release/doc/guide/images/src/README.fonts
   openldap/vendor/openldap-release/doc/guide/plain.sdf
   openldap/vendor/openldap-release/doc/guide/preamble.sdf
   openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf
   openldap/vendor/openldap-release/doc/guide/release/copyright.sdf
   openldap/vendor/openldap-release/doc/guide/release/install.sdf
   openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf
   openldap/vendor/openldap-release/doc/guide/release/license.sdf
   openldap/vendor/openldap-release/doc/man/Makefile.in
   openldap/vendor/openldap-release/doc/man/man1/Makefile.in
   openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
   openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
   openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
   openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
   openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
   openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
   openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
   openldap/vendor/openldap-release/doc/man/man3/Makefile.in
   openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
   openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
   openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
   openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3
   openldap/vendor/openldap-release/doc/man/man3/lber-types.3
   openldap/vendor/openldap-release/doc/man/man3/ldap.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3
   openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
   openldap/vendor/openldap-release/doc/man/man5/Makefile.in
   openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
   openldap/vendor/openldap-release/doc/man/man5/ldif.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-config.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
   openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5
   openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
   openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
   openldap/vendor/openldap-release/doc/man/man8/Makefile.in
   openldap/vendor/openldap-release/doc/man/man8/slapacl.8
   openldap/vendor/openldap-release/doc/man/man8/slapadd.8
   openldap/vendor/openldap-release/doc/man/man8/slapauth.8
   openldap/vendor/openldap-release/doc/man/man8/slapcat.8
   openldap/vendor/openldap-release/doc/man/man8/slapd.8
   openldap/vendor/openldap-release/doc/man/man8/slapdn.8
   openldap/vendor/openldap-release/doc/man/man8/slapindex.8
   openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
   openldap/vendor/openldap-release/doc/man/man8/slaptest.8
   openldap/vendor/openldap-release/include/Makefile.in
   openldap/vendor/openldap-release/include/ac/alloca.h
   openldap/vendor/openldap-release/include/ac/assert.h
   openldap/vendor/openldap-release/include/ac/bytes.h
   openldap/vendor/openldap-release/include/ac/crypt.h
   openldap/vendor/openldap-release/include/ac/ctype.h
   openldap/vendor/openldap-release/include/ac/dirent.h
   openldap/vendor/openldap-release/include/ac/errno.h
   openldap/vendor/openldap-release/include/ac/fdset.h
   openldap/vendor/openldap-release/include/ac/localize.h
   openldap/vendor/openldap-release/include/ac/param.h
   openldap/vendor/openldap-release/include/ac/regex.h
   openldap/vendor/openldap-release/include/ac/setproctitle.h
   openldap/vendor/openldap-release/include/ac/signal.h
   openldap/vendor/openldap-release/include/ac/socket.h
   openldap/vendor/openldap-release/include/ac/stdarg.h
   openldap/vendor/openldap-release/include/ac/stdlib.h
   openldap/vendor/openldap-release/include/ac/string.h
   openldap/vendor/openldap-release/include/ac/sysexits.h
   openldap/vendor/openldap-release/include/ac/syslog.h
   openldap/vendor/openldap-release/include/ac/termios.h
   openldap/vendor/openldap-release/include/ac/time.h
   openldap/vendor/openldap-release/include/ac/unistd.h
   openldap/vendor/openldap-release/include/ac/wait.h
   openldap/vendor/openldap-release/include/avl.h
   openldap/vendor/openldap-release/include/getopt-compat.h
   openldap/vendor/openldap-release/include/lber.h
   openldap/vendor/openldap-release/include/lber_pvt.h
   openldap/vendor/openldap-release/include/lber_types.hin
   openldap/vendor/openldap-release/include/ldap.h
   openldap/vendor/openldap-release/include/ldap_cdefs.h
   openldap/vendor/openldap-release/include/ldap_config.hin
   openldap/vendor/openldap-release/include/ldap_defaults.h
   openldap/vendor/openldap-release/include/ldap_features.hin
   openldap/vendor/openldap-release/include/ldap_int_thread.h
   openldap/vendor/openldap-release/include/ldap_log.h
   openldap/vendor/openldap-release/include/ldap_pvt.h
   openldap/vendor/openldap-release/include/ldap_pvt_thread.h
   openldap/vendor/openldap-release/include/ldap_pvt_uc.h
   openldap/vendor/openldap-release/include/ldap_queue.h
   openldap/vendor/openldap-release/include/ldap_rq.h
   openldap/vendor/openldap-release/include/ldap_schema.h
   openldap/vendor/openldap-release/include/ldap_utf8.h
   openldap/vendor/openldap-release/include/ldif.h
   openldap/vendor/openldap-release/include/lutil.h
   openldap/vendor/openldap-release/include/lutil_hash.h
   openldap/vendor/openldap-release/include/lutil_ldap.h
   openldap/vendor/openldap-release/include/lutil_lockf.h
   openldap/vendor/openldap-release/include/lutil_md5.h
   openldap/vendor/openldap-release/include/lutil_sha1.h
   openldap/vendor/openldap-release/include/portable.hin
   openldap/vendor/openldap-release/include/rewrite.h
   openldap/vendor/openldap-release/include/slapi-plugin.h
   openldap/vendor/openldap-release/include/sysexits-compat.h
   openldap/vendor/openldap-release/libraries/Makefile.in
   openldap/vendor/openldap-release/libraries/liblber/Makefile.in
   openldap/vendor/openldap-release/libraries/liblber/assert.c
   openldap/vendor/openldap-release/libraries/liblber/bprint.c
   openldap/vendor/openldap-release/libraries/liblber/debug.c
   openldap/vendor/openldap-release/libraries/liblber/decode.c
   openldap/vendor/openldap-release/libraries/liblber/dtest.c
   openldap/vendor/openldap-release/libraries/liblber/encode.c
   openldap/vendor/openldap-release/libraries/liblber/etest.c
   openldap/vendor/openldap-release/libraries/liblber/idtest.c
   openldap/vendor/openldap-release/libraries/liblber/io.c
   openldap/vendor/openldap-release/libraries/liblber/lber-int.h
   openldap/vendor/openldap-release/libraries/liblber/memory.c
   openldap/vendor/openldap-release/libraries/liblber/nt_err.c
   openldap/vendor/openldap-release/libraries/liblber/options.c
   openldap/vendor/openldap-release/libraries/liblber/sockbuf.c
   openldap/vendor/openldap-release/libraries/liblber/stdio.c
   openldap/vendor/openldap-release/libraries/libldap/Makefile.in
   openldap/vendor/openldap-release/libraries/libldap/abandon.c
   openldap/vendor/openldap-release/libraries/libldap/add.c
   openldap/vendor/openldap-release/libraries/libldap/addentry.c
   openldap/vendor/openldap-release/libraries/libldap/apitest.c
   openldap/vendor/openldap-release/libraries/libldap/assertion.c
   openldap/vendor/openldap-release/libraries/libldap/bind.c
   openldap/vendor/openldap-release/libraries/libldap/cancel.c
   openldap/vendor/openldap-release/libraries/libldap/charray.c
   openldap/vendor/openldap-release/libraries/libldap/compare.c
   openldap/vendor/openldap-release/libraries/libldap/controls.c
   openldap/vendor/openldap-release/libraries/libldap/cyrus.c
   openldap/vendor/openldap-release/libraries/libldap/dds.c
   openldap/vendor/openldap-release/libraries/libldap/delete.c
   openldap/vendor/openldap-release/libraries/libldap/dnssrv.c
   openldap/vendor/openldap-release/libraries/libldap/dntest.c
   openldap/vendor/openldap-release/libraries/libldap/error.c
   openldap/vendor/openldap-release/libraries/libldap/extended.c
   openldap/vendor/openldap-release/libraries/libldap/filter.c
   openldap/vendor/openldap-release/libraries/libldap/free.c
   openldap/vendor/openldap-release/libraries/libldap/ftest.c
   openldap/vendor/openldap-release/libraries/libldap/getattr.c
   openldap/vendor/openldap-release/libraries/libldap/getdn.c
   openldap/vendor/openldap-release/libraries/libldap/getentry.c
   openldap/vendor/openldap-release/libraries/libldap/getvalues.c
   openldap/vendor/openldap-release/libraries/libldap/init.c
   openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
   openldap/vendor/openldap-release/libraries/libldap/ldap_sync.c
   openldap/vendor/openldap-release/libraries/libldap/messages.c
   openldap/vendor/openldap-release/libraries/libldap/modify.c
   openldap/vendor/openldap-release/libraries/libldap/modrdn.c
   openldap/vendor/openldap-release/libraries/libldap/open.c
   openldap/vendor/openldap-release/libraries/libldap/options.c
   openldap/vendor/openldap-release/libraries/libldap/os-ip.c
   openldap/vendor/openldap-release/libraries/libldap/os-local.c
   openldap/vendor/openldap-release/libraries/libldap/pagectrl.c
   openldap/vendor/openldap-release/libraries/libldap/passwd.c
   openldap/vendor/openldap-release/libraries/libldap/ppolicy.c
   openldap/vendor/openldap-release/libraries/libldap/print.c
   openldap/vendor/openldap-release/libraries/libldap/references.c
   openldap/vendor/openldap-release/libraries/libldap/request.c
   openldap/vendor/openldap-release/libraries/libldap/result.c
   openldap/vendor/openldap-release/libraries/libldap/sasl.c
   openldap/vendor/openldap-release/libraries/libldap/sbind.c
   openldap/vendor/openldap-release/libraries/libldap/schema.c
   openldap/vendor/openldap-release/libraries/libldap/search.c
   openldap/vendor/openldap-release/libraries/libldap/sort.c
   openldap/vendor/openldap-release/libraries/libldap/sortctrl.c
   openldap/vendor/openldap-release/libraries/libldap/stctrl.c
   openldap/vendor/openldap-release/libraries/libldap/string.c
   openldap/vendor/openldap-release/libraries/libldap/t61.c
   openldap/vendor/openldap-release/libraries/libldap/test.c
   openldap/vendor/openldap-release/libraries/libldap/turn.c
   openldap/vendor/openldap-release/libraries/libldap/txn.c
   openldap/vendor/openldap-release/libraries/libldap/unbind.c
   openldap/vendor/openldap-release/libraries/libldap/url.c
   openldap/vendor/openldap-release/libraries/libldap/urltest.c
   openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c
   openldap/vendor/openldap-release/libraries/libldap/utf-8.c
   openldap/vendor/openldap-release/libraries/libldap/util-int.c
   openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c
   openldap/vendor/openldap-release/libraries/libldap/whoami.c
   openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in
   openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h
   openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c
   openldap/vendor/openldap-release/libraries/libldap_r/rmutex.c
   openldap/vendor/openldap-release/libraries/libldap_r/rq.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
   openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c
   openldap/vendor/openldap-release/libraries/libldap_r/threads.c
   openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
   openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c
   openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h
   openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c
   openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c
   openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h
   openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c
   openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c
   openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h
   openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c
   openldap/vendor/openldap-release/libraries/liblutil/Makefile.in
   openldap/vendor/openldap-release/libraries/liblutil/avl.c
   openldap/vendor/openldap-release/libraries/liblutil/base64.c
   openldap/vendor/openldap-release/libraries/liblutil/csn.c
   openldap/vendor/openldap-release/libraries/liblutil/detach.c
   openldap/vendor/openldap-release/libraries/liblutil/entropy.c
   openldap/vendor/openldap-release/libraries/liblutil/fetch.c
   openldap/vendor/openldap-release/libraries/liblutil/getopt.c
   openldap/vendor/openldap-release/libraries/liblutil/getpass.c
   openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
   openldap/vendor/openldap-release/libraries/liblutil/hash.c
   openldap/vendor/openldap-release/libraries/liblutil/ldif.c
   openldap/vendor/openldap-release/libraries/liblutil/lockf.c
   openldap/vendor/openldap-release/libraries/liblutil/md5.c
   openldap/vendor/openldap-release/libraries/liblutil/memcmp.c
   openldap/vendor/openldap-release/libraries/liblutil/ntservice.c
   openldap/vendor/openldap-release/libraries/liblutil/passfile.c
   openldap/vendor/openldap-release/libraries/liblutil/passwd.c
   openldap/vendor/openldap-release/libraries/liblutil/ptest.c
   openldap/vendor/openldap-release/libraries/liblutil/sasl.c
   openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c
   openldap/vendor/openldap-release/libraries/liblutil/sha1.c
   openldap/vendor/openldap-release/libraries/liblutil/signal.c
   openldap/vendor/openldap-release/libraries/liblutil/sockpair.c
   openldap/vendor/openldap-release/libraries/liblutil/tavl.c
   openldap/vendor/openldap-release/libraries/liblutil/testavl.c
   openldap/vendor/openldap-release/libraries/liblutil/testtavl.c
   openldap/vendor/openldap-release/libraries/liblutil/utils.c
   openldap/vendor/openldap-release/libraries/liblutil/uuid.c
   openldap/vendor/openldap-release/libraries/librewrite/Makefile.in
   openldap/vendor/openldap-release/libraries/librewrite/config.c
   openldap/vendor/openldap-release/libraries/librewrite/context.c
   openldap/vendor/openldap-release/libraries/librewrite/info.c
   openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c
   openldap/vendor/openldap-release/libraries/librewrite/map.c
   openldap/vendor/openldap-release/libraries/librewrite/params.c
   openldap/vendor/openldap-release/libraries/librewrite/parse.c
   openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
   openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h
   openldap/vendor/openldap-release/libraries/librewrite/rewrite.c
   openldap/vendor/openldap-release/libraries/librewrite/rule.c
   openldap/vendor/openldap-release/libraries/librewrite/session.c
   openldap/vendor/openldap-release/libraries/librewrite/subst.c
   openldap/vendor/openldap-release/libraries/librewrite/var.c
   openldap/vendor/openldap-release/libraries/librewrite/xmap.c
   openldap/vendor/openldap-release/servers/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/abandon.c
   openldap/vendor/openldap-release/servers/slapd/aci.c
   openldap/vendor/openldap-release/servers/slapd/acl.c
   openldap/vendor/openldap-release/servers/slapd/aclparse.c
   openldap/vendor/openldap-release/servers/slapd/ad.c
   openldap/vendor/openldap-release/servers/slapd/add.c
   openldap/vendor/openldap-release/servers/slapd/alock.c
   openldap/vendor/openldap-release/servers/slapd/alock.h
   openldap/vendor/openldap-release/servers/slapd/at.c
   openldap/vendor/openldap-release/servers/slapd/attr.c
   openldap/vendor/openldap-release/servers/slapd/ava.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
   openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h
   openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/monitor.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
   openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c
   openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c
   openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c
   openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h
   openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
   openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/distproc.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/monitor.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h
   openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
   openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-meta/add.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h
   openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/config.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/init.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/map.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h
   openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c
   openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h
   openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h
   openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c
   openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c
   openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-null/null.c
   openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h
   openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c
   openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c
   openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h
   openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm
   openldap/vendor/openldap-release/servers/slapd/back-perl/add.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h
   openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/config.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h
   openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h
   openldap/vendor/openldap-release/servers/slapd/back-perl/search.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h
   openldap/vendor/openldap-release/servers/slapd/back-relay/init.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
   openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h
   openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-shell/add.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/config.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/init.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h
   openldap/vendor/openldap-release/servers/slapd/back-shell/result.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/search.c
   openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf
   openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh
   openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h
   openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-sock/add.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/back-sock.h
   openldap/vendor/openldap-release/servers/slapd/back-sock/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/config.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/init.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/opensock.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/proto-sock.h
   openldap/vendor/openldap-release/servers/slapd/back-sock/result.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/search.c
   openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.conf
   openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.pl
   openldap/vendor/openldap-release/servers/slapd/back-sock/unbind.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/back-sql/add.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/api.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h
   openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
   openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
   openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
   openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
   openldap/vendor/openldap-release/servers/slapd/back-sql/util.c
   openldap/vendor/openldap-release/servers/slapd/backend.c
   openldap/vendor/openldap-release/servers/slapd/backglue.c
   openldap/vendor/openldap-release/servers/slapd/backover.c
   openldap/vendor/openldap-release/servers/slapd/bconfig.c
   openldap/vendor/openldap-release/servers/slapd/bind.c
   openldap/vendor/openldap-release/servers/slapd/cancel.c
   openldap/vendor/openldap-release/servers/slapd/ch_malloc.c
   openldap/vendor/openldap-release/servers/slapd/compare.c
   openldap/vendor/openldap-release/servers/slapd/component.c
   openldap/vendor/openldap-release/servers/slapd/component.h
   openldap/vendor/openldap-release/servers/slapd/config.c
   openldap/vendor/openldap-release/servers/slapd/config.h
   openldap/vendor/openldap-release/servers/slapd/connection.c
   openldap/vendor/openldap-release/servers/slapd/controls.c
   openldap/vendor/openldap-release/servers/slapd/cr.c
   openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
   openldap/vendor/openldap-release/servers/slapd/daemon.c
   openldap/vendor/openldap-release/servers/slapd/delete.c
   openldap/vendor/openldap-release/servers/slapd/dn.c
   openldap/vendor/openldap-release/servers/slapd/entry.c
   openldap/vendor/openldap-release/servers/slapd/extended.c
   openldap/vendor/openldap-release/servers/slapd/filter.c
   openldap/vendor/openldap-release/servers/slapd/filterentry.c
   openldap/vendor/openldap-release/servers/slapd/frontend.c
   openldap/vendor/openldap-release/servers/slapd/globals.c
   openldap/vendor/openldap-release/servers/slapd/index.c
   openldap/vendor/openldap-release/servers/slapd/init.c
   openldap/vendor/openldap-release/servers/slapd/ldapsync.c
   openldap/vendor/openldap-release/servers/slapd/limits.c
   openldap/vendor/openldap-release/servers/slapd/lock.c
   openldap/vendor/openldap-release/servers/slapd/main.c
   openldap/vendor/openldap-release/servers/slapd/matchedValues.c
   openldap/vendor/openldap-release/servers/slapd/modify.c
   openldap/vendor/openldap-release/servers/slapd/modrdn.c
   openldap/vendor/openldap-release/servers/slapd/mods.c
   openldap/vendor/openldap-release/servers/slapd/module.c
   openldap/vendor/openldap-release/servers/slapd/mr.c
   openldap/vendor/openldap-release/servers/slapd/mra.c
   openldap/vendor/openldap-release/servers/slapd/nt_svc.c
   openldap/vendor/openldap-release/servers/slapd/oc.c
   openldap/vendor/openldap-release/servers/slapd/oidm.c
   openldap/vendor/openldap-release/servers/slapd/operation.c
   openldap/vendor/openldap-release/servers/slapd/operational.c
   openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
   openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c
   openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
   openldap/vendor/openldap-release/servers/slapd/overlays/constraint.c
   openldap/vendor/openldap-release/servers/slapd/overlays/dds.c
   openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c
   openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
   openldap/vendor/openldap-release/servers/slapd/overlays/memberof.c
   openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c
   openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
   openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
   openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
   openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
   openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c
   openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c
   openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c
   openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
   openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
   openldap/vendor/openldap-release/servers/slapd/overlays/unique.c
   openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c
   openldap/vendor/openldap-release/servers/slapd/passwd.c
   openldap/vendor/openldap-release/servers/slapd/phonetic.c
   openldap/vendor/openldap-release/servers/slapd/proto-slap.h
   openldap/vendor/openldap-release/servers/slapd/referral.c
   openldap/vendor/openldap-release/servers/slapd/result.c
   openldap/vendor/openldap-release/servers/slapd/root_dse.c
   openldap/vendor/openldap-release/servers/slapd/sasl.c
   openldap/vendor/openldap-release/servers/slapd/saslauthz.c
   openldap/vendor/openldap-release/servers/slapd/schema.c
   openldap/vendor/openldap-release/servers/slapd/schema/README
   openldap/vendor/openldap-release/servers/slapd/schema/cosine.ldif
   openldap/vendor/openldap-release/servers/slapd/schema/duaconf.schema
   openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema
   openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.ldif
   openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema
   openldap/vendor/openldap-release/servers/slapd/schema/misc.schema
   openldap/vendor/openldap-release/servers/slapd/schema/nadf.schema
   openldap/vendor/openldap-release/servers/slapd/schema/nis.ldif
   openldap/vendor/openldap-release/servers/slapd/schema/nis.schema
   openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif
   openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema
   openldap/vendor/openldap-release/servers/slapd/schema_check.c
   openldap/vendor/openldap-release/servers/slapd/schema_init.c
   openldap/vendor/openldap-release/servers/slapd/schema_prep.c
   openldap/vendor/openldap-release/servers/slapd/schemaparse.c
   openldap/vendor/openldap-release/servers/slapd/search.c
   openldap/vendor/openldap-release/servers/slapd/sets.c
   openldap/vendor/openldap-release/servers/slapd/sets.h
   openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c
   openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c
   openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h
   openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
   openldap/vendor/openldap-release/servers/slapd/slap.h
   openldap/vendor/openldap-release/servers/slapd/slapacl.c
   openldap/vendor/openldap-release/servers/slapd/slapadd.c
   openldap/vendor/openldap-release/servers/slapd/slapauth.c
   openldap/vendor/openldap-release/servers/slapd/slapcat.c
   openldap/vendor/openldap-release/servers/slapd/slapcommon.c
   openldap/vendor/openldap-release/servers/slapd/slapcommon.h
   openldap/vendor/openldap-release/servers/slapd/slapdn.c
   openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in
   openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c
   openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c
   openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c
   openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
   openldap/vendor/openldap-release/servers/slapd/slapindex.c
   openldap/vendor/openldap-release/servers/slapd/slappasswd.c
   openldap/vendor/openldap-release/servers/slapd/slaptest.c
   openldap/vendor/openldap-release/servers/slapd/starttls.c
   openldap/vendor/openldap-release/servers/slapd/str2filter.c
   openldap/vendor/openldap-release/servers/slapd/syncrepl.c
   openldap/vendor/openldap-release/servers/slapd/syntax.c
   openldap/vendor/openldap-release/servers/slapd/txn.c
   openldap/vendor/openldap-release/servers/slapd/unbind.c
   openldap/vendor/openldap-release/servers/slapd/user.c
   openldap/vendor/openldap-release/servers/slapd/value.c
   openldap/vendor/openldap-release/servers/slapd/zn_malloc.c
   openldap/vendor/openldap-release/tests/Makefile.in
   openldap/vendor/openldap-release/tests/data/ditcontentrules.conf
   openldap/vendor/openldap-release/tests/data/dn.out
   openldap/vendor/openldap-release/tests/data/dynlist.out
   openldap/vendor/openldap-release/tests/data/memberof.out
   openldap/vendor/openldap-release/tests/data/meta.out
   openldap/vendor/openldap-release/tests/data/metaconcurrency.out
   openldap/vendor/openldap-release/tests/data/regressions/its4184/its4184
   openldap/vendor/openldap-release/tests/data/regressions/its4326/its4326
   openldap/vendor/openldap-release/tests/data/regressions/its4326/slapd.conf
   openldap/vendor/openldap-release/tests/data/regressions/its4336/its4336
   openldap/vendor/openldap-release/tests/data/regressions/its4336/slapd.conf
   openldap/vendor/openldap-release/tests/data/regressions/its4337/its4337
   openldap/vendor/openldap-release/tests/data/regressions/its4337/slapd.conf
   openldap/vendor/openldap-release/tests/data/regressions/its4448/its4448
   openldap/vendor/openldap-release/tests/data/regressions/its4448/slapd-meta.conf
   openldap/vendor/openldap-release/tests/data/retcode.conf
   openldap/vendor/openldap-release/tests/data/slapd-2db.conf
   openldap/vendor/openldap-release/tests/data/slapd-aci.conf
   openldap/vendor/openldap-release/tests/data/slapd-acl.conf
   openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-chain1.conf
   openldap/vendor/openldap-release/tests/data/slapd-chain2.conf
   openldap/vendor/openldap-release/tests/data/slapd-component.conf
   openldap/vendor/openldap-release/tests/data/slapd-config-undo.conf
   openldap/vendor/openldap-release/tests/data/slapd-dds.conf
   openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf
   openldap/vendor/openldap-release/tests/data/slapd-dn.conf
   openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf
   openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf
   openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
   openldap/vendor/openldap-release/tests/data/slapd-glue.conf
   openldap/vendor/openldap-release/tests/data/slapd-idassert.conf
   openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf
   openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf
   openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf
   openldap/vendor/openldap-release/tests/data/slapd-limits.conf
   openldap/vendor/openldap-release/tests/data/slapd-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-meta-target1.conf
   openldap/vendor/openldap-release/tests/data/slapd-meta-target2.conf
   openldap/vendor/openldap-release/tests/data/slapd-meta.conf
   openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-passwd.conf
   openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
   openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf
   openldap/vendor/openldap-release/tests/data/slapd-pw.conf
   openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf
   openldap/vendor/openldap-release/tests/data/slapd-referrals.conf
   openldap/vendor/openldap-release/tests/data/slapd-refint.conf
   openldap/vendor/openldap-release/tests/data/slapd-relay.conf
   openldap/vendor/openldap-release/tests/data/slapd-repl-slave-remote.conf
   openldap/vendor/openldap-release/tests/data/slapd-retcode.conf
   openldap/vendor/openldap-release/tests/data/slapd-schema.conf
   openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-sql.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist2.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
   openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf
   openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf
   openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf
   openldap/vendor/openldap-release/tests/data/slapd-unique.conf
   openldap/vendor/openldap-release/tests/data/slapd-valsort.conf
   openldap/vendor/openldap-release/tests/data/slapd-whoami.conf
   openldap/vendor/openldap-release/tests/data/slapd.conf
   openldap/vendor/openldap-release/tests/data/slapd2.conf
   openldap/vendor/openldap-release/tests/data/test-dn.ldif
   openldap/vendor/openldap-release/tests/data/test-meta.ldif
   openldap/vendor/openldap-release/tests/data/test-ordered-nocp.ldif
   openldap/vendor/openldap-release/tests/data/test.schema
   openldap/vendor/openldap-release/tests/progs/Makefile.in
   openldap/vendor/openldap-release/tests/progs/slapd-addel.c
   openldap/vendor/openldap-release/tests/progs/slapd-bind.c
   openldap/vendor/openldap-release/tests/progs/slapd-common.c
   openldap/vendor/openldap-release/tests/progs/slapd-common.h
   openldap/vendor/openldap-release/tests/progs/slapd-modify.c
   openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
   openldap/vendor/openldap-release/tests/progs/slapd-read.c
   openldap/vendor/openldap-release/tests/progs/slapd-search.c
   openldap/vendor/openldap-release/tests/progs/slapd-tester.c
   openldap/vendor/openldap-release/tests/run.in
   openldap/vendor/openldap-release/tests/scripts/acfilter.sh
   openldap/vendor/openldap-release/tests/scripts/all
   openldap/vendor/openldap-release/tests/scripts/conf.sh
   openldap/vendor/openldap-release/tests/scripts/defines.sh
   openldap/vendor/openldap-release/tests/scripts/its-all
   openldap/vendor/openldap-release/tests/scripts/passwd-search
   openldap/vendor/openldap-release/tests/scripts/relay
   openldap/vendor/openldap-release/tests/scripts/sql-all
   openldap/vendor/openldap-release/tests/scripts/sql-test000-read
   openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency
   openldap/vendor/openldap-release/tests/scripts/sql-test900-write
   openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl
   openldap/vendor/openldap-release/tests/scripts/start-server
   openldap/vendor/openldap-release/tests/scripts/start-server-nolog
   openldap/vendor/openldap-release/tests/scripts/start-server2
   openldap/vendor/openldap-release/tests/scripts/start-server2-nolog
   openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh
   openldap/vendor/openldap-release/tests/scripts/test000-rootdse
   openldap/vendor/openldap-release/tests/scripts/test001-slapadd
   openldap/vendor/openldap-release/tests/scripts/test002-populate
   openldap/vendor/openldap-release/tests/scripts/test003-search
   openldap/vendor/openldap-release/tests/scripts/test004-modify
   openldap/vendor/openldap-release/tests/scripts/test005-modrdn
   openldap/vendor/openldap-release/tests/scripts/test006-acls
   openldap/vendor/openldap-release/tests/scripts/test008-concurrency
   openldap/vendor/openldap-release/tests/scripts/test009-referral
   openldap/vendor/openldap-release/tests/scripts/test010-passwd
   openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd
   openldap/vendor/openldap-release/tests/scripts/test012-glue-populate
   openldap/vendor/openldap-release/tests/scripts/test013-language
   openldap/vendor/openldap-release/tests/scripts/test014-whoami
   openldap/vendor/openldap-release/tests/scripts/test015-xsearch
   openldap/vendor/openldap-release/tests/scripts/test016-subref
   openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
   openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
   openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
   openldap/vendor/openldap-release/tests/scripts/test020-proxycache
   openldap/vendor/openldap-release/tests/scripts/test021-certificate
   openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
   openldap/vendor/openldap-release/tests/scripts/test023-refint
   openldap/vendor/openldap-release/tests/scripts/test024-unique
   openldap/vendor/openldap-release/tests/scripts/test025-limits
   openldap/vendor/openldap-release/tests/scripts/test026-dn
   openldap/vendor/openldap-release/tests/scripts/test027-emptydn
   openldap/vendor/openldap-release/tests/scripts/test028-idassert
   openldap/vendor/openldap-release/tests/scripts/test029-ldapglue
   openldap/vendor/openldap-release/tests/scripts/test030-relay
   openldap/vendor/openldap-release/tests/scripts/test031-component-filter
   openldap/vendor/openldap-release/tests/scripts/test032-chain
   openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
   openldap/vendor/openldap-release/tests/scripts/test034-translucent
   openldap/vendor/openldap-release/tests/scripts/test035-meta
   openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency
   openldap/vendor/openldap-release/tests/scripts/test037-manage
   openldap/vendor/openldap-release/tests/scripts/test038-retcode
   openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency
   openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename
   openldap/vendor/openldap-release/tests/scripts/test041-aci
   openldap/vendor/openldap-release/tests/scripts/test042-valsort
   openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
   openldap/vendor/openldap-release/tests/scripts/test044-dynlist
   openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied
   openldap/vendor/openldap-release/tests/scripts/test046-dds
   openldap/vendor/openldap-release/tests/scripts/test047-ldap
   openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy
   openldap/vendor/openldap-release/tests/scripts/test049-sync-config
   openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster
   openldap/vendor/openldap-release/tests/scripts/test051-config-undo
   openldap/vendor/openldap-release/tests/scripts/test052-memberof
Log:
Load openldap_2.4.14.orig into openldap-release.

Modified: openldap/vendor/openldap-release/ANNOUNCEMENT
===================================================================
--- openldap/vendor/openldap-release/ANNOUNCEMENT	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/ANNOUNCEMENT	2009-02-17 16:18:54 UTC (rev 1195)
@@ -106,6 +106,6 @@
 ---
 OpenLDAP is a registered trademark of the OpenLDAP Foundation.
 
-Copyright 1999-2008 The OpenLDAP Foundation, Redwood City,
+Copyright 1999-2009 The OpenLDAP Foundation, Redwood City,
 California, USA.  All Rights Reserved.  Permission to copy and
 distribute verbatim copies of this document is granted.

Modified: openldap/vendor/openldap-release/CHANGES
===================================================================
--- openldap/vendor/openldap-release/CHANGES	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/CHANGES	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,258 @@
 OpenLDAP 2.4 Change Log
 
+OpenLDAP 2.4.14 Release (2009/02/14)
+	Added libldap option to disable SASL host canonicalization (ITS#5812)
+	Added libldap TLS_PROTOCOL_MIN (ITS#5655)
+	Added libldap GnuTLS support for TLS_CIPHER_SUITE (ITS#5887)
+	Added libldap GnuTLS setting random file (ITS#5462)
+	Added libldap alias dereferencing in C API (ITS#5916)
+	Fixed libldap chasing multiple referrals (ITS#5853)
+	Fixed libldap deref handling (ITS#5768)
+	Fixed libldap NULL pointer deref (ITS#5934)
+	Fixed libldap peer cert memory leak (ITS#5849)
+	Fixed libldap interaction with GnuTLS CN IP-based matches (ITS#5789)
+	Fixed libldap intermediate response behavior (ITS#5896)
+	Fixed libldap IPv6 address handling (ITS#5937)
+	Fixed libldap_r deref building (ITS#5768)
+	Fixed libldap_r slapd lockup when paused during shutdown (ITS#5841)
+	Added slapd syncrepl default retry setting (ITS#5825)
+	Added slapd val.regex expansion (ITS#5804)
+	Added slapd TLS_PROTOCOL_MIN (ITS#5655)
+	Added slapd slapi_pw_find (ITS#2615,ITS#4359)
+	Added slapd compatibility with MSAD ranged values (ITS#5927)
+	Fixed slapd bconfig to return error codes (ITS#5867)
+	Fixed slapd bconfig encoding incorrectly (ITS#5897)
+	Fixed slapd bconfig dangling pointers (ITS#5924)
+	Fixed slapd behavior with superior objectClasses (ITS#5517)
+	Fixed slapd connection assert (ITS#5835)
+	Fixed slapd epoll handling (ITS#5886)
+	Fixed slapd frontend/backend options handling (ITS#5857)
+	Fixed slapd glue with MMR (ITS#5925)
+	Fixed slapd logging on Windows (ITS#5392)
+	Fixed slapd listener comparison (ITS#5613)
+	Fixed slapd manageDSAit with glue entries (ITS#5921)
+	Fixed slapd syncrepl rename handling (ITS#5809)
+	Fixed slapd syncrepl MMR when adding new server (ITS#5850)
+	Fixed slapd syncrepl MMR with deleted entries (ITS#5843)
+	Fixed slapd syncrepl replication with glued DB (ITS#5866)
+	Fixed slapd syncrepl replication with moddn (ITS#5901)
+	Fixed slapd syncrepl replication with referrals (ITS#5881)
+	Fixed slapd syncrepl replication with config tree (ITS#5935)
+	Fixed slapd wake_sds close on Windows (ITS#5855)
+	Fixed slapd-bdb/hdb dncachesize handling (ITS#5860)
+	Fixed slapd-bdb/hdb RFC4528 control support (ITS#5861)
+	Fixed slapd-bdb/hdb trickle task usage (ITS#5864)
+	Fixed slapd-hdb idlcache with empty suffix (ITS#5859)
+	Fixed slapd-ldap idassert-bind validity checking (ITS#5863)
+	Fixed slapd-ldap/meta RFC4525 increment support (ITS#5912)
+	Fixed slapd-ldap/meta search dereferencing (ITS#5916)
+	Fixed slapd-ldap/meta with intermediate response (ITS#5931)
+	Fixed slapd-ldif numerous bugs (ITS#5408)
+	Fixed slapd-ldif rename on same DN (ITS#5319)
+	Fixed slapd-ldif deadlock (ITS#5329)
+	Fixed slapd-meta double response sending (ITS#5854)
+	Fixed slapd-meta alias deref for retry (ITS#5889)
+	Fixed slapd-relay recursion detection (ITS#5943)
+	Fixed slapd-sock descriptor leak (ITS#5939)
+	Fixed slapo-accesslog on glued dbs (ITS#5907)
+	Fixed slapo-dynlist handling of flags (ITS#5898)
+	Fixed slapo-memberof multiple instantiation (ITS#5903)
+	Fixed slapo-pcache filter sorting (ITS#5756)
+	Fixed slapo-ppolicy to not be global (ITS#5858)
+	Fixed slapo-rwm double free (ITS#5923)
+	Fixed slapo-rwm with back-config (ITS#5906)
+	Fixed slapo-rwm olcRwmRewrite modification (ITS#5940)
+	Added slapo-rwm newRDN rewriting (ITS#5834)
+	Added slapadd progress meter (ITS#5922)
+	Updated contrib/addpartial module (ITS#5764)
+	Added contrib/cloak module (ITS#5872)
+	Added contrib/smbk5pwd gcrypt support (ITS#5410)
+	Added contrib/passwd sha2 support (ITS#5660)
+	Build Environment
+		Fixed test006 appending to log file (ITS#5910)
+		Fixed test036,test039 behavior on error (ITS#5893)
+		Fixed test048 sed pathname substitution (ITS#5910)
+		Fixed test049,test050 to work on windows (ITS#5842)
+		Updated test017,test018,test019 to cover more cases (ITS#5883)
+		Removed patch for BerkeleyDB 4.7.25 (Official patch available)
+		Fixed MSVC 9.0 build issues (ITS#5888)
+		Fixed gss detection on Solaris (ITS#5846)
+		Fixed uuid_create/uuid_unparse_lower detection (ITS#5905)
+		Fixed liblutil tavl_delete to macroize constants (ITS#5909)
+	Documentation
+		admin24 added limits chapter (ITS#5818)
+		admin24 access-control clarify global ACLS (ITS#5851,ITS#5852)
+		admin24 search on nested naming contexts (ITS#5788)
+		admin24 consistent loglevel documentation (ITS#5904)
+		slapd-bdb/hdb expansion on dncachesize behavior (ITS#5721)
+		slapo-constraint(5) example fix (ITS#5895)
+		slap*(8) man pages should mention slapd-config (ITS#5828)
+		slapacl(8c) fix wording (ITS#5918)
+		slapd(8) document sid (ITS#5873)
+		slapd.access(5) clarify global ACLS (ITS#5851,ITS#5852)
+		slapadd/cat/index(8) note -n 0 for slapd-config (ITS#5891)
+		Added SEE ALSO slapd-config(5) to relevant man pages (ITS#5914)
+
+OpenLDAP 2.4.13 Release (2008/11/24)
+	Added libldap dereference control support (ITS#5768)
+	Fixed libldap parameter checking (ITS#5817)
+	Fixed liblutil hex conversion (ITS#5699)
+	Fixed liblutil returning undefined data (ITS#5748)
+	Fixed libldap error code return (ITS#5762)
+	Fixed libldap interaction with GnuTLS CN IP-based matches (ITS#5789)
+	Fixed libldap MAXHOSTNAMELEN typo (ITS#5815)
+	Fixed libldap Ipv6 detection (ITS#5739)
+	Fixed libldap setuid usage with .ldaprc (ITS#4750)
+	Fixed slapacl crasher (ITS#5820)
+	Fixed slapd acl checks on ADD (ITS#4556,ITS#5723)
+	Fixed slapd acl application to newly created backends (ITS#5572)
+	Fixed slapd #if/#elif issues in thread includes (ITS#5824)
+	Added slapd keyword add_content_acl for add checks (ITS#4556,ITS#5723)
+	Fixed slapd concurrent access to connections (ITS#5814)
+	Fixed slapd config backend olcLogFile support (ITS#5765)
+	Fixed slapd contextCSN pending list (ITS#5709)
+	Fixed slapd control criticality (ITS#5785)
+	Added slapd dn.this search limits (ITS#5734)
+	Fixed slapd error status on shutdown (ITS#5745)
+	Fixed slapd filter substring handling (ITS#5803)
+	Fixed slapd nameUIDPretty bitstring parsing (ITS#5750)
+	Fixed slapd null termination of password (ITS#5794)
+	Fixed slapd overlay/database open with real structure (ITS#5724)
+	Fixed slapd parsing of read entry control (ITS#5741)
+	Added slapd PMI schema (ITS#5695)
+	Added slapd private databases in global overlays (ITS#5735,ITS#5736)
+	Fixed slapd rdn generation when it isn't specified (ITS#5819)
+	Fixed slapd slapd.conf validation to LDIF (ITS#5755)
+	Fixed slapd startup scan for CSN (ITS#5640)
+	Fixed slapd statslog printing of released entry (ITS#5775)
+	Added slapd support for certificateListExactMatch (ITS#5700)
+	Fixed slapd syncrepl event loss (ITS#5710)
+	Fixed slapd syncrepl MOD of attrs with no EQ rule (ITS#5781)
+	Fixed slapd syncrepl rename handling (ITS#5809)
+	Fixed slapd syncrepl schema checking (ITS#5798)
+	Fixed slapd syncrepl filter leak (ITS#5826)
+	Fixed slapd undef promote (ITS#5783,ITS#5795)
+	Added slapd What failed? control (ITS#5784)
+	Fixed slapd-bdb/hdb invalid db crash (ITS#5698)
+	Added slapd-bdb/hdb dbpagesize keyword
+	Added slapd-bdb/hdb checksum keyword
+	Fixed slapd-bdb/hdb indexing of entryDN (ITS#5790)
+	Fixed slapd-bdb/hdb lookup of entryDN with equality (ITS#5791)
+	Fixed slapd-bdb/hdb uninitialized bli_flag
+	Fixed slapd-ldap snprintf buffer overflow test (ITS#4467)
+	Fixed slapd-ldap search stop on minor failure (ITS#5816)
+	Fixed slapd-ldif file rename on windows (ITS#5774)
+	Fixed slapd-null read controls support (ITS#5757)
+	Fixed slapd-sql value length with right index (ITS#5779)
+	Fixed slapo-chain/translucent back-config support (ITS#5736)
+	Fixed slapo-chain segv with search references (ITS#5742)
+	Fixed slapo-collect compile with C89 (ITS#5747)
+	Added slapo-constraint support for LDAP URI constraints (ITS#5704)
+	Added slapo-constraint support for constraining rename (ITS#5703)
+	Added slapo-constraint support for relax control (ITS#5705)
+	Added slapo-constraint "set" type (ITS#5702)
+	Fixed slapo-constraint filter parsing error (ITS#5751)
+	Added slapo-dynlist URI restriction ability (ITS#5761)
+	Fixed slapo-ppolicy unaligned BerElement (ITS#5770)
+	Fixed slapo-rwm objectClass preservation (ITS#5760)
+	Fixed slapo-rwm rewriting undefined filter (ITS#5731)
+	Fixed slapo-rwm rewritten DN-valued attrs (ITS#5772)
+	Fixed slapo-rwm reusing freed filter (ITS#5732)
+	Fixed slapo-rwm entry get (ITS#5773)
+	Fixed slapo-syncprov runqueue removal (ITS#5776)
+	Fixed slapo-syncprov unreplicatable ops (ITS#5709)
+	Fixed slapo-syncprov psearch leak (ITS#5827)
+	Added slapo-translucent try local bind when remote fails (ITS#5656)
+	Added slapo-translucent support for PasswordModify exop (ITS#5656)
+	Fixed tools simple bind without SASL (ITS#5753)
+	Fixed tools unaligned BerElement (ITS#5770)
+	Fixed contrib nssov crash on empty groups (ITS#5800)
+	Fixed contrib nssov crash with nssov-map (ITS#5801)
+	Fixed contrib nssov filter and search limits (ITS#5802)
+	Added contrib smbk5pwd honor principal expiration (ITS#5766)
+	Build Environment
+		Added ldapurl command
+		Added slapd GSSAPI refactoring (ITS#5369)
+		Added slapo-deref overlay (ITS#5768)
+	Documentation
+		admin24 added olcLimits to example (ITS#5746)
+		admin24 consolidated on whitespace (ITS#5759)
+		slapd.conf,config(5) subordinate/olcSubordinate keyword (ITS#5788)
+		slapd.conf(5) fixed disable keyword for limits (ITS#5821)
+		slapo-dds(5) manageDIT to relax (ITS#5780)
+		slapo-dds(5) rootdn requirement added (ITS#5811)
+		slapo-syncprov(5) sessionlog clarification (ITS#5806)
+
+OpenLDAP 2.4.12 Release (2008/10/12)
+	Fixed libldap ldap_utf8_strchar arguments (ITS#5720)
+	Fixed libldap TLS_CRLFILE (ITS#5677)
+	Fixed liblutil executables on Windows (ITS#5604)
+	Fixed liblutil microsecond overflows on Windows (ITS#5668)
+	Fixed librewrite memory handling (ITS#5691)
+	Fixed slapd aci performance (ITS#5636)
+	Fixed slapd aci's with sets (ITS#5627)
+	Fixed slapd attribute leak (ITS#5683)
+	Fixed slapd config backend with index greater than sibs (ITS#5684)
+	Fixed slapd custom attribute inheritance (ITS#5642)
+	Fixed slapd dynacl mask handling (ITS#5637)
+	Fixed slapd firstComponentMatch normalization (ITS#5634)
+	Added slapd caseIgnoreListMatch (ITS#5608)
+	Fixed slapd connection events enabled twice (ITS#5725)
+	Fixed slapd memory handling (ITS#5691)
+	Fixed slapd objectClass canonicalization (ITS#5681)
+	Fixed slapd objectClass termination (ITS#5682)
+	Fixed slapd overlay control registration (ITS#5649)
+	Fixed slapd runqueue checking (ITS#5726)
+	Fixed slapd spurious text output (ITS#5688)
+	Fixed slapd socket closing on Windows (ITS#5606)
+	Fixed slapd sortvals comparison (ITS#5578)
+	Added slapd substitute syntax support (ITS#5663)
+	Fixed slapd syncrepl contextCSN detection (ITS#5675)
+	Fixed slapd syncrepl error logging (ITS#5618)
+	Fixed slapd syncrepl runqueue interval (ITS#5719)
+	Fixed slapd-bdb entry return if attr not present (ITS#5650)
+	Fixed slapd-bdb olcDbMode syntax (ITS#5713)
+	Fixed slapd-bdb/hdb release search entries earlier (ITS#5728,ITS#5730)
+	Fixed slapd-bdb/hdb subtree search with empty suffix (ITS#5729)
+	Fixed slapd-dnssrv memory handling (ITS#5691)
+	Fixed slapd-ldap,slapd-meta invalid filter behavior (ITS#5614)
+	Fixed slapd-meta memory handling (ITS#5691)
+	Fixed slapd-meta objectClass filtering (ITS#5647)
+	Fixed slapd-meta quarantine behavior (ITS#5592)
+	Added slapd-ndb experimental backend
+	Fixed slapd-relay initialization (ITS#5643)
+	Fixed slapd-sql freeing of connection (ITS#5607)
+	Fixed slapd-sql fault on NULL fields (ITS#5653)
+	Fixed slapo-accesslog entryCSN generation on purge (ITS#5694)
+	Fixed slapo-constraint string termination (ITS#5609)
+	Fixed slapo-dynlist expansion with mapped attributes (ITS#5717)
+	Fixed slapo-memberof internal operations DN (ITS#5622)
+	Fixed slapo-pcache attrset crash (ITS#5665)
+	Fixed slapo-pcache caching with invalid schema (ITS#5680)
+	Fixed slapo-ppolicy control return on password modify exop (ITS#5711)
+	Fixed slapo-rwm callback cleanup (ITS#5601,ITS#5687)
+	Fixed slapo-rwm attr mapping and merging (ITS#5624)
+	Fixed slapo-rwm objectClass filtering (ITS#5647)
+	Fixed slapo-translucent back-config support (ITS#5689)
+	Fixed slapo-translucent filter usage on merged entries (ITS#5679)
+	Fixed slapo-unique filter validation (ITS#5581)
+	Fixed slapo-unique suffix testing (ITS#5641)
+	Build Environment
+		Fixed ODBC library detection (ITS#5602)
+		Removed pre-BerkeleyDB 4.4 support
+		Added BerkeleyDB 4.7 support (ITS#5523)
+		Included patch for BerkeleyDB 4.7.25 (build/db.4.7.25.patch)
+		Added slapo-collect overlay with enhancements(ITS#5659)
+	Documentation
+		Added slapd-ldap(5), slapd-meta(5) noundeffilter (ITS#5614)
+		Fixed slapd-ldap(5), slapd-meta(5), slapo-pcache(5) schema requirements (ITS#5680)
+		Added slapo-collect(5) man page (ITS#5706)
+		Added slapo-pcache(5) proxycheckcacheability option (ITS#5680)
+		Added slapo-retcode(5) retcode.conf location (ITS#5633)
+		admin24 dontusecopy control update (ITS#5718)
+		admin24 guide updates (ITS#5616)
+		admin24 octetString fix (ITS#5670)
+
 OpenLDAP 2.4.11 Release (2008/07/16)
 	Fixed liblber ber_get_next length decoding (ITS#5580)
 	Added libldap assertion control (ITS#5560)

Modified: openldap/vendor/openldap-release/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-release/COPYRIGHT	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/COPYRIGHT	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 1998-2008 The OpenLDAP Foundation
+Copyright 1998-2009 The OpenLDAP Foundation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -39,8 +39,8 @@
 Portions Copyright 1999-2008 Howard Y.H. Chu.
 Portions Copyright 1999-2008 Symas Corporation.
 Portions Copyright 1998-2003 Hallvard B. Furuseth.
-Portions Copyright 2008 Gavin Henry.
-Portions Copyright 2008 Suretec Systems.
+Portions Copyright 2008-2009 Gavin Henry.
+Portions Copyright 2008-2009 Suretec Systems Ltd.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/INSTALL
===================================================================
--- openldap/vendor/openldap-release/INSTALL	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/INSTALL	2009-02-17 16:18:54 UTC (rev 1195)
@@ -107,7 +107,7 @@
 
 This work is part of OpenLDAP Software <http://www.openldap.org/>.
 
-Copyright 1998-2008 The OpenLDAP Foundation.
+Copyright 1998-2009 The OpenLDAP Foundation.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Master Makefile for OpenLDAP
-# $OpenLDAP: pkg/ldap/Makefile.in,v 1.30.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/Makefile.in,v 1.30.2.4 2009/01/22 00:00:34 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/README
===================================================================
--- openldap/vendor/openldap-release/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -19,9 +19,10 @@
         POSIX REGEX software (required)
 
     SLAPD:
-        BDB and HDB backends require Oracle Berkeley DB 4.2, 4.4,
-        4.5, or 4.6.  It is highly recommended to apply the patches
-        from Oracle for a given release.
+        BDB and HDB backends require Oracle Berkeley DB 4.4, 4.5,
+        4.6, or 4.7.  It is highly recommended to apply the patches
+        from Oracle for a given release.  In addition, for BDB 4.7,
+        it is advised to also use the supplied build/db.4.7.25.patch.
 
     CLIENTS/CONTRIB ware:
         Depends on package.  See per package README.
@@ -74,11 +75,11 @@
     <http://www.openldap.org/its/> to be considered.
 
 ---
-$OpenLDAP: pkg/ldap/README,v 1.40.2.7 2008/02/11 23:26:37 kurt Exp $
+$OpenLDAP: pkg/ldap/README,v 1.40.2.10 2009/01/22 00:00:34 kurt Exp $
 
 This work is part of OpenLDAP Software <http://www.openldap.org/>.
 
-Copyright 1998-2008 The OpenLDAP Foundation.
+Copyright 1998-2009 The OpenLDAP Foundation.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/config.guess
===================================================================
--- openldap/vendor/openldap-release/build/config.guess	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/config.guess	2009-02-17 16:18:54 UTC (rev 1195)
@@ -4,7 +4,7 @@
 #   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
 
 timestamp='2003-07-02-OpenLDAP'
-# $OpenLDAP: pkg/ldap/build/config.guess,v 1.19.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/config.guess,v 1.19.2.4 2009/01/22 00:00:41 kurt Exp $
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -29,7 +29,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Portions Copyright 1998-2008 The OpenLDAP Foundation.
+## Portions Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/config.sub
===================================================================
--- openldap/vendor/openldap-release/build/config.sub	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/config.sub	2009-02-17 16:18:54 UTC (rev 1195)
@@ -4,7 +4,7 @@
 #   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
 
 timestamp='2003-07-04-OpenLDAP'
-# $OpenLDAP: pkg/ldap/build/config.sub,v 1.19.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/config.sub,v 1.19.2.4 2009/01/22 00:00:41 kurt Exp $
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -34,7 +34,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Portions Copyright 1998-2008 The OpenLDAP Foundation.
+## Portions Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Deleted: openldap/vendor/openldap-release/build/crupdate
===================================================================
--- openldap/vendor/openldap-release/build/crupdate	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/crupdate	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,22 +0,0 @@
-#! /bin/sh
-# $OpenLDAP: pkg/ldap/build/crupdate,v 1.7.2.3 2008/02/11 23:26:37 kurt Exp $
-## This work is part of OpenLDAP Software <http://www.openldap.org/>.
-##
-## Copyright 1998-2008 The OpenLDAP Foundation.
-## All rights reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted only as authorized by the OpenLDAP
-## Public License.
-##
-## A copy of this license is available in the file LICENSE in the
-## top-level directory of the distribution or, alternatively, at
-## <http://www.OpenLDAP.org/license.html>.
-#
-# Update copyright statements
-#
-
-set -e 		# exit immediately if any errors occur
-
-find . -type f -not -name 'LICENSE*' -print -exec perl -pi -e 's/Copyright ([0-9]{4})([,\-][0-9]{2,4})*,? The OpenLDAP Foundation/Copyright $1-2008 The OpenLDAP Foundation/g;' {} \;
-

Deleted: openldap/vendor/openldap-release/build/db.4.2.52.patch
===================================================================
--- openldap/vendor/openldap-release/build/db.4.2.52.patch	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/db.4.2.52.patch	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,55 +0,0 @@
-As posted to http://www.openldap.org/lists/openldap-devel/200610/msg00027.html
-
-This is Sleepycat bug #14908. The provided patch is for 4.2.52. The
-same bug is present in all versions up to 4.5.20 where it is fixed.
-
--------- Original Message --------
-Subject: region size bug Re: [BDB-Alpha] Berkeley DB 4.5.8 ALPHA
-Date: Mon, 10 Jul 2006 13:37:33 -0700
-From: Howard Chu <hyc at symas.com>
-To: support at sleepycat.com
-CC: support at symas.com
-References: <45A742B5-7DD5-4512-A204-A10FE8FC5DFC at oracle.com>
-
-
-I just ran into this in 4.2.52 but the same calculation occurs in 4.4
-and 4.5.8 alpha:
-
-This computation gives the wrong results when the number of cache
-regions is greater than the number of gigabytes (which we encounter on
-Linux using shared memory regions, which are constrained to much smaller
-than a gigabyte each).
-
-
-in mp/mp_region.c:
-
-
-   roff_t reg_size;
-
-
-   /* Figure out how big each cache region is. */
-   reg_size = (roff_t)(dbenv->mp_gbytes / dbenv->mp_ncache) * GIGABYTE;
-   reg_size += ((roff_t)(dbenv->mp_gbytes %
-       dbenv->mp_ncache) * GIGABYTE) / dbenv->mp_ncache;
-   reg_size += dbenv->mp_bytes / dbenv->mp_ncache;
-   *reg_sizep = reg_size;
-
-
-The first reg_size calculation always goes to zero when mp_ncache >
-mp_gbytes.
-This should have been, instead:
-   reg_size = GIGABYTE / dbenv->mp_ncache * dbenv->mp_gbytes;
-
---- mp/mp_region.c.O	2003-06-30 10:20:19.000000000 -0700
-+++ mp/mp_region.c	2006-10-27 23:25:05.000000000 -0700
-@@ -43,9 +43,7 @@
- 	int htab_buckets, ret;
- 
- 	/* Figure out how big each cache region is. */
--	reg_size = (dbenv->mp_gbytes / dbenv->mp_ncache) * GIGABYTE;
--	reg_size += ((dbenv->mp_gbytes %
--	    dbenv->mp_ncache) * GIGABYTE) / dbenv->mp_ncache;
-+	reg_size = GIGABYTE / dbenv->mp_ncache * dbenv->mp_gbytes;
- 	reg_size += dbenv->mp_bytes / dbenv->mp_ncache;
- 
- 	/*

Modified: openldap/vendor/openldap-release/build/dir.mk
===================================================================
--- openldap/vendor/openldap-release/build/dir.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/dir.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/dir.mk,v 1.17.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/dir.mk,v 1.17.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/info.mk
===================================================================
--- openldap/vendor/openldap-release/build/info.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/info.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/info.mk,v 1.12.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/info.mk,v 1.12.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/lib-shared.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib-shared.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/lib-shared.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/lib-shared.mk,v 1.22.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib-shared.mk,v 1.22.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/lib-static.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib-static.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/lib-static.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/lib-static.mk,v 1.13.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib-static.mk,v 1.13.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/lib.mk
===================================================================
--- openldap/vendor/openldap-release/build/lib.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/lib.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.23.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/lib.mk,v 1.23.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/ltmain.sh
===================================================================
--- openldap/vendor/openldap-release/build/ltmain.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/ltmain.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -28,7 +28,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Portions Copyright 1998-2008 The OpenLDAP Foundation.
+## Portions Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/man.mk
===================================================================
--- openldap/vendor/openldap-release/build/man.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/man.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/man.mk,v 1.32.2.4 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/man.mk,v 1.32.2.5 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/missing
===================================================================
--- openldap/vendor/openldap-release/build/missing	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/missing	2009-02-17 16:18:54 UTC (rev 1195)
@@ -29,7 +29,7 @@
 # configuration script generated by Autoconf, and is distributable
 # under the same distributions terms as OpenLDAP itself.
 
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkdep
===================================================================
--- openldap/vendor/openldap-release/build/mkdep	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/mkdep	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh -
-# $OpenLDAP: pkg/ldap/build/mkdep,v 1.32.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mkdep,v 1.32.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkdep.aix
===================================================================
--- openldap/vendor/openldap-release/build/mkdep.aix	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/mkdep.aix	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkrelease
===================================================================
--- openldap/vendor/openldap-release/build/mkrelease	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/mkrelease	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/mkrelease,v 1.23.2.4 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mkrelease,v 1.23.2.5 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkvers.bat
===================================================================
--- openldap/vendor/openldap-release/build/mkvers.bat	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/mkvers.bat	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-:: $OpenLDAP: pkg/ldap/build/mkvers.bat,v 1.7.2.3 2008/02/11 23:26:37 kurt Exp $
+:: $OpenLDAP: pkg/ldap/build/mkvers.bat,v 1.7.2.4 2009/01/22 00:00:41 kurt Exp $
 :: This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ::
-:: Copyright 1998-2008 The OpenLDAP Foundation.
+:: Copyright 1998-2009 The OpenLDAP Foundation.
 :: All rights reserved.
 ::
 :: Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/mkversion
===================================================================
--- openldap/vendor/openldap-release/build/mkversion	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/mkversion	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,9 +1,9 @@
 #! /bin/sh
 # Create a version.c file
-# $OpenLDAP: pkg/ldap/build/mkversion,v 1.14.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mkversion,v 1.14.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -55,7 +55,7 @@
 cat << __EOF__
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -68,7 +68,7 @@
  */
 
 static const char copyright[] =
-"Copyright 1998-2008 The OpenLDAP Foundation.  All rights reserved.\n"
+"Copyright 1998-2009 The OpenLDAP Foundation.  All rights reserved.\n"
 "COPYING RESTRICTIONS APPLY\n";
 
 $static $const char $SYMBOL[] =

Modified: openldap/vendor/openldap-release/build/mod.mk
===================================================================
--- openldap/vendor/openldap-release/build/mod.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/mod.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/mod.mk,v 1.25.2.3 2008/02/11 23:26:37 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/mod.mk,v 1.25.2.4 2009/01/22 00:00:41 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/openldap.m4
===================================================================
--- openldap/vendor/openldap-release/build/openldap.m4	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/openldap.m4	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 dnl OpenLDAP Autoconf Macros
-dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.157.2.5 2008/02/11 23:26:37 kurt Exp $
+dnl $OpenLDAP: pkg/ldap/build/openldap.m4,v 1.157.2.9 2009/01/22 00:00:41 kurt Exp $
 dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
 dnl
-dnl Copyright 1998-2008 The OpenLDAP Foundation.
+dnl Copyright 1998-2009 The OpenLDAP Foundation.
 dnl All rights reserved.
 dnl
 dnl Redistribution and use in source and binary forms, with or without
@@ -120,6 +120,17 @@
 ])
 dnl
 dnl --------------------------------------------------------------------
+dnl Check for MSVC
+AC_DEFUN([OL_MSVC],
+[AC_REQUIRE_CPP()dnl
+AC_CACHE_CHECK([whether we are using MS Visual C++], ol_cv_msvc,
+[AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
+#ifndef _MSC_VER
+#include <__FOO__/generate_error.h>
+#endif
+]])],[ol_cv_msvc=yes],[ol_cv_msvc=no])])])
+
+dnl --------------------------------------------------------------------
 dnl OpenLDAP version of STDC header check w/ EBCDIC support
 AC_DEFUN([OL_HEADER_STDC],
 [AC_REQUIRE_CPP()dnl
@@ -288,24 +299,6 @@
 #define NULL ((void*)0)
 #endif
 ]], [[
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -325,209 +318,53 @@
 ])
 dnl
 dnl --------------------------------------------------------------------
-dnl Try to locate appropriate library
-AC_DEFUN([OL_BERKELEY_DB_LINK],
-[ol_cv_lib_db=no
-
-dnl Determine major version
-AC_CACHE_CHECK([for Berkeley DB major version], [ol_cv_bdb_major],[
-	ol_cv_bdb_major=0
-	if test $ol_cv_bdb_major = 0 ; then
-		AC_EGREP_CPP(__db_version, [
+dnl Get major and minor version from <db.h>
+AC_DEFUN([OL_BDB_HEADER_VERSION],
+[AC_CACHE_CHECK([for Berkeley DB major version in db.h], [ol_cv_bdb_major],[
+	AC_LANG_CONFTEST([
 #include <db.h>
 #ifndef DB_VERSION_MAJOR
 #	define DB_VERSION_MAJOR 1
 #endif
-#if DB_VERSION_MAJOR == 4
-__db_version
-#endif
-		], [ol_cv_bdb_major=4], [:])
-	fi
-	if test $ol_cv_bdb_major = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#if DB_VERSION_MAJOR == 3
-__db_version
-#endif
-		], [ol_cv_bdb_major=3], [:])
-	fi
-	if test $ol_cv_bdb_major = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#if DB_VERSION_MAJOR == 2
-__db_version
-#endif
-		], [ol_cv_bdb_major=2], [:])
-	fi
-	if test $ol_cv_bdb_major = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#if DB_VERSION_MAJOR == 1
-__db_version
-#endif
-		], [ol_cv_bdb_major=1], [:])
-	fi
-
-	if test $ol_cv_bdb_major = 0 ; then
-		AC_MSG_ERROR([Unknown Berkeley DB major version])
-	fi
+__db_version DB_VERSION_MAJOR
 ])
+	set X `eval "$ac_cpp conftest.$ac_ext" | $EGREP __db_version` none none
+	ol_cv_bdb_major=${3}
+])
+case $ol_cv_bdb_major in [[1-9]]*) : ;; *)
+	AC_MSG_ERROR([Unknown Berkeley DB major version in db.h]) ;;
+esac
 
 dnl Determine minor version
-AC_CACHE_CHECK([for Berkeley DB minor version], [ol_cv_bdb_minor],[
-	ol_cv_bdb_minor=0
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
+AC_CACHE_CHECK([for Berkeley DB minor version in db.h], [ol_cv_bdb_minor],[
+	AC_LANG_CONFTEST([
 #include <db.h>
 #ifndef DB_VERSION_MINOR
 #	define DB_VERSION_MINOR 0
 #endif
-#if DB_VERSION_MINOR == 9
-__db_version
-#endif
-		], [ol_cv_bdb_minor=9], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 8
-__db_version
-#endif
-		], [ol_cv_bdb_minor=8], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 7
-__db_version
-#endif
-		], [ol_cv_bdb_minor=7], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 6
-__db_version
-#endif
-		], [ol_cv_bdb_minor=6], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 5
-__db_version
-#endif
-		], [ol_cv_bdb_minor=5], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 4
-__db_version
-#endif
-		], [ol_cv_bdb_minor=4], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 3
-__db_version
-#endif
-		], [ol_cv_bdb_minor=3], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 2
-__db_version
-#endif
-		], [ol_cv_bdb_minor=2], [:])
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		AC_EGREP_CPP(__db_version, [
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 1
-__db_version
-#endif
-		], [ol_cv_bdb_minor=1], [:])
-	fi
+__db_version DB_VERSION_MINOR
 ])
+	set X `eval "$ac_cpp conftest.$ac_ext" | $EGREP __db_version` none none
+	ol_cv_bdb_minor=${3}
+])
+case $ol_cv_bdb_minor in [[0-9]]*) : ;; *)
+	AC_MSG_ERROR([Unknown Berkeley DB minor version in db.h]) ;;
+esac
+])
+dnl
+dnl --------------------------------------------------------------------
+dnl Try to locate appropriate library
+AC_DEFUN([OL_BERKELEY_DB_LINK],
+[ol_cv_lib_db=no
 
 if test $ol_cv_bdb_major = 4 ; then
-	if test $ol_cv_bdb_minor = 6 ; then
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_6,[-ldb-4.6])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db46,[-ldb46])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_46,[-ldb-46])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_6,[-ldb-4-6])
-	elif test $ol_cv_bdb_minor = 5 ; then
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_5,[-ldb-4.5])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db45,[-ldb45])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_45,[-ldb-45])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_5,[-ldb-4-5])
-	elif test $ol_cv_bdb_minor = 4 ; then
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_4,[-ldb-4.4])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db44,[-ldb44])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_44,[-ldb-44])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_4,[-ldb-4-4])
-	elif test $ol_cv_bdb_minor = 3 ; then
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_3,[-ldb-4.3])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db43,[-ldb43])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_43,[-ldb-43])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_3,[-ldb-4-3])
-	elif test $ol_cv_bdb_minor = 2 ; then
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_2,[-ldb-4.2])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db42,[-ldb42])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_42,[-ldb-42])
-		OL_BERKELEY_DB_TRY(ol_cv_db_db_4_2,[-ldb-4-2])
-	fi
+	OL_BERKELEY_DB_TRY(ol_cv_db_db_4_dot_m,[-ldb-4.$ol_cv_bdb_minor])
+	OL_BERKELEY_DB_TRY(ol_cv_db_db4m,[-ldb4$ol_cv_bdb_minor])
+	OL_BERKELEY_DB_TRY(ol_cv_db_db_4m,[-ldb-4$ol_cv_bdb_minor])
+	OL_BERKELEY_DB_TRY(ol_cv_db_db_4_m,[-ldb-4-$ol_cv_bdb_minor])
 	OL_BERKELEY_DB_TRY(ol_cv_db_db_4,[-ldb-4])
 	OL_BERKELEY_DB_TRY(ol_cv_db_db4,[-ldb4])
 	OL_BERKELEY_DB_TRY(ol_cv_db_db,[-ldb])
-
-elif test $ol_cv_bdb_major = 3 ; then
-	OL_BERKELEY_DB_TRY(ol_cv_db_db3,[-ldb3])
-	OL_BERKELEY_DB_TRY(ol_cv_db_db_3,[-ldb-3])
-
-elif test $ol_cv_bdb_major = 2 ; then
-	OL_BERKELEY_DB_TRY(ol_cv_db_db2,[-ldb2])
-	OL_BERKELEY_DB_TRY(ol_cv_db_db_2,[-ldb-2])
-
-elif test $ol_cv_bdb_major = 1 ; then
-	OL_BERKELEY_DB_TRY(ol_cv_db_db1,[-ldb1])
-	OL_BERKELEY_DB_TRY(ol_cv_db_db_1,[-ldb-1])
 fi
 OL_BERKELEY_DB_TRY(ol_cv_db_none)
 ])
@@ -535,7 +372,7 @@
 dnl --------------------------------------------------------------------
 dnl Check if Berkeley DB version
 AC_DEFUN([OL_BERKELEY_DB_VERSION],
-[AC_CACHE_CHECK([for Berkeley DB version match], [ol_cv_berkeley_db_version], [
+[AC_CACHE_CHECK([for Berkeley DB library and header version match], [ol_cv_berkeley_db_version], [
 	ol_LIBS="$LIBS"
 	LIBS="$LTHREAD_LIBS $LIBS"
 	if test $ol_cv_lib_db != yes ; then
@@ -674,6 +511,13 @@
 [ol_cv_berkeley_db=no
 AC_CHECK_HEADERS(db.h)
 if test $ac_cv_header_db_h = yes; then
+	OL_BDB_HEADER_VERSION
+	OL_BDB_COMPAT
+
+	if test $ol_cv_bdb_compat != yes ; then
+		AC_MSG_ERROR([BerkeleyDB version incompatible with BDB/HDB backends])
+	fi
+
 	OL_BERKELEY_DB_LINK
 	if test "$ol_cv_lib_db" != no ; then
 		ol_cv_berkeley_db=yes
@@ -685,7 +529,7 @@
 dnl --------------------------------------------------------------------
 dnl Check for version compatility with back-bdb
 AC_DEFUN([OL_BDB_COMPAT],
-[AC_CACHE_CHECK([Berkeley DB version for BDB/HDB backends], [ol_cv_bdb_compat],[
+[AC_CACHE_CHECK([if Berkeley DB version supported by BDB/HDB backends], [ol_cv_bdb_compat],[
 	AC_EGREP_CPP(__db_version_compat,[
 #include <db.h>
 
@@ -697,44 +541,15 @@
 #	define DB_VERSION_MINOR 0
 #endif
 
-/* require 4.2 or later, but exclude 4.3 */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR !=3)
+#define DB_VERSION_MM	((DB_VERSION_MAJOR<<8)|DB_VERSION_MINOR)
+
+/* require 4.4 or later */
+#if DB_VERSION_MM >= 0x0404
 	__db_version_compat
 #endif
 	], [ol_cv_bdb_compat=yes], [ol_cv_bdb_compat=no])])
 ])
 
-dnl --------------------------------------------------------------------
-dnl Find old Berkeley DB 1.85/1.86
-AC_DEFUN([OL_BERKELEY_COMPAT_DB],
-[AC_CHECK_HEADERS(db_185.h db.h)
-if test $ac_cv_header_db_185_h = yes || test $ac_cv_header_db_h = yes; then
-	AC_CACHE_CHECK([if Berkeley DB header compatibility], [ol_cv_header_db1],[
-		AC_EGREP_CPP(__db_version_1,[
-#if HAVE_DB_185_H
-#	include <db_185.h>
-#else
-#	include <db.h>
-#endif
-
- /* this check could be improved */
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-
-#if DB_VERSION_MAJOR == 1 
-	__db_version_1
-#endif
-],	[ol_cv_header_db1=yes], [ol_cv_header_db1=no])])
-
-	if test $ol_cv_header_db1 = yes ; then
-		OL_BERKELEY_DB_LINK
-		if test "$ol_cv_lib_db" != no ; then
-			ol_cv_berkeley_db=yes
-		fi
-	fi
-fi
-])
 dnl
 dnl ====================================================================
 dnl Check POSIX Thread version 
@@ -1106,7 +921,9 @@
 LIBS="-lfetch -lcom_err $LIBS"
 AC_CACHE_CHECK([fetch(3) library],ol_cv_lib_fetch,[
 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
+#endif
 #include <stdio.h>
 #include <fetch.h>]], [[struct url *u = fetchParseURL("file:///"); ]])],[ol_cv_lib_fetch=yes],[ol_cv_lib_fetch=no])])
 LIBS=$ol_LIBS

Modified: openldap/vendor/openldap-release/build/rules.mk
===================================================================
--- openldap/vendor/openldap-release/build/rules.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/rules.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/rules.mk,v 1.15.2.3 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/rules.mk,v 1.15.2.4 2009/01/22 00:00:42 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/srv.mk
===================================================================
--- openldap/vendor/openldap-release/build/srv.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/srv.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/srv.mk,v 1.18.2.3 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/srv.mk,v 1.18.2.4 2009/01/22 00:00:42 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/top.mk
===================================================================
--- openldap/vendor/openldap-release/build/top.mk	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/top.mk	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/build/top.mk,v 1.103.2.5 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/top.mk,v 1.103.2.9 2009/01/26 21:24:56 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -32,6 +32,7 @@
 ldap_subdir = @ldap_subdir@
 
 bindir = @bindir@
+datarootdir = @datarootdir@
 datadir = @datadir@$(ldap_subdir)
 includedir = @includedir@
 infodir = @infodir@
@@ -159,6 +160,7 @@
 LTHREAD_LIBS = @LTHREAD_LIBS@
 
 BDB_LIBS = @BDB_LIBS@
+SLAPD_NDB_LIBS = @SLAPD_NDB_LIBS@
 
 LDAP_LIBLBER_LA = $(LDAP_LIBDIR)/liblber/liblber.la
 LDAP_LIBLDAP_LA = $(LDAP_LIBDIR)/libldap/libldap.la
@@ -185,9 +187,10 @@
 KRB5_LIBS = @KRB5_LIBS@
 KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
 SASL_LIBS = @SASL_LIBS@
+GSSAPI_LIBS = @GSSAPI_LIBS@
 TLS_LIBS = @TLS_LIBS@
 AUTH_LIBS = @AUTH_LIBS@
-SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
+SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(GSSAPI_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
 ICU_LIBS = @ICU_LIBS@
 
 MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@

Modified: openldap/vendor/openldap-release/build/version.h
===================================================================
--- openldap/vendor/openldap-release/build/version.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/version.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -13,6 +13,6 @@
  */
 
 static const char copyright[] =
-"Copyright 1998-2008 The OpenLDAP Foundation.  All rights reserved.\n"
+"Copyright 1998-2009 The OpenLDAP Foundation.  All rights reserved.\n"
 "COPYING RESTRICTIONS APPLY.\n";
 

Modified: openldap/vendor/openldap-release/build/version.sh
===================================================================
--- openldap/vendor/openldap-release/build/version.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/version.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.sh,v 1.16.2.3 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/version.sh,v 1.16.2.4 2009/01/22 00:00:42 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/build/version.var
===================================================================
--- openldap/vendor/openldap-release/build/version.var	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/build/version.var	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.37 2008/07/16 22:12:19 kurt Exp $
+# $OpenLDAP: pkg/ldap/build/version.var,v 1.9.2.47 2009/02/14 01:07:15 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -15,9 +15,9 @@
 ol_package=OpenLDAP
 ol_major=2
 ol_minor=4
-ol_patch=11
-ol_api_inc=20411
-ol_api_current=3
+ol_patch=14
+ol_api_inc=20414
+ol_api_current=6
 ol_api_revision=0
-ol_api_age=1
-ol_release_date="2008/07/16"
+ol_api_age=4
+ol_release_date="2009/02/14"

Modified: openldap/vendor/openldap-release/clients/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/clients/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Clients Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/clients/Makefile.in,v 1.17.2.3 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/clients/Makefile.in,v 1.17.2.4 2009/01/22 00:00:42 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/clients/tools/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/clients/tools/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile for LDAP tools
-# $OpenLDAP: pkg/ldap/clients/tools/Makefile.in,v 1.45.2.3 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/clients/tools/Makefile.in,v 1.45.2.5 2009/01/22 00:00:42 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -15,10 +15,10 @@
 
 SRCS	= ldapsearch.c ldapmodify.c ldapdelete.c ldapmodrdn.c \
 		ldappasswd.c ldapwhoami.c ldapcompare.c \
-		ldapexop.c common.c
+		ldapexop.c ldapurl.c common.c
 OBJS	= ldapsearch.o ldapmodify.o ldapdelete.o ldapmodrdn.o \
 		ldappasswd.o ldapwhoami.o ldapcompare.o \
-		ldapexop.o common.o
+		ldapexop.o ldapurl.o common.o
 
 LDAP_INCDIR= ../../include       
 LDAP_LIBDIR= ../../libraries
@@ -29,10 +29,10 @@
 XXLIBS	= $(SECURITY_LIBS) $(LUTIL_LIBS)
 
 XSRCS	= ldsversion.c ldmversion.c lddversion.c ldrversion.c \
-	ldpversion.c ldwversion.c ldcversion.c ldeversion.c
+	ldpversion.c ldwversion.c ldcversion.c ldeversion.c lduversion.c
 
 PROGRAMS = ldapsearch ldapmodify ldapdelete ldapmodrdn \
-	ldappasswd ldapwhoami ldapcompare ldapexop
+	ldappasswd ldapwhoami ldapcompare ldapexop ldapurl
 
 
 ldapsearch:	ldsversion.o
@@ -59,6 +59,9 @@
 ldapexop: ldeversion.o
 	$(LTLINK) -o $@ ldapexop.o common.o ldeversion.o $(LIBS)
 
+ldapurl: lduversion.o
+	$(LTLINK) -o $@ ldapurl.o lduversion.o $(LIBS)
+
 ldsversion.c: Makefile
 	@-$(RM) $@
 	$(MKVERSION) $(MKVOPTS) ldapsearch > $@
@@ -107,6 +110,12 @@
 
 ldeversion.o: ldapexop.o common.o $(XLIBS)
 
+lduversion.c: Makefile
+	@-$(RM) $@
+	$(MKVERSION) $(MKVOPTS) ldapurl > $@
+
+lduversion.o: ldapurl.o $(XLIBS)
+
 install-local:	FORCE
 	-$(MKDIR) $(DESTDIR)$(bindir)
 	@(								\

Modified: openldap/vendor/openldap-release/clients/tools/common.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/common.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/common.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* common.c - common routines for the ldap client tools */
-/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.78.2.8 2008/07/09 00:29:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.c,v 1.78.2.19 2009/02/05 23:05:03 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
@@ -62,6 +62,7 @@
 int		debug = 0;
 char		*infile = NULL;
 int		dont = 0;
+int		nocanon = 0;
 int		referrals = 0;
 int		verbose = 0;
 int		ldif = 0;
@@ -134,6 +135,13 @@
 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
 static int print_ppolicy( LDAP *ld, LDAPControl *ctrl );
 #endif
+static int print_sss( LDAP *ld, LDAPControl *ctrl );
+#ifdef LDAP_CONTROL_X_DEREF
+static int print_deref( LDAP *ld, LDAPControl *ctrl );
+#endif
+#ifdef LDAP_CONTROL_X_WHATFAILED
+static int print_whatfailed( LDAP *ld, LDAPControl *ctrl );
+#endif
 
 static struct tool_ctrls_t {
 	const char	*oid;
@@ -146,6 +154,13 @@
 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
 	{ LDAP_CONTROL_PASSWORDPOLICYRESPONSE,		TOOL_ALL,	print_ppolicy },
 #endif
+	{ LDAP_CONTROL_SORTRESPONSE,	TOOL_SEARCH,	print_sss },
+#ifdef LDAP_CONTROL_X_DEREF
+	{ LDAP_CONTROL_X_DEREF,				TOOL_SEARCH,	print_deref },
+#endif
+#ifdef LDAP_CONTROL_X_WHATFAILED
+	{ LDAP_CONTROL_X_WHATFAILED,			TOOL_ALL,	print_whatfailed },
+#endif
 	{ NULL,						0,		NULL }
 };
 
@@ -235,6 +250,14 @@
 		pr_cookie.bv_val = NULL;
 		pr_cookie.bv_len = 0;
 	}
+
+	if ( binddn != NULL ) {
+		ber_memfree( binddn );
+	}
+
+	if ( passwd.bv_val != NULL ) {
+		ber_memfree( passwd.bv_val );
+	}
 }
 
 void
@@ -245,8 +268,8 @@
 N_("  -d level   set LDAP debugging level to `level'\n"),
 N_("  -D binddn  bind DN\n"),
 N_("  -e [!]<ext>[=<extparam>] general extensions (! indicates criticality)\n")
-N_("             [!]assert=<filter>     (a RFC 4515 Filter string)\n")
-N_("             [!]authzid=<authzid>   (\"dn:<dn>\" or \"u:<user>\")\n")
+N_("             [!]assert=<filter>     (RFC 4528; a RFC 4515 Filter string)\n")
+N_("             [!]authzid=<authzid>   (RFC 4370; \"dn:<dn>\" or \"u:<user>\")\n")
 #ifdef LDAP_CONTROL_OBSOLETE_PROXY_AUTHZ
 #if 0
                  /* non-advertized support for proxyDN */
@@ -258,13 +281,13 @@
 N_("                     one of \"chainingPreferred\", \"chainingRequired\",\n")
 N_("                     \"referralsPreferred\", \"referralsRequired\"\n")
 #endif /* LDAP_CONTROL_X_CHAINING_BEHAVIOR */
-N_("             [!]manageDSAit\n")
+N_("             [!]manageDSAit         (RFC 3296)\n")
 N_("             [!]noop\n")
 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
 N_("             ppolicy\n")
 #endif
-N_("             [!]postread[=<attrs>]  (a comma-separated attribute list)\n")
-N_("             [!]preread[=<attrs>]   (a comma-separated attribute list)\n")
+N_("             [!]postread[=<attrs>]  (RFC 4527; comma-separated attr list)\n")
+N_("             [!]preread[=<attrs>]   (RFC 4527; comma-separated attr list)\n")
 N_("             [!]relax\n")
 #ifdef LDAP_CONTROL_X_SESSION_TRACKING
 N_("             [!]sessiontracking\n")
@@ -278,6 +301,7 @@
 N_("  -I         use SASL Interactive mode\n"),
 N_("  -M         enable Manage DSA IT control (-MM to make critical)\n"),
 N_("  -n         show what would be done but don't actually do it\n"),
+N_("  -N         do not use reverse DNS to canonicalize SASL host name\n"),
 N_("  -O props   SASL security properties\n"),
 N_("  -o <opt>[=<optparam] general options\n"),
 N_("             nettimeout=<timeout> (in seconds, or \"none\" or \"max\")\n"),
@@ -623,7 +647,7 @@
 						(unsigned char *)bv.bv_val,
 						bv.bv_len );
 
-					if ( retcode == -1 || retcode > bv.bv_len ) {
+					if ( retcode == -1 || (unsigned) retcode > bv.bv_len ) {
 						fprintf( stderr, "Unable to parse value of general control %s\n",
 							control );
 						usage();
@@ -686,6 +710,9 @@
 		case 'n':	/* print operations, don't actually do them */
 			dont++;
 			break;
+		case 'N':
+			nocanon++;
+			break;
 		case 'o':
 			control = ber_strdup( optarg );
 			if ( (cvalue = strchr( control, '=' )) != NULL ) {
@@ -979,7 +1006,11 @@
 
 	if (authmethod == -1 && protocol > LDAP_VERSION2) {
 #ifdef HAVE_CYRUS_SASL
-		authmethod = LDAP_AUTH_SASL;
+		if ( binddn != NULL ) {
+			authmethod = LDAP_AUTH_SIMPLE;
+		} else {
+			authmethod = LDAP_AUTH_SASL;
+		}
 #else
 		authmethod = LDAP_AUTH_SIMPLE;
 #endif
@@ -1232,6 +1263,16 @@
 			exit( EXIT_FAILURE );
 		}
 
+#ifdef HAVE_CYRUS_SASL
+		/* canon */
+		if( ldap_set_option( ld, LDAP_OPT_X_SASL_NOCANON,
+			nocanon ? LDAP_OPT_ON : LDAP_OPT_OFF ) != LDAP_OPT_SUCCESS )
+		{
+			fprintf( stderr, "Could not set LDAP_OPT_X_SASL_NOCANON %s\n",
+				nocanon ? "on" : "off" );
+			exit( EXIT_FAILURE );
+		}
+#endif
 		if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol )
 			!= LDAP_OPT_SUCCESS )
 		{
@@ -1308,7 +1349,7 @@
 		sctrlsp = sctrls;
 	}
 
-	assert( nsctrls < sizeof(sctrls)/sizeof(sctrls[0]) );
+	assert( nsctrls < (int) (sizeof(sctrls)/sizeof(sctrls[0])) );
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL
@@ -1521,7 +1562,7 @@
 		
 		ber_init2( ber, NULL, LBER_USE_DER );
 
-		if ( ber_printf( ber, "s", proxydn ) == LBER_ERROR ) {
+		if ( ber_printf( ber, "s", proxydn ) == -1 ) {
 			exit( EXIT_FAILURE );
 		}
 
@@ -1571,8 +1612,8 @@
 #endif
 
 	if ( preread ) {
-		char berbuf[LBER_ELEMENT_SIZEOF];
-		BerElement *ber = (BerElement *)berbuf;
+		BerElementBuffer berbuf;
+		BerElement *ber = (BerElement *)&berbuf;
 		char **attrs = NULL;
 
 		if( preread_attrs ) {
@@ -1601,8 +1642,8 @@
 	}
 
 	if ( postread ) {
-		char berbuf[LBER_ELEMENT_SIZEOF];
-		BerElement *ber = (BerElement *)berbuf;
+		BerElementBuffer berbuf;
+		BerElement *ber = (BerElement *)&berbuf;
 		char **attrs = NULL;
 
 		if( postread_attrs ) {
@@ -1864,6 +1905,154 @@
 	return 0;
 }
 
+static int
+print_sss( LDAP *ld, LDAPControl *ctrl )
+{
+	int rc;
+	ber_int_t err;
+	char *attr;
+
+	rc = ldap_parse_sortresponse_control( ld, ctrl, &err, &attr );
+	if ( rc == LDAP_SUCCESS ) {
+		char buf[ BUFSIZ ];
+		rc = snprintf( buf, sizeof(buf), "(%d) %s %s",
+			err, ldap_err2string(err), attr ? attr : "" );
+
+		tool_write_ldif( ldif ? LDIF_PUT_COMMENT : LDIF_PUT_VALUE,
+			"sortResult", buf, rc );
+	}
+
+	return rc;
+}
+
+#ifdef LDAP_CONTROL_X_DEREF
+static int
+print_deref( LDAP *ld, LDAPControl *ctrl )
+{
+	LDAPDerefRes    *drhead = NULL, *dr;
+	int		rc;
+
+	rc = ldap_parse_derefresponse_control( ld, ctrl, &drhead );
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	for ( dr = drhead; dr != NULL; dr = dr->next ) {
+		LDAPDerefVal	*dv;
+		ber_len_t	len;
+		char		*buf, *ptr;
+
+		len = strlen( dr->derefAttr ) + STRLENOF(": ");
+
+		for ( dv = dr->attrVals; dv != NULL; dv = dv->next ) {
+			if ( dv->vals != NULL ) {
+				int j;
+				ber_len_t tlen = strlen(dv->type);
+
+				for ( j = 0; dv->vals[ j ].bv_val != NULL; j++ ) {
+					len += STRLENOF("<:=>;") + tlen + 4*((dv->vals[ j ].bv_len - 1)/3 + 1);
+				}
+			}
+		}
+		len += dr->derefVal.bv_len + STRLENOF("\n");
+		buf = ldap_memalloc( len + 1 );
+		if ( buf == NULL ) {
+			rc = LDAP_NO_MEMORY;
+			goto done;
+		}
+
+		ptr = buf;
+		ptr = lutil_strcopy( ptr, dr->derefAttr );
+		*ptr++ = ':';
+		*ptr++ = ' ';
+		for ( dv = dr->attrVals; dv != NULL; dv = dv->next ) {
+			if ( dv->vals != NULL ) {
+				int j;
+				for ( j = 0; dv->vals[ j ].bv_val != NULL; j++ ) {
+					int k;
+
+					for ( k = 0; k < dv->vals[ j ].bv_len; k++ ) {
+						if ( !isprint( dv->vals[ j ].bv_val[k] ) ) {
+							k = -1;
+							break;
+						}
+					}
+
+					*ptr++ = '<';
+					ptr = lutil_strcopy( ptr, dv->type );
+					if ( k == -1 ) {
+						*ptr++ = ':';
+					}
+					*ptr++ = '=';
+					if ( k == -1 ) {
+						k = lutil_b64_ntop( dv->vals[ j ].bv_val, dv->vals[ j ].bv_len, ptr, buf + len - ptr );
+						assert( k >= 0 );
+						ptr += k;
+						
+					} else {
+						ptr = lutil_memcopy( ptr, dv->vals[ j ].bv_val, dv->vals[ j ].bv_len );
+					}
+					*ptr++ = '>';
+					*ptr++ = ';';
+				}
+			}
+		}
+		ptr = lutil_strncopy( ptr, dr->derefVal.bv_val, dr->derefVal.bv_len );
+		*ptr++ = '\n';
+		*ptr++ = '\0';
+		assert( ptr <= buf + len );
+
+		tool_write_ldif( LDIF_PUT_COMMENT, NULL, buf, ptr - buf);
+
+		ldap_memfree( buf );
+	}
+
+	rc = LDAP_SUCCESS;
+
+done:;
+	ldap_derefresponse_free( drhead );
+
+	return rc;
+}
+#endif
+
+#ifdef LDAP_CONTROL_X_WHATFAILED
+static int
+print_whatfailed( LDAP *ld, LDAPControl *ctrl )
+{
+	BerElement *ber;
+	ber_tag_t tag;
+	ber_len_t siz;
+	BerVarray bva = NULL;
+
+	/* Create a BerElement from the berval returned in the control. */
+	ber = ber_init( &ctrl->ldctl_value );
+
+	if ( ber == NULL ) {
+		return LDAP_NO_MEMORY;
+	}
+
+	siz = sizeof(struct berval);
+	tag = ber_scanf( ber, "[M]", &bva, &siz, 0 );
+	if ( tag != LBER_ERROR ) {
+		int i;
+
+		tool_write_ldif( LDIF_PUT_COMMENT, " what failed:", NULL, 0 );
+
+		for ( i = 0; bva[i].bv_val != NULL; i++ ) {
+			tool_write_ldif( LDIF_PUT_COMMENT, NULL, bva[i].bv_val, bva[i].bv_len );
+		}
+
+		ldap_memfree( bva );
+	}
+
+        ber_free( ber, 1 );
+
+
+	return 0;
+}
+#endif
+
 #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
 static int
 print_ppolicy( LDAP *ld, LDAPControl *ctrl )

Modified: openldap/vendor/openldap-release/clients/tools/common.h
===================================================================
--- openldap/vendor/openldap-release/clients/tools/common.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/common.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* common.h - common definitions for the ldap client tools */
-/* $OpenLDAP: pkg/ldap/clients/tools/common.h,v 1.24.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/common.h,v 1.24.2.4 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/clients/tools/ldapcompare.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapcompare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapcompare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapcompare.c -- LDAP compare tool */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapcompare.c,v 1.43.2.4 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapcompare.c,v 1.43.2.6 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * All rights reserved.
@@ -102,7 +102,7 @@
 
 
 const char options[] = "z"
-	"Cd:D:e:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+	"Cd:D:e:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 
 #ifdef LDAP_CONTROL_DONTUSECOPY
 int dontUseCopy = 0;

Modified: openldap/vendor/openldap-release/clients/tools/ldapdelete.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapdelete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapdelete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapdelete.c - simple program to delete an entry using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapdelete.c,v 1.118.2.7 2008/02/12 00:32:01 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapdelete.c,v 1.118.2.9 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *
@@ -78,7 +78,7 @@
 
 
 const char options[] = "r"
-	"cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
+	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:z:Z";
 
 int
 handle_private_option( int i )

Modified: openldap/vendor/openldap-release/clients/tools/ldapexop.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapexop.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapexop.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapexop.c -- a tool for performing well-known extended operations */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapexop.c,v 1.9.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapexop.c,v 1.9.2.5 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -49,7 +49,7 @@
 
 
 const char options[] = ""
-	"d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )

Modified: openldap/vendor/openldap-release/clients/tools/ldapmodify.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapmodify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapmodify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapmodify.c - generic program to modify or add entries using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.186.2.7 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodify.c,v 1.186.2.10 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 2006 Howard Chu.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
@@ -95,8 +95,8 @@
 static struct berval BV_DELETEOLDRDN = BER_BVC("deleteoldrdn");
 static struct berval BV_NEWSUP = BER_BVC("newsuperior");
 
-#define	BVICMP(a,b)	((a)->bv_len != (b)->bv_len ? \
-	(a)->bv_len - (b)->bv_len : strcasecmp((a)->bv_val, (b)->bv_val))
+#define	BV_CASEMATCH(a, b) \
+	((a)->bv_len == (b)->bv_len && 0 == strcasecmp((a)->bv_val, (b)->bv_val))
 
 static int process_ldif_rec LDAP_P(( char *rbuf, int lineno ));
 static int parse_ldif_control LDAP_P(( struct berval *val, LDAPControl ***pctrls ));
@@ -151,7 +151,7 @@
 
 
 const char options[] = "aE:rS:"
-	"cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )
@@ -457,7 +457,7 @@
 		freeval[i] = freev;
 
 		if ( dn == NULL ) {
-			if ( linenum+i == 1 && !BVICMP( btype+i, &BV_VERSION )) {
+			if ( linenum+i == 1 && BV_CASEMATCH( btype+i, &BV_VERSION )) {
 				int	v;
 				if( vals[i].bv_len == 0 || lutil_atoi( &v, vals[i].bv_val) != 0 || v != 1 ) {
 					fprintf( stderr,
@@ -466,7 +466,7 @@
 				}
 				version++;
 
-			} else if ( !BVICMP( btype+i, &BV_DN )) {
+			} else if ( BV_CASEMATCH( btype+i, &BV_DN )) {
 				dn = vals[i].bv_val;
 				idn = i;
 			}
@@ -494,7 +494,7 @@
 
 	i = idn+1;
 	/* Check for "control" tag after dn and before changetype. */
-	if (!BVICMP( btype+i, &BV_CONTROL)) {
+	if ( BV_CASEMATCH( btype+i, &BV_CONTROL )) {
 		/* Parse and add it to the list of controls */
 		rc = parse_ldif_control( vals+i, &pctrls );
 		if (rc != 0) {
@@ -515,7 +515,7 @@
 	}
 
 	/* Check for changetype */
-	if ( !BVICMP( btype+i, &BV_CHANGETYPE )) {
+	if ( BV_CASEMATCH( btype+i, &BV_CHANGETYPE )) {
 #ifdef LIBERAL_CHANGETYPE_MODOP
 		/* trim trailing spaces (and log warning ...) */
 		int icnt;
@@ -533,20 +533,20 @@
 		}
 #endif /* LIBERAL_CHANGETYPE_MODOP */
 
-		if ( BVICMP( vals+i, &BV_MODIFYCT ) == 0 ) {
+		if ( BV_CASEMATCH( vals+i, &BV_MODIFYCT )) {
 			new_entry = 0;
 			expect_modop = 1;
-		} else if ( BVICMP( vals+i, &BV_ADDCT ) == 0 ) {
+		} else if ( BV_CASEMATCH( vals+i, &BV_ADDCT )) {
 			new_entry = 1;
 			modop = LDAP_MOD_ADD;
-		} else if ( BVICMP( vals+i, &BV_MODRDNCT ) == 0
-			|| BVICMP( vals+i, &BV_MODDNCT ) == 0
-			|| BVICMP( vals+i, &BV_RENAMECT ) == 0)
+		} else if ( BV_CASEMATCH( vals+i, &BV_MODRDNCT )
+			|| BV_CASEMATCH( vals+i, &BV_MODDNCT )
+			|| BV_CASEMATCH( vals+i, &BV_RENAMECT ))
 		{
 			i++;
 			if ( i >= lines )
 				goto short_input;
-			if ( BVICMP( btype+i, &BV_NEWRDN )) {
+			if ( !BV_CASEMATCH( btype+i, &BV_NEWRDN )) {
 				fprintf( stderr, _("%s: expecting \"%s:\" but saw"
 					" \"%s:\" (line %d, entry \"%s\")\n"),
 					prog, BV_NEWRDN.bv_val, btype[i].bv_val, linenum+i, dn );
@@ -557,7 +557,7 @@
 			i++;
 			if ( i >= lines )
 				goto short_input;
-			if ( BVICMP( btype+i, &BV_DELETEOLDRDN )) {
+			if ( !BV_CASEMATCH( btype+i, &BV_DELETEOLDRDN )) {
 				fprintf( stderr, _("%s: expecting \"%s:\" but saw"
 					" \"%s:\" (line %d, entry \"%s\")\n"),
 					prog, BV_DELETEOLDRDN.bv_val, btype[i].bv_val, linenum+i, dn );
@@ -567,7 +567,7 @@
 			deleteoldrdn = ( vals[i].bv_val[0] == '0' ) ? 0 : 1;
 			i++;
 			if ( i < lines ) {
-				if ( BVICMP( btype+i, &BV_NEWSUP )) {
+				if ( !BV_CASEMATCH( btype+i, &BV_NEWSUP )) {
 					fprintf( stderr, _("%s: expecting \"%s:\" but saw"
 						" \"%s:\" (line %d, entry \"%s\")\n"),
 						prog, BV_NEWSUP.bv_val, btype[i].bv_val, linenum+i, dn );
@@ -578,7 +578,7 @@
 				i++;
 			}
 			got_all = 1;
-		} else if ( BVICMP( vals+i, &BV_DELETECT ) == 0 ) {
+		} else if ( BV_CASEMATCH( vals+i, &BV_DELETECT )) {
 			got_all = delete_entry = 1;
 		} else {
 			fprintf( stderr,
@@ -615,7 +615,7 @@
 		/* Make sure all attributes with multiple values are contiguous */
 		for (; i<lines; i++) {
 			for (j=i+1; j<lines; j++) {
-				if ( !BVICMP( btype+i, btype+j )) {
+				if ( BV_CASEMATCH( btype+i, btype+j )) {
 					nmods--;
 					/* out of order, move intervening attributes down */
 					if ( j != i+1 ) {
@@ -649,13 +649,13 @@
 		k = -1;
 		BER_BVZERO(&bv);
 		for (i=idn; i<lines; i++) {
-			if ( !BVICMP( btype+i, &BV_DN )) {
+			if ( BV_CASEMATCH( btype+i, &BV_DN )) {
 				fprintf( stderr, _("%s: attributeDescription \"%s\":"
 					" (possible missing newline"
 						" after line %d, entry \"%s\"?)\n"),
 					prog, btype[i].bv_val, linenum+i - 1, dn );
 			}
-			if ( BVICMP(btype+i,&bv)) {
+			if ( !BV_CASEMATCH( btype+i, &bv )) {
 				bvl[k++] = NULL;
 				bv = btype[i];
 				lm[j].mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
@@ -694,11 +694,11 @@
 
 			expect_modop = 0;
 			expect_sep = 1;
-			if ( BVICMP( btype+i, &BV_MODOPADD ) == 0 ) {
+			if ( BV_CASEMATCH( btype+i, &BV_MODOPADD )) {
 				modop = LDAP_MOD_ADD;
 				mops[i] = M_SEP;
 				nmods--;
-			} else if ( BVICMP( btype+i, &BV_MODOPREPLACE ) == 0 ) {
+			} else if ( BV_CASEMATCH( btype+i, &BV_MODOPREPLACE )) {
 			/* defer handling these since they might have no values.
 			 * Use the BVALUES flag to signal that these were
 			 * deferred. If values are provided later, this
@@ -707,11 +707,11 @@
 				modop = LDAP_MOD_REPLACE;
 				mops[i] = modop | LDAP_MOD_BVALUES;
 				btype[i] = vals[i];
-			} else if ( BVICMP( btype+i, &BV_MODOPDELETE ) == 0 ) {
+			} else if ( BV_CASEMATCH( btype+i, &BV_MODOPDELETE )) {
 				modop = LDAP_MOD_DELETE;
 				mops[i] = modop | LDAP_MOD_BVALUES;
 				btype[i] = vals[i];
-			} else if ( BVICMP( btype+i, &BV_MODOPINCREMENT ) == 0 ) {
+			} else if ( BV_CASEMATCH( btype+i, &BV_MODOPINCREMENT )) {
 				modop = LDAP_MOD_INCREMENT;
 				mops[i] = M_SEP;
 				nmods--;
@@ -729,7 +729,7 @@
 			expect_modop = 1;
 			nmods--;
 		} else {
-			if ( BVICMP( btype+i, &bv )) {
+			if ( !BV_CASEMATCH( btype+i, &bv )) {
 				fprintf( stderr, _("%s: wrong attributeType at"
 					" line %d, entry \"%s\"\n"),
 					prog, linenum+i, dn );
@@ -740,8 +740,9 @@
 			/* If prev op was deferred and matches this type,
 			 * clear the flag
 			 */
-			if ( (mops[i-1]&LDAP_MOD_BVALUES) && !BVICMP(btype+i,
-				btype+i-1)) {
+			if ( (mops[i-1] & LDAP_MOD_BVALUES)
+				&& BV_CASEMATCH( btype+i, btype+i-1 ))
+			{
 				mops[i-1] = M_SEP;
 				nmods--;
 			}
@@ -756,7 +757,7 @@
 		for (j=i+1; j<lines; j++) {
 			if ( mops[j] == M_SEP || mops[i] != mops[j] )
 				continue;
-			if ( !BVICMP( btype+i, btype+j )) {
+			if ( BV_CASEMATCH( btype+i, btype+j )) {
 				nmods--;
 				/* out of order, move intervening attributes down */
 				if ( j != i+1 ) {
@@ -802,7 +803,7 @@
 	for (i=idn; i<lines; i++) {
 		if ( mops[i] == M_SEP )
 			continue;
-		if ( mops[i] != mops[i-1] || BVICMP(btype+i,&bv)) {
+		if ( mops[i] != mops[i-1] || !BV_CASEMATCH( btype+i, &bv )) {
 			bvl[k++] = NULL;
 			bv = btype[i];
 			lm[j].mod_op = mops[i] | LDAP_MOD_BVALUES;

Modified: openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapmodrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapmodrdn.c - generic program to modify an entry's RDN using LDAP */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodrdn.c,v 1.116.2.4 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapmodrdn.c,v 1.116.2.6 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.
@@ -91,7 +91,7 @@
 
 
 const char options[] = "rs:"
-	"cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+	"cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )

Modified: openldap/vendor/openldap-release/clients/tools/ldappasswd.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldappasswd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldappasswd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldappasswd -- a tool for change LDAP passwords */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.136.2.4 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldappasswd.c,v 1.136.2.7 2009/01/22 00:00:42 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.
@@ -81,7 +81,7 @@
 
 
 const char options[] = "a:As:St:T:"
-	"d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )
@@ -389,7 +389,6 @@
 			" new password expected", NULL, NULL, NULL );
 	}
 
-skip:
 	if( verbose || code != LDAP_SUCCESS ||
 		matcheddn || text || refs || ctrls )
 	{

Modified: openldap/vendor/openldap-release/clients/tools/ldapsearch.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapsearch.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapsearch.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapsearch -- a tool for searching LDAP directories */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.234.2.9 2008/02/12 19:59:52 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapsearch.c,v 1.234.2.18 2009/01/22 00:00:43 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.
@@ -126,11 +126,16 @@
 	fprintf( stderr, _("  -E [!]<ext>[=<extparam>] search extensions (! indicates criticality)\n"));
 	fprintf( stderr, _("             [!]domainScope              (domain scope)\n"));
 	fprintf( stderr, _("             !dontUseCopy                (Don't Use Copy)\n"));
-	fprintf( stderr, _("             [!]mv=<filter>              (matched values filter)\n"));
-	fprintf( stderr, _("             [!]pr=<size>[/prompt|noprompt]   (paged results/prompt)\n"));
-	fprintf( stderr, _("             [!]subentries[=true|false]  (subentries)\n"));
-	fprintf( stderr, _("             [!]sync=ro[/<cookie>]            (LDAP Sync refreshOnly)\n"));
-	fprintf( stderr, _("                     rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)\n"));
+	fprintf( stderr, _("             [!]mv=<filter>              (RFC 3876 matched values filter)\n"));
+	fprintf( stderr, _("             [!]pr=<size>[/prompt|noprompt] (RFC 2696 paged results/prompt)\n"));
+	fprintf( stderr, _("             [!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...]\n"));
+	fprintf( stderr, _("                                         (RFC 2891 server side sorting)\n"));
+	fprintf( stderr, _("             [!]subentries[=true|false]  (RFC 3672 subentries)\n"));
+	fprintf( stderr, _("             [!]sync=ro[/<cookie>]       (RFC 4533 LDAP Sync refreshOnly)\n"));
+	fprintf( stderr, _("                     rp[/<cookie>][/<slimit>] (refreshAndPersist)\n"));
+#ifdef LDAP_CONTROL_X_DEREF
+	fprintf( stderr, _("             [!]deref=derefAttr:attr[,...][;derefAttr:attr[,...][;...]]\n"));
+#endif
 	fprintf( stderr, _("             [!]<oid>=:<value>           (generic control; no response handling)\n"));
 	fprintf( stderr, _("  -F prefix  URL prefix for files (default: %s)\n"), def_urlpre);
 	fprintf( stderr, _("  -l limit   time limit (in seconds, or \"none\" or \"max\") for search\n"));
@@ -199,6 +204,9 @@
 
 static int domainScope = 0;
 
+static int sss = 0;
+static LDAPSortKey **sss_keys = NULL;
+
 static int ldapsync = 0;
 static struct berval sync_cookie = { 0, NULL };
 static int sync_slimit = -1;
@@ -218,6 +226,12 @@
 static int nctrls = 0;
 static int save_nctrls = 0;
 
+#ifdef LDAP_CONTROL_X_DEREF
+static int derefcrit;
+static LDAPDerefSpec *ds;
+static struct berval derefval;
+#endif
+
 static int
 ctrl_add( void )
 {
@@ -251,7 +265,7 @@
 
 
 const char options[] = "a:Ab:cE:F:l:Ls:S:tT:uz:"
-	"Cd:D:e:f:h:H:IMnO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
+	"Cd:D:e:f:h:H:IMnNO:o:p:P:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )
@@ -395,6 +409,31 @@
 
 			domainScope = 1 + crit;
 
+		} else if ( strcasecmp( control, "sss" ) == 0 ) {
+			char *keyp;
+			if( sss ) {
+				fprintf( stderr,
+					_("server side sorting control previously specified\n"));
+				exit( EXIT_FAILURE );
+			}
+			if( cvalue == NULL ) {
+				fprintf( stderr,
+			         _("missing specification of sss control\n") );
+				exit( EXIT_FAILURE );
+			}
+			keyp = cvalue;
+			while ( ( keyp = strchr(keyp, '/') ) != NULL ) {
+				*keyp++ = ' ';
+			}
+			if ( ldap_create_sort_keylist( &sss_keys, cvalue )) {
+				fprintf( stderr,
+					_("server side sorting control value \"%s\" invalid\n"),
+					cvalue );
+				exit( EXIT_FAILURE );
+			}
+
+			sss = 1 + crit;
+
 		} else if ( strcasecmp( control, "subentries" ) == 0 ) {
 			if( subentries ) {
 				fprintf( stderr,
@@ -461,6 +500,51 @@
 			}
 			if ( crit ) ldapsync *= -1;
 
+#ifdef LDAP_CONTROL_X_DEREF
+		} else if ( strcasecmp( control, "deref" ) == 0 ) {
+			int ispecs;
+			char **specs;
+
+			/* cvalue is something like
+			 *
+			 * derefAttr:attr[,attr[...]][;derefAttr:attr[,attr[...]]]"
+			 */
+
+			specs = ldap_str2charray( cvalue, ";" );
+			if ( specs == NULL ) {
+				fprintf( stderr, _("deref specs \"%s\" invalid\n"),
+					cvalue );
+				exit( EXIT_FAILURE );
+			}
+			for ( ispecs = 0; specs[ ispecs ] != NULL; ispecs++ )
+				/* count'em */
+
+			ds = ldap_memcalloc( ispecs + 1, sizeof( LDAPDerefSpec ) );
+			if ( ds == NULL ) {
+				perror( "malloc" );
+				exit( EXIT_FAILURE );
+			}
+
+			for ( ispecs = 0; specs[ ispecs ] != NULL; ispecs++ ) {
+				char *ptr;
+
+				ptr = strchr( specs[ ispecs ], ':' );
+				if ( ptr == NULL ) {
+					fprintf( stderr, _("deref specs \"%s\" invalid\n"),
+						cvalue );
+					exit( EXIT_FAILURE );
+				}
+
+				ds[ ispecs ].derefAttr = specs[ ispecs ];
+				*ptr++ = '\0';
+				ds[ ispecs ].attributes = ldap_str2charray( ptr, "," );
+			}
+
+			derefcrit = 1 + crit;
+
+			ldap_memfree( specs );
+#endif /* LDAP_CONTROL_X_DEREF */
+
 		} else if ( tool_is_oid( control ) ) {
 			if ( ctrl_add() ) {
 				exit( EXIT_FAILURE );
@@ -751,9 +835,13 @@
 #ifdef LDAP_CONTROL_DONTUSECOPY
 		|| dontUseCopy
 #endif
+#ifdef LDAP_CONTROL_X_DEREF
+		|| derefcrit
+#endif
 		|| domainScope
 		|| pagedResults
 		|| ldapsync
+		|| sss
 		|| subentries
 		|| valuesReturnFilter )
 	{
@@ -825,13 +913,13 @@
 							&sync_cookie );
 			}
 
-			if ( err == LBER_ERROR ) {
+			if ( err == -1 ) {
 				ber_free( syncber, 1 );
 				fprintf( stderr, _("ldap sync control encoding error!\n") );
 				return EXIT_FAILURE;
 			}
 
-			if ( ber_flatten( syncber, &syncbvalp ) == LBER_ERROR ) {
+			if ( ber_flatten( syncber, &syncbvalp ) == -1 ) {
 				return EXIT_FAILURE;
 			}
 
@@ -886,6 +974,52 @@
 			c[i].ldctl_iscritical = pagedResults > 1;
 			i++;
 		}
+
+		if ( sss ) {
+			if ( ctrl_add() ) {
+				return EXIT_FAILURE;
+			}
+
+			if ( ldap_create_sort_control_value( ld,
+				sss_keys, &c[i].ldctl_value ) )
+			{
+				return EXIT_FAILURE;
+			}
+
+			c[i].ldctl_oid = LDAP_CONTROL_SORTREQUEST;
+			c[i].ldctl_iscritical = sss > 1;
+			i++;
+		}
+
+#ifdef LDAP_CONTROL_X_DEREF
+		if ( derefcrit ) {
+			if ( derefval.bv_val == NULL ) {
+				int i;
+
+				assert( ds != NULL );
+
+				if ( ldap_create_deref_control_value( ld, ds, &derefval ) != LDAP_SUCCESS ) {
+					return EXIT_FAILURE;
+				}
+
+				for ( i = 0; ds[ i ].derefAttr != NULL; i++ ) {
+					ldap_memfree( ds[ i ].derefAttr );
+					ldap_charray_free( ds[ i ].attributes );
+				}
+				ldap_memfree( ds );
+				ds = NULL;
+			}
+
+			if ( ctrl_add() ) {
+				exit( EXIT_FAILURE );
+			}
+
+			c[ i ].ldctl_iscritical = derefcrit > 1;
+			c[ i ].ldctl_oid = LDAP_CONTROL_X_DEREF;
+			c[ i ].ldctl_value = derefval;
+			i++;
+		}
+#endif /* LDAP_CONTROL_X_DEREF */
 	}
 
 	tool_server_controls( ld, c, i );
@@ -968,6 +1102,16 @@
 				(pagedResults > 1) ? _("critical ") : "", 
 				pageSize );
 		}
+		if ( sss ) {
+			printf(_("\n# with server side sorting %scontrol"),
+				sss > 1 ? _("critical ") : "" );
+		}
+#ifdef LDAP_CONTROL_X_DEREF
+		if ( sss ) {
+			printf(_("\n# with dereference %scontrol"),
+				sss > 1 ? _("critical ") : "" );
+		}
+#endif
 
 		printf( _("\n#\n\n") );
 
@@ -1051,6 +1195,12 @@
 	if ( control != NULL ) {
 		ber_memfree( control );
 	}
+	if ( sss_keys != NULL ) {
+		ldap_free_sort_keylist( sss_keys );
+	}
+	if ( derefval.bv_val != NULL ) {
+		ldap_memfree( derefval.bv_val );
+	}
 
 	if ( c ) {
 		for ( ; save_nctrls-- > 0; ) {
@@ -1092,14 +1242,15 @@
 	int			cancel_msgid = -1;
 
 	if( filtpatt != NULL ) {
-		size_t max_fsize = strlen( filtpatt ) + strlen( value ) + 1;
+		size_t max_fsize = strlen( filtpatt ) + strlen( value ) + 1, outlen;
 		filter = malloc( max_fsize );
 		if( filter == NULL ) {
 			perror( "malloc" );
 			return EXIT_FAILURE;
 		}
 
-		if( snprintf( filter, max_fsize, filtpatt, value ) >= max_fsize ) {
+		outlen = snprintf( filter, max_fsize, filtpatt, value );
+		if( outlen >= max_fsize ) {
 			fprintf( stderr, "Bad filter pattern: \"%s\"\n", filtpatt );
 			free( filter );
 			return EXIT_FAILURE;
@@ -1564,7 +1715,7 @@
 
 						tool_write_ldif( LDIF_PUT_TEXT,
 							"text", line,
-							next ? next - line : strlen( line ) );
+							next ? (size_t) (next - line) : strlen( line ));
 
 						line = next ? next + 1 : NULL;
 					}

Added: openldap/vendor/openldap-release/clients/tools/ldapurl.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapurl.c	                        (rev 0)
+++ openldap/vendor/openldap-release/clients/tools/ldapurl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,304 @@
+/* ldapurl -- a tool for generating LDAP URLs */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapurl.c,v 1.1.2.2 2009/01/22 00:00:43 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati, SysNet
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* Portions Copyright (c) 1992-1996 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.  This
+ * software is provided ``as is'' without express or implied warranty.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP software.
+ */
+
+#include "portable.h"
+
+#include <ac/stdlib.h>
+#include <stdio.h>
+#include <ac/unistd.h>
+
+#include "ldap.h"
+#include "ldap_pvt.h"
+#include "lutil.h"
+
+static int
+usage(void)
+{
+	fprintf( stderr, _("usage: %s [options]\n\n"), "ldapurl" );
+	fprintf( stderr, _("generates RFC 4516 LDAP URL with extensions\n\n" ) );
+	fprintf( stderr, _("URL options:\n"));
+	fprintf( stderr, _("  -a attrs   comma separated list of attributes\n" ) );
+	fprintf( stderr, _("  -b base    (RFC 4514 LDAP DN)\n" ) );
+	fprintf( stderr, _("  -E ext     (format: \"ext=value\"; multiple occurrences allowed)\n" ) );
+	fprintf( stderr, _("  -f filter  (RFC 4515 LDAP filter)\n" ) );
+	fprintf( stderr, _("  -h host    \n" ) );
+	fprintf( stderr, _("  -p port    (default: 389 for ldap, 636 for ldaps)\n" ) );
+	fprintf( stderr, _("  -s scope   (RFC 4511 searchScope and extensions)\n" ) );
+	fprintf( stderr, _("  -S scheme  (RFC 4516 LDAP URL scheme and extensions)\n" ) );
+	exit( EXIT_FAILURE );
+}
+
+static int
+do_uri_create( LDAPURLDesc *lud )
+{
+	char	*uri;
+
+	if ( lud->lud_scheme == NULL ) {
+		lud->lud_scheme = "ldap";
+	}
+
+	if ( lud->lud_port == -1 ) {
+		if ( strcasecmp( lud->lud_scheme, "ldap" ) == 0 ) {
+			lud->lud_port = LDAP_PORT;
+
+		} else if ( strcasecmp( lud->lud_scheme, "ldaps" ) == 0 ) {
+			lud->lud_port = LDAPS_PORT;
+
+		} else if ( strcasecmp( lud->lud_scheme, "ldapi" ) == 0 ) {
+			lud->lud_port = 0;
+
+		} else {
+			/* forgiving... */
+			lud->lud_port = 0;
+		}
+	}
+
+	if ( lud->lud_scope == -1 ) {
+		lud->lud_scope = LDAP_SCOPE_DEFAULT;
+	}
+
+	uri = ldap_url_desc2str( lud );
+
+	if ( lud->lud_attrs != NULL ) {
+		ldap_charray_free( lud->lud_attrs );
+		lud->lud_attrs = NULL;
+	}
+
+	if ( lud->lud_exts != NULL ) {
+		free( lud->lud_exts );
+		lud->lud_exts = NULL;
+	}
+
+	if ( uri == NULL ) {
+		fprintf( stderr, "unable to generate URI\n" );
+		exit( EXIT_FAILURE );
+	}
+
+	printf( "%s\n", uri );
+	free( uri );
+
+	return 0;
+}
+
+static int
+do_uri_explode( const char *uri )
+{
+	LDAPURLDesc	*lud;
+	int		rc;
+
+	rc = ldap_url_parse( uri, &lud );
+	if ( rc != LDAP_URL_SUCCESS ) {
+		fprintf( stderr, "unable to parse URI \"%s\"\n", uri );
+		return 1;
+	}
+
+	if ( lud->lud_scheme != NULL && lud->lud_scheme[0] != '\0' ) {
+		printf( "scheme: %s\n", lud->lud_scheme );
+	}
+
+	if ( lud->lud_host != NULL && lud->lud_host[0] != '\0' ) {
+		printf( "host: %s\n", lud->lud_host );
+	}
+
+	if ( lud->lud_port != 0 ) {
+		printf( "port: %d\n", lud->lud_port );
+	}
+
+	if ( lud->lud_dn != NULL && lud->lud_dn[0] != '\0' ) {
+		printf( "dn: %s\n", lud->lud_dn );
+	}
+
+	if ( lud->lud_attrs != NULL ) {
+		int	i;
+
+		for ( i = 0; lud->lud_attrs[i] != NULL; i++ ) {
+			printf( "selector: %s\n", lud->lud_attrs[i] );
+		}
+	}
+
+	if ( lud->lud_scope != LDAP_SCOPE_DEFAULT ) {
+		printf( "scope: %s\n", ldap_pvt_scope2str( lud->lud_scope ) );
+	}
+
+	if ( lud->lud_filter != NULL && lud->lud_filter[0] != '\0' ) {
+		printf( "filter: %s\n", lud->lud_filter );
+	}
+
+	if ( lud->lud_exts != NULL ) {
+		int	i;
+
+		for ( i = 0; lud->lud_exts[i] != NULL; i++ ) {
+			printf( "extension: %s\n", lud->lud_exts[i] );
+		}
+	}
+
+	return 0;
+}
+
+int
+main( int argc, char *argv[])
+{
+	LDAPURLDesc	lud = { 0 };
+	char		*uri = NULL;
+	int		gotlud = 0;
+	int		nexts = 0;
+
+	lud.lud_port = -1;
+	lud.lud_scope = -1;
+
+	while ( 1 ) {
+		int opt = getopt( argc, argv, "S:h:p:b:a:s:f:E:H:" );
+
+		if ( opt == EOF ) {
+			break;
+		}
+
+		if ( opt == 'H' ) {
+			if ( gotlud ) {
+				fprintf( stderr, "option -H incompatible with previous options\n" );
+				usage();
+			}
+
+			if ( uri != NULL ) {
+				fprintf( stderr, "URI already provided\n" );
+				usage();
+			}
+
+			uri = optarg;
+			continue;
+		}
+
+		switch ( opt ) {
+		case 'S':
+		case 'h':
+		case 'p':
+		case 'b':
+		case 'a':
+		case 's':
+		case 'f':
+		case 'E':
+			if ( uri != NULL ) {
+				fprintf( stderr, "option -%c incompatible with -H\n", opt );
+				usage();
+			}
+			gotlud++;
+		}
+
+		switch ( opt ) {
+		case 'S':
+			if ( lud.lud_scheme != NULL ) {
+				fprintf( stderr, "scheme already provided\n" );
+				usage();
+			}
+			lud.lud_scheme = optarg;
+			break;
+
+		case 'h':
+			if ( lud.lud_host != NULL ) {
+				fprintf( stderr, "host already provided\n" );
+				usage();
+			}
+			lud.lud_host = optarg;
+			break;
+
+		case 'p':
+			if ( lud.lud_port != -1 ) {
+				fprintf( stderr, "port already provided\n" );
+				usage();
+			}
+
+			if ( lutil_atoi( &lud.lud_port, optarg ) ) {
+				fprintf( stderr, "unable to parse port \"%s\"\n", optarg );
+				usage();
+			}
+			break;
+
+		case 'b':
+			if ( lud.lud_dn != NULL ) {
+				fprintf( stderr, "base already provided\n" );
+				usage();
+			}
+			lud.lud_dn = optarg;
+			break;
+
+		case 'a':
+			if ( lud.lud_attrs != NULL ) {
+				fprintf( stderr, "attrs already provided\n" );
+				usage();
+			}
+			lud.lud_attrs = ldap_str2charray( optarg, "," );
+			if ( lud.lud_attrs == NULL ) {
+				fprintf( stderr, "unable to parse attrs list \"%s\"\n", optarg );
+				usage();
+			}
+			break;
+
+		case 's':
+			if ( lud.lud_scope != -1 ) {
+				fprintf( stderr, "scope already provided\n" );
+				usage();
+			}
+
+			lud.lud_scope = ldap_pvt_str2scope( optarg );
+			if ( lud.lud_scope == -1 ) {
+				fprintf( stderr, "unable to parse scope \"%s\"\n", optarg );
+				usage();
+			}
+			break;
+
+		case 'f':
+			if ( lud.lud_filter != NULL ) {
+				fprintf( stderr, "filter already provided\n" );
+				usage();
+			}
+			lud.lud_filter = optarg;
+			break;
+
+		case 'E':
+			lud.lud_exts = (char **)realloc( lud.lud_exts,
+				sizeof( char * ) * ( nexts + 2 ) );
+			lud.lud_exts[ nexts++ ] = optarg;
+			lud.lud_exts[ nexts ] = NULL;
+			break;
+
+		default:
+			assert( opt != 'H' );
+			usage();
+		}
+	}
+
+	if ( uri != NULL ) {
+		return do_uri_explode( uri );
+
+	}
+
+	return do_uri_create( &lud );
+}

Modified: openldap/vendor/openldap-release/clients/tools/ldapwhoami.c
===================================================================
--- openldap/vendor/openldap-release/clients/tools/ldapwhoami.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/clients/tools/ldapwhoami.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapwhoami.c -- a tool for asking the directory "Who Am I?" */
-/* $OpenLDAP: pkg/ldap/clients/tools/ldapwhoami.c,v 1.42.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/clients/tools/ldapwhoami.c,v 1.42.2.5 2009/01/22 00:00:43 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1998-2001 Net Boolean Incorporated.
  * Portions Copyright 2001-2003 IBM Corporation.
@@ -62,7 +62,7 @@
 
 
 const char options[] = ""
-	"d:D:e:h:H:InO:o:p:QR:U:vVw:WxX:y:Y:Z";
+	"d:D:e:h:H:InNO:o:p:QR:U:vVw:WxX:y:Y:Z";
 
 int
 handle_private_option( int i )

Modified: openldap/vendor/openldap-release/configure
===================================================================
--- openldap/vendor/openldap-release/configure	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/configure	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,30 +1,59 @@
 #! /bin/sh
-# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.9 2008/02/11 23:26:37 kurt Exp .
+# From configure.in OpenLDAP: pkg/ldap/configure.in,v 1.631.2.21 2009/01/26 21:24:56 quanah Exp .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59.
+# Generated by GNU Autoconf 2.61.
 #
-# Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved.
+# Copyright 1998-2009 The OpenLDAP Foundation. All rights reserved.
 # Restrictions apply, see COPYRIGHT and LICENSE files.
 #
-# Copyright (C) 2003 Free Software Foundation, Inc.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
 # This configure script is free software; the Free Software Foundation
 # gives unlimited permission to copy, distribute and modify it.
 ## --------------------- ##
 ## M4sh Initialization.  ##
 ## --------------------- ##
 
-# Be Bourne compatible
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
   emulate sh
   NULLCMD=:
   # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
   # is contrary to our usage.  Disable this feature.
   alias -g '${1+"$@"}'='"$@"'
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
 fi
-DUALCASE=1; export DUALCASE # for MKS sh
 
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
 # Support unset when possible.
 if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
   as_unset=unset
@@ -33,8 +62,43 @@
 fi
 
 
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+as_nl='
+'
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
 # Work around bugs in pre-3.0 UWIN ksh.
-$as_unset ENV MAIL MAILPATH
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
 PS1='$ '
 PS2='> '
 PS4='+ '
@@ -48,18 +112,19 @@
   if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
     eval $as_var=C; export $as_var
   else
-    $as_unset $as_var
+    ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
   fi
 done
 
 # Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1; then
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
   as_expr=expr
 else
   as_expr=false
 fi
 
-if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
   as_basename=basename
 else
   as_basename=false
@@ -67,157 +132,388 @@
 
 
 # Name of the executable.
-as_me=`$as_basename "$0" ||
+as_me=`$as_basename -- "$0" ||
 $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
 	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
 echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
 
+# CDPATH.
+$as_unset CDPATH
 
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
 
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
 fi
 
+  if test $as_have_required = yes && 	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
 
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
 
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
     as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
 for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
 do
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
+  case $as_dir in
 	 /*)
-	   if ("$as_dir/$as_base" -c '
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
   as_lineno_1=$LINENO
   as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
   test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
-	     $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
 
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+        do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+        done
+        export CONFIG_SHELL
+        exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell autoconf at gnu.org about your system,
+  echo including any error possibly output before this
+  echo message
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
   # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
   # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that $LINENO is not a special case at line end.
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
   # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
     sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
       N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
       t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
+      s/-\n.*//
     ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
+  chmod +x "$as_me.lineno" ||
     { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
    { (exit 1); exit 1; }; }
 
   # Don't try to exec as it changes $[0], causing all sort of problems
   # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
   # Exit status is that of the last command.
   exit
 }
 
 
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
 esac
 
-if expr a : '\(a\)' >/dev/null 2>&1; then
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
   as_expr=expr
 else
   as_expr=false
 fi
 
 rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir
+fi
 echo >conf$$.file
 if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
+  as_ln_s='ln -s'
+  # ... but there are two gotchas:
+  # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+  # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+  # In both cases, we have to default to `cp -p'.
+  ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
     as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
 elif ln conf$$.file conf$$ 2>/dev/null; then
   as_ln_s=ln
 else
   as_ln_s='cp -p'
 fi
-rm -f conf$$ conf$$.exe conf$$.file
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
 
 if mkdir -p . 2>/dev/null; then
   as_mkdir_p=:
@@ -226,7 +522,28 @@
   as_mkdir_p=false
 fi
 
-as_executable_p="test -f"
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+        test -d "$1/.";
+      else
+	case $1 in
+        -*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
 
 # Sed expression to map a string onto a valid CPP name.
 as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -235,17 +552,8 @@
 as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
 
 
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
 
-# CDPATH.
-$as_unset CDPATH
 
-
-
 # Check that we are running under the correct shell.
 SHELL=${CONFIG_SHELL-/bin/sh}
 
@@ -395,29 +703,26 @@
 
 
 
+exec 7<&0 </dev/null 6>&1
+
 # Name of the host.
 # hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
 # so uname gets run too.
 ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
 
-exec 6>&1
-
 #
 # Initializations.
 #
 ac_default_prefix=/usr/local
+ac_clean_files=
 ac_config_libobj_dir=.
+LIBOBJS=
 cross_compiling=no
 subdirs=
 MFLAGS=
 MAKEFLAGS=
 SHELL=${CONFIG_SHELL-/bin/sh}
 
-# Maximum number of lines to put in a shell here document.
-# This variable seems obsolete.  It should probably be removed, and
-# only ac_max_sed_lines should be used.
-: ${ac_max_here_lines=38}
-
 # Identity of this package.
 PACKAGE_NAME=
 PACKAGE_TARNAME=
@@ -431,43 +736,239 @@
 # Factoring default headers for most tests.
 ac_includes_default="\
 #include <stdio.h>
-#if HAVE_SYS_TYPES_H
+#ifdef HAVE_SYS_TYPES_H
 # include <sys/types.h>
 #endif
-#if HAVE_SYS_STAT_H
+#ifdef HAVE_SYS_STAT_H
 # include <sys/stat.h>
 #endif
-#if STDC_HEADERS
+#ifdef STDC_HEADERS
 # include <stdlib.h>
 # include <stddef.h>
 #else
-# if HAVE_STDLIB_H
+# ifdef HAVE_STDLIB_H
 #  include <stdlib.h>
 # endif
 #endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
 #  include <memory.h>
 # endif
 # include <string.h>
 #endif
-#if HAVE_STRINGS_H
+#ifdef HAVE_STRINGS_H
 # include <strings.h>
 #endif
-#if HAVE_INTTYPES_H
+#ifdef HAVE_INTTYPES_H
 # include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-#  include <stdint.h>
-# endif
 #endif
-#if HAVE_UNISTD_H
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif"
 
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS build build_cpu build_vendor build_os host host_cpu host_vendor host_os target target_cpu target_vendor target_os INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar OPENLDAP_LIBRELEASE OPENLDAP_LIBVERSION OPENLDAP_RELEASE_DATE top_builddir ldap_subdir CC AR CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE EGREP LN_S ECHO ac_ct_AR RANLIB ac_ct_RANLIB DLLTOOL ac_ct_DLLTOOL AS ac_ct_AS OBJDUMP ac_ct_OBJDUMP CPP LIBTOOL PERLBIN OL_MKDEP OL_MKDEP_FLAGS LTSTATIC LIBOBJS LIBSRCS PLAT WITH_SASL WITH_TLS WITH_MODULES_ENABLED WITH_ACI_ENABLED BUILD_THREAD BUILD_LIBS_DYNAMIC BUILD_SLAPD BUILD_SLAPI SLAPD_SLAPI_DEPEND BUILD_BDB BUILD_DNSSRV BUILD_HDB BUILD_LDAP BUILD_META BUILD_MONITOR BUILD_NULL BUILD_PASSWD BUILD_RELAY BUILD_PERL BUILD_SHELL BUILD_SOCK BUILD_SQL BUILD_ACCESSLOG BUILD_AUDITLOG BUILD_CONSTRAINT BUILD_DDS BUILD_DENYOP BUILD_DYNGROUP BUILD_DYNLIST BUILD_LASTMOD BUILD_MEMBEROF BUILD_PPOLICY BUILD_PROXYCACHE BUILD_REFINT BUILD_RETCODE BUILD_RWM BUILD_SEQMOD BUILD_SYNCPROV BUILD_TRANSLUCENT BUILD_UNIQUE BUILD_VALSORT LDAP_LIBS SLAPD_LIBS BDB_LIBS LTHREAD_LIBS LUTIL_LIBS WRAP_LIBS SLAPD_MODULES_CPPFLAGS SLAPD_MODULES_LDFLAGS SLAPD_NO_STATIC SLAPD_STATIC_BACKENDS SLAPD_DYNAMIC_BACKENDS SLAPD_STATIC_OVERLAYS SLAPD_DYNAMIC_OVERLAYS PERL_CPPFLAGS SLAPD_PERL_LDFLAGS MOD_PERL_LDFLAGS KRB4_LIBS KRB5_LIBS SASL_LIBS TLS_LIBS MODULES_LIBS SLAPI_LIBS LIBSLAPI LIBSLAPITOOLS AUTH_LIBS ICU_LIBS SLAPD_SLP_LIBS SLAPD_GMP_LIBS SLAPD_SQL_LDFLAGS SLAPD_SQL_LIBS SLAPD_SQL_INCLUDES LTLIBOBJS'
+ac_subst_vars='SHELL
+PATH_SEPARATOR
+PACKAGE_NAME
+PACKAGE_TARNAME
+PACKAGE_VERSION
+PACKAGE_STRING
+PACKAGE_BUGREPORT
+exec_prefix
+prefix
+program_transform_name
+bindir
+sbindir
+libexecdir
+datarootdir
+datadir
+sysconfdir
+sharedstatedir
+localstatedir
+includedir
+oldincludedir
+docdir
+infodir
+htmldir
+dvidir
+pdfdir
+psdir
+libdir
+localedir
+mandir
+DEFS
+ECHO_C
+ECHO_N
+ECHO_T
+LIBS
+build_alias
+host_alias
+target_alias
+build
+build_cpu
+build_vendor
+build_os
+host
+host_cpu
+host_vendor
+host_os
+target
+target_cpu
+target_vendor
+target_os
+INSTALL_PROGRAM
+INSTALL_SCRIPT
+INSTALL_DATA
+CYGPATH_W
+PACKAGE
+VERSION
+ACLOCAL
+AUTOCONF
+AUTOMAKE
+AUTOHEADER
+MAKEINFO
+install_sh
+STRIP
+INSTALL_STRIP_PROGRAM
+mkdir_p
+AWK
+SET_MAKE
+am__leading_dot
+AMTAR
+am__tar
+am__untar
+OPENLDAP_LIBRELEASE
+OPENLDAP_LIBVERSION
+OPENLDAP_RELEASE_DATE
+top_builddir
+ldap_subdir
+CC
+AR
+CFLAGS
+LDFLAGS
+CPPFLAGS
+ac_ct_CC
+EXEEXT
+OBJEXT
+DEPDIR
+am__include
+am__quote
+AMDEP_TRUE
+AMDEP_FALSE
+AMDEPBACKSLASH
+CCDEPMODE
+am__fastdepCC_TRUE
+am__fastdepCC_FALSE
+GREP
+EGREP
+LN_S
+ECHO
+RANLIB
+DLLTOOL
+AS
+OBJDUMP
+CPP
+LIBTOOL
+PERLBIN
+OL_MKDEP
+OL_MKDEP_FLAGS
+LTSTATIC
+MYSQL
+LIBOBJS
+LIBSRCS
+PLAT
+WITH_SASL
+WITH_TLS
+WITH_MODULES_ENABLED
+WITH_ACI_ENABLED
+BUILD_THREAD
+BUILD_LIBS_DYNAMIC
+BUILD_SLAPD
+BUILD_SLAPI
+SLAPD_SLAPI_DEPEND
+BUILD_BDB
+BUILD_DNSSRV
+BUILD_HDB
+BUILD_LDAP
+BUILD_META
+BUILD_MONITOR
+BUILD_NDB
+BUILD_NULL
+BUILD_PASSWD
+BUILD_RELAY
+BUILD_PERL
+BUILD_SHELL
+BUILD_SOCK
+BUILD_SQL
+BUILD_ACCESSLOG
+BUILD_AUDITLOG
+BUILD_COLLECT
+BUILD_CONSTRAINT
+BUILD_DDS
+BUILD_DENYOP
+BUILD_DYNGROUP
+BUILD_DYNLIST
+BUILD_LASTMOD
+BUILD_MEMBEROF
+BUILD_PPOLICY
+BUILD_PROXYCACHE
+BUILD_REFINT
+BUILD_RETCODE
+BUILD_RWM
+BUILD_SEQMOD
+BUILD_SYNCPROV
+BUILD_TRANSLUCENT
+BUILD_UNIQUE
+BUILD_VALSORT
+LDAP_LIBS
+SLAPD_LIBS
+BDB_LIBS
+SLAPD_NDB_LIBS
+SLAPD_NDB_INCS
+LTHREAD_LIBS
+LUTIL_LIBS
+WRAP_LIBS
+SLAPD_MODULES_CPPFLAGS
+SLAPD_MODULES_LDFLAGS
+SLAPD_NO_STATIC
+SLAPD_STATIC_BACKENDS
+SLAPD_DYNAMIC_BACKENDS
+SLAPD_STATIC_OVERLAYS
+SLAPD_DYNAMIC_OVERLAYS
+PERL_CPPFLAGS
+SLAPD_PERL_LDFLAGS
+MOD_PERL_LDFLAGS
+KRB4_LIBS
+KRB5_LIBS
+SASL_LIBS
+GSSAPI_LIBS
+TLS_LIBS
+MODULES_LIBS
+SLAPI_LIBS
+LIBSLAPI
+LIBSLAPITOOLS
+AUTH_LIBS
+ICU_LIBS
+SLAPD_SLP_LIBS
+SLAPD_GMP_LIBS
+SLAPD_SQL_LDFLAGS
+SLAPD_SQL_LIBS
+SLAPD_SQL_INCLUDES
+LTLIBOBJS'
 ac_subst_files=''
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP'
 
+
 # Initialize some variables set by options.
 ac_init_help=
 ac_init_version=false
@@ -493,34 +994,48 @@
 # and all the variables that are supposed to be based on exec_prefix
 # by default will actually change.
 # Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
 bindir='${exec_prefix}/bin'
 sbindir='${exec_prefix}/sbin'
 libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
+docdir='${datarootdir}/doc/${PACKAGE}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
 
 ac_prev=
+ac_dashdash=
 for ac_option
 do
   # If the previous option needs an argument, assign it.
   if test -n "$ac_prev"; then
-    eval "$ac_prev=\$ac_option"
+    eval $ac_prev=\$ac_option
     ac_prev=
     continue
   fi
 
-  ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
 
   # Accept the important Cygnus configure options, so we can diagnose typos.
 
-  case $ac_option in
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
 
   -bindir | --bindir | --bindi | --bind | --bin | --bi)
     ac_prev=bindir ;;
@@ -542,33 +1057,45 @@
   --config-cache | -C)
     cache_file=config.cache ;;
 
-  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+  -datadir | --datadir | --datadi | --datad)
     ac_prev=datadir ;;
-  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
-  | --da=*)
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
     datadir=$ac_optarg ;;
 
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
   -disable-* | --disable-*)
     ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
     # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+    expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
       { echo "$as_me: error: invalid feature name: $ac_feature" >&2
    { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
-    eval "enable_$ac_feature=no" ;;
+    ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
+    eval enable_$ac_feature=no ;;
 
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
   -enable-* | --enable-*)
     ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
-    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+    expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
       { echo "$as_me: error: invalid feature name: $ac_feature" >&2
    { (exit 1); exit 1; }; }
-    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
-    case $ac_option in
-      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "enable_$ac_feature='$ac_optarg'" ;;
+    ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
+    eval enable_$ac_feature=\$ac_optarg ;;
 
   -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
   | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
@@ -595,6 +1122,12 @@
   -host=* | --host=* | --hos=* | --ho=*)
     host_alias=$ac_optarg ;;
 
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
   -includedir | --includedir | --includedi | --included | --include \
   | --includ | --inclu | --incl | --inc)
     ac_prev=includedir ;;
@@ -619,13 +1152,16 @@
   | --libexe=* | --libex=* | --libe=*)
     libexecdir=$ac_optarg ;;
 
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
   -localstatedir | --localstatedir | --localstatedi | --localstated \
-  | --localstate | --localstat | --localsta | --localst \
-  | --locals | --local | --loca | --loc | --lo)
+  | --localstate | --localstat | --localsta | --localst | --locals)
     ac_prev=localstatedir ;;
   -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
-  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
-  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
     localstatedir=$ac_optarg ;;
 
   -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
@@ -690,6 +1226,16 @@
   | --progr-tra=* | --program-tr=* | --program-t=*)
     program_transform_name=$ac_optarg ;;
 
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
   -q | -quiet | --quiet | --quie | --qui | --qu | --q \
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
@@ -742,24 +1288,20 @@
   -with-* | --with-*)
     ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
     # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+    expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
       { echo "$as_me: error: invalid package name: $ac_package" >&2
    { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package| sed 's/-/_/g'`
-    case $ac_option in
-      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
-      *) ac_optarg=yes ;;
-    esac
-    eval "with_$ac_package='$ac_optarg'" ;;
+    ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
+    eval with_$ac_package=\$ac_optarg ;;
 
   -without-* | --without-*)
     ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
     # Reject names that are not valid shell variable names.
-    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+    expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
       { echo "$as_me: error: invalid package name: $ac_package" >&2
    { (exit 1); exit 1; }; }
-    ac_package=`echo $ac_package | sed 's/-/_/g'`
-    eval "with_$ac_package=no" ;;
+    ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
+    eval with_$ac_package=no ;;
 
   --x)
     # Obsolete; use --with-x.
@@ -790,8 +1332,7 @@
     expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
       { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
    { (exit 1); exit 1; }; }
-    ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
-    eval "$ac_envvar='$ac_optarg'"
+    eval $ac_envvar=\$ac_optarg
     export $ac_envvar ;;
 
   *)
@@ -811,29 +1352,21 @@
    { (exit 1); exit 1; }; }
 fi
 
-# Be sure to have absolute paths.
-for ac_var in exec_prefix prefix
+# Be sure to have absolute directory names.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
 do
-  eval ac_val=$`echo $ac_var`
+  eval ac_val=\$$ac_var
   case $ac_val in
-    [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
-    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; };;
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
   esac
+  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
 done
 
-# Be sure to have absolute paths.
-for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
-	      localstatedir libdir includedir oldincludedir infodir mandir
-do
-  eval ac_val=$`echo $ac_var`
-  case $ac_val in
-    [\\/$]* | ?:[\\/]* ) ;;
-    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
-   { (exit 1); exit 1; }; };;
-  esac
-done
-
 # There might be people who depend on the old broken behavior: `$host'
 # used to hold the argument of --host etc.
 # FIXME: To remove some day.
@@ -858,74 +1391,76 @@
 test "$silent" = yes && exec 6>/dev/null
 
 
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { echo "$as_me: error: Working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
 # Find the source files, if location was not specified.
 if test -z "$srcdir"; then
   ac_srcdir_defaulted=yes
-  # Try the directory containing this script, then its parent.
-  ac_confdir=`(dirname "$0") 2>/dev/null ||
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$0" ||
 $as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X"$0" : 'X\(//\)[^/]' \| \
 	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
 echo X"$0" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
   srcdir=$ac_confdir
-  if test ! -r $srcdir/$ac_unique_file; then
+  if test ! -r "$srcdir/$ac_unique_file"; then
     srcdir=..
   fi
 else
   ac_srcdir_defaulted=no
 fi
-if test ! -r $srcdir/$ac_unique_file; then
-  if test "$ac_srcdir_defaulted" = yes; then
-    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
    { (exit 1); exit 1; }; }
-  else
-    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
-   { (exit 1); exit 1; }; }
-  fi
 fi
-(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
-  { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2
    { (exit 1); exit 1; }; }
-srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
-ac_env_build_alias_set=${build_alias+set}
-ac_env_build_alias_value=$build_alias
-ac_cv_env_build_alias_set=${build_alias+set}
-ac_cv_env_build_alias_value=$build_alias
-ac_env_host_alias_set=${host_alias+set}
-ac_env_host_alias_value=$host_alias
-ac_cv_env_host_alias_set=${host_alias+set}
-ac_cv_env_host_alias_value=$host_alias
-ac_env_target_alias_set=${target_alias+set}
-ac_env_target_alias_value=$target_alias
-ac_cv_env_target_alias_set=${target_alias+set}
-ac_cv_env_target_alias_value=$target_alias
-ac_env_CC_set=${CC+set}
-ac_env_CC_value=$CC
-ac_cv_env_CC_set=${CC+set}
-ac_cv_env_CC_value=$CC
-ac_env_CFLAGS_set=${CFLAGS+set}
-ac_env_CFLAGS_value=$CFLAGS
-ac_cv_env_CFLAGS_set=${CFLAGS+set}
-ac_cv_env_CFLAGS_value=$CFLAGS
-ac_env_LDFLAGS_set=${LDFLAGS+set}
-ac_env_LDFLAGS_value=$LDFLAGS
-ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
-ac_cv_env_LDFLAGS_value=$LDFLAGS
-ac_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_env_CPPFLAGS_value=$CPPFLAGS
-ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_cv_env_CPPFLAGS_value=$CPPFLAGS
-ac_env_CPP_set=${CPP+set}
-ac_env_CPP_value=$CPP
-ac_cv_env_CPP_set=${CPP+set}
-ac_cv_env_CPP_value=$CPP
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
 
 #
 # Report the --help message.
@@ -954,9 +1489,6 @@
   -n, --no-create         do not create output files
       --srcdir=DIR        find the sources in DIR [configure dir or \`..']
 
-_ACEOF
-
-  cat <<_ACEOF
 Installation directories:
   --prefix=PREFIX         install architecture-independent files in PREFIX
 			  [$ac_default_prefix]
@@ -974,15 +1506,22 @@
   --bindir=DIR           user executables [EPREFIX/bin]
   --sbindir=DIR          system admin executables [EPREFIX/sbin]
   --libexecdir=DIR       program executables [EPREFIX/libexec]
-  --datadir=DIR          read-only architecture-independent data [PREFIX/share]
   --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
   --libdir=DIR           object code libraries [EPREFIX/lib]
   --includedir=DIR       C header files [PREFIX/include]
   --oldincludedir=DIR    C header files for non-gcc [/usr/include]
-  --infodir=DIR          info documentation [PREFIX/info]
-  --mandir=DIR           man documentation [PREFIX/man]
+  --datarootdir=DIR      read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR          read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR          info documentation [DATAROOTDIR/info]
+  --localedir=DIR        locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR           man documentation [DATAROOTDIR/man]
+  --docdir=DIR           documentation root [DATAROOTDIR/doc/PACKAGE]
+  --htmldir=DIR          html documentation [DOCDIR]
+  --dvidir=DIR           dvi documentation [DOCDIR]
+  --pdfdir=DIR           pdf documentation [DOCDIR]
+  --psdir=DIR            ps documentation [DOCDIR]
 _ACEOF
 
   cat <<\_ACEOF
@@ -1036,6 +1575,7 @@
     --enable-ldap	  enable ldap backend no|yes|mod [no]
     --enable-meta	  enable metadirectory backend no|yes|mod [no]
     --enable-monitor	  enable monitor backend no|yes|mod [yes]
+    --enable-ndb	  enable MySQL NDB Cluster backend no|yes|mod [no]
     --enable-null	  enable null backend no|yes|mod [no]
     --enable-passwd	  enable passwd backend no|yes|mod [no]
     --enable-perl	  enable perl backend no|yes|mod [no]
@@ -1048,8 +1588,10 @@
     --enable-overlays	  enable all available overlays no|yes|mod
     --enable-accesslog	  In-Directory Access Logging overlay no|yes|mod [no]
     --enable-auditlog	  Audit Logging overlay no|yes|mod [no]
+    --enable-collect	  Collect overlay no|yes|mod [no]
     --enable-constraint	  Attribute Constraint overlay no|yes|mod [no]
     --enable-dds  	  Dynamic Directory Services overlay no|yes|mod [no]
+    --enable-deref	  Dereference overlay no|yes|mod [no]
     --enable-dyngroup	  Dynamic Group overlay no|yes|mod [no]
     --enable-dynlist	  Dynamic List overlay no|yes|mod [no]
     --enable-memberof	  Reverse Group Membership overlay no|yes|mod [no]
@@ -1065,10 +1607,8 @@
     --enable-valsort      Value Sorting overlay no|yes|mod [no]
 
 Library Generation & Linking Options
-  --enable-static[=PKGS]
-                          build static libraries [default=yes]
-  --enable-shared[=PKGS]
-                          build shared libraries [default=yes]
+  --enable-static[=PKGS]  build static libraries [default=yes]
+  --enable-shared[=PKGS]  build shared libraries [default=yes]
   --enable-fast-install[=PKGS]
                           optimize for fast installation [default=yes]
   --disable-dependency-tracking  speeds up one-time build
@@ -1081,16 +1621,16 @@
   --with-subdir=DIR       change default subdirectory used for installs
   --with-cyrus-sasl	  with Cyrus SASL support [auto]
   --with-fetch		  with fetch(3) URL support [auto]
+  --with-gssapi		  with GSSAPI support [auto]
   --with-threads	  with threads [auto]
   --with-tls		  with TLS/SSL support auto|openssl|gnutls [auto]
   --with-yielding-select  with implicitly yielding select [auto]
   --with-mp               with multiple precision statistics auto|longlong|long|bignum|gmp [auto]
-  --with-odbc             with specific ODBC support iodbc|unixodbc|auto [auto]
+  --with-odbc             with specific ODBC support iodbc|unixodbc|odbc32|auto [auto]
   --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
   --with-pic              try to use only PIC/non-PIC objects [default=use
                           both]
-  --with-tags[=TAGS]
-                          include additional configurations [automatic]
+  --with-tags[=TAGS]      include additional configurations [automatic]
 
 See INSTALL file for further details.
 
@@ -1099,129 +1639,98 @@
   CFLAGS      C compiler flags
   LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
               nonstandard directory <lib dir>
-  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
-              headers in a nonstandard directory <include dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
   CPP         C preprocessor
 
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
 _ACEOF
+ac_status=$?
 fi
 
 if test "$ac_init_help" = "recursive"; then
   # If there are subdirs, report their specific --help.
-  ac_popdir=`pwd`
   for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
-    test -d $ac_dir || continue
+    test -d "$ac_dir" || continue
     ac_builddir=.
 
-if test "$ac_dir" != .; then
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
   ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
 
 case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
+  .)  # We are building in place.
     ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
     ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
 esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
 
-# Do not use `cd foo && pwd` to compute absolute paths, because
-# the directories may not exist.
-case `pwd` in
-.) ac_abs_builddir="$ac_dir";;
-*)
-  case "$ac_dir" in
-  .) ac_abs_builddir=`pwd`;;
-  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
-  *) ac_abs_builddir=`pwd`/"$ac_dir";;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_builddir=${ac_top_builddir}.;;
-*)
-  case ${ac_top_builddir}. in
-  .) ac_abs_top_builddir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
-  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_srcdir=$ac_srcdir;;
-*)
-  case $ac_srcdir in
-  .) ac_abs_srcdir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
-  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_srcdir=$ac_top_srcdir;;
-*)
-  case $ac_top_srcdir in
-  .) ac_abs_top_srcdir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
-  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
-  esac;;
-esac
-
-    cd $ac_dir
-    # Check for guested configure; otherwise get Cygnus style configure.
-    if test -f $ac_srcdir/configure.gnu; then
-      echo
-      $SHELL $ac_srcdir/configure.gnu  --help=recursive
-    elif test -f $ac_srcdir/configure; then
-      echo
-      $SHELL $ac_srcdir/configure  --help=recursive
-    elif test -f $ac_srcdir/configure.ac ||
-	   test -f $ac_srcdir/configure.in; then
-      echo
-      $ac_configure --help
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
     else
       echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
-    fi
-    cd $ac_popdir
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
   done
 fi
 
-test -n "$ac_init_help" && exit 0
+test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
+configure
+generated by GNU Autoconf 2.61
 
-Copyright (C) 2003 Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 
-Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 1998-2009 The OpenLDAP Foundation. All rights reserved.
 Restrictions apply, see COPYRIGHT and LICENSE files.
 _ACEOF
-  exit 0
+  exit
 fi
-exec 5>config.log
-cat >&5 <<_ACEOF
+cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
 It was created by $as_me, which was
-generated by GNU Autoconf 2.59.  Invocation command line was
+generated by GNU Autoconf 2.61.  Invocation command line was
 
   $ $0 $@
 
 _ACEOF
+exec 5>>config.log
 {
 cat <<_ASUNAME
 ## --------- ##
@@ -1240,7 +1749,7 @@
 /bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
 /usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
 /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-hostinfo               = `(hostinfo) 2>/dev/null               || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
 /bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
 /usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
 /bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
@@ -1254,6 +1763,7 @@
   test -z "$as_dir" && as_dir=.
   echo "PATH: $as_dir"
 done
+IFS=$as_save_IFS
 
 } >&5
 
@@ -1275,7 +1785,6 @@
 ac_configure_args=
 ac_configure_args0=
 ac_configure_args1=
-ac_sep=
 ac_must_keep_next=false
 for ac_pass in 1 2
 do
@@ -1286,7 +1795,7 @@
     -q | -quiet | --quiet | --quie | --qui | --qu | --q \
     | -silent | --silent | --silen | --sile | --sil)
       continue ;;
-    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+    *\'*)
       ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
     esac
     case $ac_pass in
@@ -1308,9 +1817,7 @@
 	  -* ) ac_must_keep_next=true ;;
 	esac
       fi
-      ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
-      # Get rid of the leading space.
-      ac_sep=" "
+      ac_configure_args="$ac_configure_args '$ac_arg'"
       ;;
     esac
   done
@@ -1321,8 +1828,8 @@
 # When interrupted or exit'd, cleanup temporary files, and complete
 # config.log.  We remove comments because anyway the quotes in there
 # would cause problems or look ugly.
-# WARNING: Be sure not to use single quotes in there, as some shells,
-# such as our DU 5.0 friend, will then `close' the trap.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
 trap 'exit_status=$?
   # Save into config.log some information that might help in debugging.
   {
@@ -1335,20 +1842,34 @@
 _ASBOX
     echo
     # The following way of writing the cache mishandles newlines in values,
-{
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
+echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
   (set) 2>&1 |
-    case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
-    *ac_space=\ *)
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
       sed -n \
-	"s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
-	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
-      ;;
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
     *)
-      sed -n \
-	"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
       ;;
-    esac;
-}
+    esac |
+    sort
+)
     echo
 
     cat <<\_ASBOX
@@ -1359,22 +1880,28 @@
     echo
     for ac_var in $ac_subst_vars
     do
-      eval ac_val=$`echo $ac_var`
-      echo "$ac_var='"'"'$ac_val'"'"'"
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      echo "$ac_var='\''$ac_val'\''"
     done | sort
     echo
 
     if test -n "$ac_subst_files"; then
       cat <<\_ASBOX
-## ------------- ##
-## Output files. ##
-## ------------- ##
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
 _ASBOX
       echo
       for ac_var in $ac_subst_files
       do
-	eval ac_val=$`echo $ac_var`
-	echo "$ac_var='"'"'$ac_val'"'"'"
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	echo "$ac_var='\''$ac_val'\''"
       done | sort
       echo
     fi
@@ -1386,26 +1913,24 @@
 ## ----------- ##
 _ASBOX
       echo
-      sed "/^$/d" confdefs.h | sort
+      cat confdefs.h
       echo
     fi
     test "$ac_signal" != 0 &&
       echo "$as_me: caught signal $ac_signal"
     echo "$as_me: exit $exit_status"
   } >&5
-  rm -f core *.core &&
-  rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
     exit $exit_status
-     ' 0
+' 0
 for ac_signal in 1 2 13 15; do
   trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
 done
 ac_signal=0
 
 # confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo >confdefs.h
+rm -f -r conftest* confdefs.h
 
 # Predefined preprocessor variables.
 
@@ -1436,14 +1961,17 @@
 
 # Let the site file select an alternate cache file if it wants to.
 # Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
-  if test "x$prefix" != xNONE; then
-    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
-  else
-    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-  fi
+if test -n "$CONFIG_SITE"; then
+  set x "$CONFIG_SITE"
+elif test "x$prefix" != xNONE; then
+  set x "$prefix/share/config.site" "$prefix/etc/config.site"
+else
+  set x "$ac_default_prefix/share/config.site" \
+	"$ac_default_prefix/etc/config.site"
 fi
-for ac_site_file in $CONFIG_SITE; do
+shift
+for ac_site_file
+do
   if test -r "$ac_site_file"; then
     { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
 echo "$as_me: loading site script $ac_site_file" >&6;}
@@ -1456,12 +1984,11 @@
 # Check that the precious variables saved in the cache have kept the same
 # value.
 ac_cache_corrupted=false
-for ac_var in `(set) 2>&1 |
-	       sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
+for ac_var in $ac_precious_vars; do
   eval ac_old_set=\$ac_cv_env_${ac_var}_set
   eval ac_new_set=\$ac_env_${ac_var}_set
-  eval ac_old_val="\$ac_cv_env_${ac_var}_value"
-  eval ac_new_val="\$ac_env_${ac_var}_value"
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
   case $ac_old_set,$ac_new_set in
     set,)
       { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
@@ -1486,8 +2013,7 @@
   # Pass precious variables to config.status.
   if test "$ac_new_set" = set; then
     case $ac_new_val in
-    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
-      ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
     *) ac_arg=$ac_var=$ac_new_val ;;
     esac
     case " $ac_configure_args " in
@@ -1504,11 +2030,6 @@
    { (exit 1); exit 1; }; }
 fi
 
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
@@ -1525,6 +2046,11 @@
 
 
 
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
@@ -1552,31 +2078,38 @@
 
 
 
+
 ac_aux_dir=
-for ac_dir in build $srcdir/build; do
-  if test -f $ac_dir/install-sh; then
+for ac_dir in build "$srcdir"/build; do
+  if test -f "$ac_dir/install-sh"; then
     ac_aux_dir=$ac_dir
     ac_install_sh="$ac_aux_dir/install-sh -c"
     break
-  elif test -f $ac_dir/install.sh; then
+  elif test -f "$ac_dir/install.sh"; then
     ac_aux_dir=$ac_dir
     ac_install_sh="$ac_aux_dir/install.sh -c"
     break
-  elif test -f $ac_dir/shtool; then
+  elif test -f "$ac_dir/shtool"; then
     ac_aux_dir=$ac_dir
     ac_install_sh="$ac_aux_dir/shtool install -c"
     break
   fi
 done
 if test -z "$ac_aux_dir"; then
-  { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in build $srcdir/build" >&5
-echo "$as_me: error: cannot find install-sh or install.sh in build $srcdir/build" >&2;}
+  { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in build \"$srcdir\"/build" >&5
+echo "$as_me: error: cannot find install-sh or install.sh in build \"$srcdir\"/build" >&2;}
    { (exit 1); exit 1; }; }
 fi
-ac_config_guess="$SHELL $ac_aux_dir/config.guess"
-ac_config_sub="$SHELL $ac_aux_dir/config.sub"
-ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
 
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
 eval `$ac_aux_dir/version.sh`
 if test -z "$OL_STRING"; then
 	{ { echo "$as_me:$LINENO: error: could not determine version" >&5
@@ -1608,79 +2141,123 @@
 echo "Configuring ${TB}${OL_STRING}${TN} ${OPENLDAP_CVS}..."
 
 # Make sure we can run config.sub.
-$ac_config_sub sun4 >/dev/null 2>&1 ||
-  { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
-echo "$as_me: error: cannot run $ac_config_sub" >&2;}
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
    { (exit 1); exit 1; }; }
 
-echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking build system type" >&5
+echo $ECHO_N "checking build system type... $ECHO_C" >&6; }
 if test "${ac_cv_build+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  ac_cv_build_alias=$build_alias
-test -z "$ac_cv_build_alias" &&
-  ac_cv_build_alias=`$ac_config_guess`
-test -z "$ac_cv_build_alias" &&
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
   { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
 echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
    { (exit 1); exit 1; }; }
-ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
-  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
    { (exit 1); exit 1; }; }
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+echo "${ECHO_T}$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
 build=$ac_cv_build
-build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
 
 
-echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking host system type" >&5
+echo $ECHO_N "checking host system type... $ECHO_C" >&6; }
 if test "${ac_cv_host+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  ac_cv_host_alias=$host_alias
-test -z "$ac_cv_host_alias" &&
-  ac_cv_host_alias=$ac_cv_build_alias
-ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
-  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
    { (exit 1); exit 1; }; }
+fi
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+echo "${ECHO_T}$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
 host=$ac_cv_host
-host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
 
 
-echo "$as_me:$LINENO: checking target system type" >&5
-echo $ECHO_N "checking target system type... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking target system type" >&5
+echo $ECHO_N "checking target system type... $ECHO_C" >&6; }
 if test "${ac_cv_target+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  ac_cv_target_alias=$target_alias
-test "x$ac_cv_target_alias" = "x" &&
-  ac_cv_target_alias=$ac_cv_host_alias
-ac_cv_target=`$ac_config_sub $ac_cv_target_alias` ||
-  { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_target_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_target_alias failed" >&2;}
+  if test "x$target_alias" = x; then
+  ac_cv_target=$ac_cv_host
+else
+  ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` ||
+    { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&5
+echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $target_alias failed" >&2;}
    { (exit 1); exit 1; }; }
+fi
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_target" >&5
-echo "${ECHO_T}$ac_cv_target" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_target" >&5
+echo "${ECHO_T}$ac_cv_target" >&6; }
+case $ac_cv_target in
+*-*-*) ;;
+*) { { echo "$as_me:$LINENO: error: invalid value of canonical target" >&5
+echo "$as_me: error: invalid value of canonical target" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
 target=$ac_cv_target
-target_cpu=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-target_vendor=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-target_os=`echo $ac_cv_target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_target
+shift
+target_cpu=$1
+target_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+target_os=$*
+IFS=$ac_save_IFS
+case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac
 
 
 # The aliases save the names the user supplied, while $host etc.
@@ -1704,8 +2281,8 @@
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # OS/2's system install, which has a completely different semantic
 # ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; }
 if test -z "$INSTALL"; then
 if test "${ac_cv_path_install+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1727,7 +2304,7 @@
     # by default.
     for ac_prog in ginstall scoinst install; do
       for ac_exec_ext in '' $ac_executable_extensions; do
-	if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
 	  if test $ac_prog = install &&
 	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
 	    # AIX install.  It has an incompatible calling convention.
@@ -1746,21 +2323,22 @@
     ;;
 esac
 done
+IFS=$as_save_IFS
 
 
 fi
   if test "${ac_cv_path_install+set}" = set; then
     INSTALL=$ac_cv_path_install
   else
-    # As a last resort, use the slow shell script.  We don't cache a
-    # path for INSTALL within a source directory, because that will
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
     # break other packages using the cache if that directory is
-    # removed, or if the path is relative.
+    # removed, or if the value is a relative name.
     INSTALL=$ac_install_sh
   fi
 fi
-echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6
+{ echo "$as_me:$LINENO: result: $INSTALL" >&5
+echo "${ECHO_T}$INSTALL" >&6; }
 
 # Use test -z because SunOS4 sh mishandles braces in ${var-val}.
 # It thinks the first close brace ends the variable substitution.
@@ -1770,8 +2348,8 @@
 
 test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
-echo "$as_me:$LINENO: checking whether build environment is sane" >&5
-echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; }
 # Just in case
 sleep 1
 echo timestamp > conftest.file
@@ -1813,20 +2391,20 @@
 Check your system clock" >&2;}
    { (exit 1); exit 1; }; }
 fi
-echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+{ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
 test "$program_prefix" != NONE &&
-  program_transform_name="s,^,$program_prefix,;$program_transform_name"
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
 # Use a double $ so make ignores it.
 test "$program_suffix" != NONE &&
-  program_transform_name="s,\$,$program_suffix,;$program_transform_name"
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
 # Double any \ or $.  echo might interpret backslashes.
 # By default was `s,x,x', remove it if useless.
 cat <<\_ACEOF >conftest.sed
 s/[\\$]/&&/g;s/;s,x,x,$//
 _ACEOF
 program_transform_name=`echo $program_transform_name | sed -f conftest.sed`
-rm conftest.sed
+rm -f conftest.sed
 
 # expand $ac_aux_dir to an absolute path
 am_aux_dir=`cd $ac_aux_dir && pwd`
@@ -1878,8 +2456,8 @@
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_AWK+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -1892,54 +2470,57 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_AWK="$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 AWK=$ac_cv_prog_AWK
 if test -n "$AWK"; then
-  echo "$as_me:$LINENO: result: $AWK" >&5
-echo "${ECHO_T}$AWK" >&6
+  { echo "$as_me:$LINENO: result: $AWK" >&5
+echo "${ECHO_T}$AWK" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   test -n "$AWK" && break
 done
 
-echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6
-set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'`
-if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; }
+set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
 all:
-	@echo 'ac_maketemp="$(MAKE)"'
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
 _ACEOF
 # GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=`
-if test -n "$ac_maketemp"; then
-  eval ac_cv_prog_make_${ac_make}_set=yes
-else
-  eval ac_cv_prog_make_${ac_make}_set=no
-fi
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
 rm -f conftest.make
 fi
-if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
   SET_MAKE=
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
   SET_MAKE="MAKE=${MAKE-make}"
 fi
 
@@ -2001,8 +2582,8 @@
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
 set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_STRIP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -2015,32 +2596,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_STRIP="${ac_tool_prefix}strip"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
-  echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6
+  { echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_STRIP"; then
   ac_ct_STRIP=$STRIP
   # Extract the first word of "strip", so it can be a program name with args.
 set dummy strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -2053,27 +2636,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_STRIP="strip"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
 fi
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  STRIP=$ac_ct_STRIP
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
 else
   STRIP="$ac_cv_prog_STRIP"
 fi
@@ -2136,15 +2733,15 @@
 
 
 
-          ac_config_headers="$ac_config_headers include/portable.h:include/portable.hin"
+ac_config_headers="$ac_config_headers include/portable.h:include/portable.hin"
 
-          ac_config_headers="$ac_config_headers include/ldap_features.h:include/ldap_features.hin"
+ac_config_headers="$ac_config_headers include/ldap_features.h:include/ldap_features.hin"
 
-          ac_config_headers="$ac_config_headers include/lber_types.h:include/lber_types.hin"
+ac_config_headers="$ac_config_headers include/lber_types.h:include/lber_types.hin"
 
 
-echo "$as_me:$LINENO: checking configure arguments" >&5
-echo $ECHO_N "checking configure arguments... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking configure arguments" >&5
+echo $ECHO_N "checking configure arguments... $ECHO_C" >&6; }
 
 
 top_builddir=`pwd`
@@ -2152,10 +2749,9 @@
 ldap_subdir="/openldap"
 
 
-# Check whether --with-subdir or --without-subdir was given.
+# Check whether --with-subdir was given.
 if test "${with_subdir+set}" = set; then
-  withval="$with_subdir"
-  case "$withval" in
+  withval=$with_subdir; case "$withval" in
 	no) ldap_subdir=""
 		;;
 	yes)
@@ -2168,14 +2764,14 @@
 		;;
 esac
 
-fi;
+fi
 
+
 # OpenLDAP --enable-debug
 
-	# Check whether --enable-debug or --disable-debug was given.
+	# Check whether --enable-debug was given.
 if test "${enable_debug+set}" = set; then
-  enableval="$enable_debug"
-
+  enableval=$enable_debug;
 	ol_arg=invalid
 	for ol_val in no yes traditional ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2191,14 +2787,14 @@
 
 else
   	ol_enable_debug=yes
-fi;
+fi
+
 # end --enable-debug
 # OpenLDAP --enable-dynamic
 
-	# Check whether --enable-dynamic or --disable-dynamic was given.
+	# Check whether --enable-dynamic was given.
 if test "${enable_dynamic+set}" = set; then
-  enableval="$enable_dynamic"
-
+  enableval=$enable_dynamic;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2214,14 +2810,14 @@
 
 else
   	ol_enable_dynamic=no
-fi;
+fi
+
 # end --enable-dynamic
 # OpenLDAP --enable-syslog
 
-	# Check whether --enable-syslog or --disable-syslog was given.
+	# Check whether --enable-syslog was given.
 if test "${enable_syslog+set}" = set; then
-  enableval="$enable_syslog"
-
+  enableval=$enable_syslog;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2237,14 +2833,14 @@
 
 else
   	ol_enable_syslog=auto
-fi;
+fi
+
 # end --enable-syslog
 # OpenLDAP --enable-proctitle
 
-	# Check whether --enable-proctitle or --disable-proctitle was given.
+	# Check whether --enable-proctitle was given.
 if test "${enable_proctitle+set}" = set; then
-  enableval="$enable_proctitle"
-
+  enableval=$enable_proctitle;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2260,15 +2856,15 @@
 
 else
   	ol_enable_proctitle=yes
-fi;
+fi
+
 # end --enable-proctitle
 ol_enable_referrals=${ol_enable_referrals-no}
 # OpenLDAP --enable-ipv6
 
-	# Check whether --enable-ipv6 or --disable-ipv6 was given.
+	# Check whether --enable-ipv6 was given.
 if test "${enable_ipv6+set}" = set; then
-  enableval="$enable_ipv6"
-
+  enableval=$enable_ipv6;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2284,14 +2880,14 @@
 
 else
   	ol_enable_ipv6=auto
-fi;
+fi
+
 # end --enable-ipv6
 # OpenLDAP --enable-local
 
-	# Check whether --enable-local or --disable-local was given.
+	# Check whether --enable-local was given.
 if test "${enable_local+set}" = set; then
-  enableval="$enable_local"
-
+  enableval=$enable_local;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2307,15 +2903,15 @@
 
 else
   	ol_enable_local=auto
-fi;
+fi
+
 # end --enable-local
 
 # OpenLDAP --with-cyrus_sasl
 
-# Check whether --with-cyrus_sasl or --without-cyrus_sasl was given.
+# Check whether --with-cyrus_sasl was given.
 if test "${with_cyrus_sasl+set}" = set; then
-  withval="$with_cyrus_sasl"
-
+  withval=$with_cyrus_sasl;
 	ol_arg=invalid
 	for ol_val in auto yes no  ; do
 		if test "$withval" = "$ol_val" ; then
@@ -2331,14 +2927,14 @@
 
 else
   	ol_with_cyrus_sasl="auto"
-fi; # end --with-cyrus_sasl
+fi
+# end --with-cyrus_sasl
 
 # OpenLDAP --with-fetch
 
-# Check whether --with-fetch or --without-fetch was given.
+# Check whether --with-fetch was given.
 if test "${with_fetch+set}" = set; then
-  withval="$with_fetch"
-
+  withval=$with_fetch;
 	ol_arg=invalid
 	for ol_val in auto yes no  ; do
 		if test "$withval" = "$ol_val" ; then
@@ -2354,14 +2950,37 @@
 
 else
   	ol_with_fetch="auto"
-fi; # end --with-fetch
+fi
+# end --with-fetch
 
+# OpenLDAP --with-gssapi
+
+# Check whether --with-gssapi was given.
+if test "${with_gssapi+set}" = set; then
+  withval=$with_gssapi;
+	ol_arg=invalid
+	for ol_val in auto yes no  ; do
+		if test "$withval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		{ { echo "$as_me:$LINENO: error: bad value $withval for --with-gssapi" >&5
+echo "$as_me: error: bad value $withval for --with-gssapi" >&2;}
+   { (exit 1); exit 1; }; }
+	fi
+	ol_with_gssapi="$ol_arg"
+
+else
+  	ol_with_gssapi="auto"
+fi
+# end --with-gssapi
+
 # OpenLDAP --with-threads
 
-# Check whether --with-threads or --without-threads was given.
+# Check whether --with-threads was given.
 if test "${with_threads+set}" = set; then
-  withval="$with_threads"
-
+  withval=$with_threads;
 	ol_arg=invalid
 	for ol_val in auto nt posix mach pth lwp yes no manual  ; do
 		if test "$withval" = "$ol_val" ; then
@@ -2377,14 +2996,14 @@
 
 else
   	ol_with_threads="auto"
-fi; # end --with-threads
+fi
+# end --with-threads
 
 # OpenLDAP --with-tls
 
-# Check whether --with-tls or --without-tls was given.
+# Check whether --with-tls was given.
 if test "${with_tls+set}" = set; then
-  withval="$with_tls"
-
+  withval=$with_tls;
 	ol_arg=invalid
 	for ol_val in auto openssl gnutls yes no  ; do
 		if test "$withval" = "$ol_val" ; then
@@ -2400,14 +3019,14 @@
 
 else
   	ol_with_tls="auto"
-fi; # end --with-tls
+fi
+# end --with-tls
 
 # OpenLDAP --with-yielding_select
 
-# Check whether --with-yielding_select or --without-yielding_select was given.
+# Check whether --with-yielding_select was given.
 if test "${with_yielding_select+set}" = set; then
-  withval="$with_yielding_select"
-
+  withval=$with_yielding_select;
 	ol_arg=invalid
 	for ol_val in auto yes no manual  ; do
 		if test "$withval" = "$ol_val" ; then
@@ -2423,14 +3042,14 @@
 
 else
   	ol_with_yielding_select="auto"
-fi; # end --with-yielding_select
+fi
+# end --with-yielding_select
 
 # OpenLDAP --with-mp
 
-# Check whether --with-mp or --without-mp was given.
+# Check whether --with-mp was given.
 if test "${with_mp+set}" = set; then
-  withval="$with_mp"
-
+  withval=$with_mp;
 	ol_arg=invalid
 	for ol_val in auto longlong long bignum gmp yes no ; do
 		if test "$withval" = "$ol_val" ; then
@@ -2446,16 +3065,16 @@
 
 else
   	ol_with_mp="auto"
-fi; # end --with-mp
+fi
+# end --with-mp
 
 # OpenLDAP --with-odbc
 
-# Check whether --with-odbc or --without-odbc was given.
+# Check whether --with-odbc was given.
 if test "${with_odbc+set}" = set; then
-  withval="$with_odbc"
-
+  withval=$with_odbc;
 	ol_arg=invalid
-	for ol_val in auto iodbc unixodbc  ; do
+	for ol_val in auto iodbc unixodbc odbc32  ; do
 		if test "$withval" = "$ol_val" ; then
 			ol_arg="$ol_val"
 		fi
@@ -2469,21 +3088,21 @@
 
 else
   	ol_with_odbc="auto"
-fi; # end --with-odbc
+fi
+# end --with-odbc
 
 
 
-# Check whether --enable-xxslapdoptions or --disable-xxslapdoptions was given.
+# Check whether --enable-xxslapdoptions was given.
 if test "${enable_xxslapdoptions+set}" = set; then
-  enableval="$enable_xxslapdoptions"
+  enableval=$enable_xxslapdoptions;
+fi
 
-fi;
 # OpenLDAP --enable-slapd
 
-	# Check whether --enable-slapd or --disable-slapd was given.
+	# Check whether --enable-slapd was given.
 if test "${enable_slapd+set}" = set; then
-  enableval="$enable_slapd"
-
+  enableval=$enable_slapd;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2499,14 +3118,14 @@
 
 else
   	ol_enable_slapd=yes
-fi;
+fi
+
 # end --enable-slapd
 # OpenLDAP --enable-dynacl
 
-	# Check whether --enable-dynacl or --disable-dynacl was given.
+	# Check whether --enable-dynacl was given.
 if test "${enable_dynacl+set}" = set; then
-  enableval="$enable_dynacl"
-
+  enableval=$enable_dynacl;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2522,14 +3141,14 @@
 
 else
   	ol_enable_dynacl=no
-fi;
+fi
+
 # end --enable-dynacl
 # OpenLDAP --enable-aci
 
-	# Check whether --enable-aci or --disable-aci was given.
+	# Check whether --enable-aci was given.
 if test "${enable_aci+set}" = set; then
-  enableval="$enable_aci"
-
+  enableval=$enable_aci;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2545,14 +3164,14 @@
 
 else
   	ol_enable_aci=no
-fi;
+fi
+
 # end --enable-aci
 # OpenLDAP --enable-cleartext
 
-	# Check whether --enable-cleartext or --disable-cleartext was given.
+	# Check whether --enable-cleartext was given.
 if test "${enable_cleartext+set}" = set; then
-  enableval="$enable_cleartext"
-
+  enableval=$enable_cleartext;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2568,14 +3187,14 @@
 
 else
   	ol_enable_cleartext=yes
-fi;
+fi
+
 # end --enable-cleartext
 # OpenLDAP --enable-crypt
 
-	# Check whether --enable-crypt or --disable-crypt was given.
+	# Check whether --enable-crypt was given.
 if test "${enable_crypt+set}" = set; then
-  enableval="$enable_crypt"
-
+  enableval=$enable_crypt;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2591,14 +3210,14 @@
 
 else
   	ol_enable_crypt=no
-fi;
+fi
+
 # end --enable-crypt
 # OpenLDAP --enable-lmpasswd
 
-	# Check whether --enable-lmpasswd or --disable-lmpasswd was given.
+	# Check whether --enable-lmpasswd was given.
 if test "${enable_lmpasswd+set}" = set; then
-  enableval="$enable_lmpasswd"
-
+  enableval=$enable_lmpasswd;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2614,14 +3233,14 @@
 
 else
   	ol_enable_lmpasswd=no
-fi;
+fi
+
 # end --enable-lmpasswd
 # OpenLDAP --enable-spasswd
 
-	# Check whether --enable-spasswd or --disable-spasswd was given.
+	# Check whether --enable-spasswd was given.
 if test "${enable_spasswd+set}" = set; then
-  enableval="$enable_spasswd"
-
+  enableval=$enable_spasswd;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2637,14 +3256,14 @@
 
 else
   	ol_enable_spasswd=no
-fi;
+fi
+
 # end --enable-spasswd
 # OpenLDAP --enable-modules
 
-	# Check whether --enable-modules or --disable-modules was given.
+	# Check whether --enable-modules was given.
 if test "${enable_modules+set}" = set; then
-  enableval="$enable_modules"
-
+  enableval=$enable_modules;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2660,14 +3279,14 @@
 
 else
   	ol_enable_modules=no
-fi;
+fi
+
 # end --enable-modules
 # OpenLDAP --enable-rewrite
 
-	# Check whether --enable-rewrite or --disable-rewrite was given.
+	# Check whether --enable-rewrite was given.
 if test "${enable_rewrite+set}" = set; then
-  enableval="$enable_rewrite"
-
+  enableval=$enable_rewrite;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2683,14 +3302,14 @@
 
 else
   	ol_enable_rewrite=auto
-fi;
+fi
+
 # end --enable-rewrite
 # OpenLDAP --enable-rlookups
 
-	# Check whether --enable-rlookups or --disable-rlookups was given.
+	# Check whether --enable-rlookups was given.
 if test "${enable_rlookups+set}" = set; then
-  enableval="$enable_rlookups"
-
+  enableval=$enable_rlookups;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2706,14 +3325,14 @@
 
 else
   	ol_enable_rlookups=no
-fi;
+fi
+
 # end --enable-rlookups
 # OpenLDAP --enable-slapi
 
-	# Check whether --enable-slapi or --disable-slapi was given.
+	# Check whether --enable-slapi was given.
 if test "${enable_slapi+set}" = set; then
-  enableval="$enable_slapi"
-
+  enableval=$enable_slapi;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2729,14 +3348,14 @@
 
 else
   	ol_enable_slapi=no
-fi;
+fi
+
 # end --enable-slapi
 # OpenLDAP --enable-slp
 
-	# Check whether --enable-slp or --disable-slp was given.
+	# Check whether --enable-slp was given.
 if test "${enable_slp+set}" = set; then
-  enableval="$enable_slp"
-
+  enableval=$enable_slp;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2752,14 +3371,14 @@
 
 else
   	ol_enable_slp=no
-fi;
+fi
+
 # end --enable-slp
 # OpenLDAP --enable-wrappers
 
-	# Check whether --enable-wrappers or --disable-wrappers was given.
+	# Check whether --enable-wrappers was given.
 if test "${enable_wrappers+set}" = set; then
-  enableval="$enable_wrappers"
-
+  enableval=$enable_wrappers;
 	ol_arg=invalid
 	for ol_val in auto yes no ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2775,7 +3394,8 @@
 
 else
   	ol_enable_wrappers=no
-fi;
+fi
+
 # end --enable-wrappers
 
 Backends="bdb \
@@ -2784,6 +3404,7 @@
 	ldap \
 	meta \
 	monitor \
+	ndb \
 	null \
 	passwd \
 	perl \
@@ -2792,18 +3413,17 @@
 	sock \
 	sql"
 
-# Check whether --enable-xxslapbackends or --disable-xxslapbackends was given.
+# Check whether --enable-xxslapbackends was given.
 if test "${enable_xxslapbackends+set}" = set; then
-  enableval="$enable_xxslapbackends"
+  enableval=$enable_xxslapbackends;
+fi
 
-fi;
 
 # OpenLDAP --enable-backends
 
-	# Check whether --enable-backends or --disable-backends was given.
+	# Check whether --enable-backends was given.
 if test "${enable_backends+set}" = set; then
-  enableval="$enable_backends"
-
+  enableval=$enable_backends;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2817,14 +3437,14 @@
 	fi
 	ol_enable_backends="$ol_arg"
 
-fi;
+fi
+
 # end --enable-backends
 # OpenLDAP --enable-bdb
 
-	# Check whether --enable-bdb or --disable-bdb was given.
+	# Check whether --enable-bdb was given.
 if test "${enable_bdb+set}" = set; then
-  enableval="$enable_bdb"
-
+  enableval=$enable_bdb;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2840,14 +3460,14 @@
 
 else
   	ol_enable_bdb=${ol_enable_backends:-yes}
-fi;
+fi
+
 # end --enable-bdb
 # OpenLDAP --enable-dnssrv
 
-	# Check whether --enable-dnssrv or --disable-dnssrv was given.
+	# Check whether --enable-dnssrv was given.
 if test "${enable_dnssrv+set}" = set; then
-  enableval="$enable_dnssrv"
-
+  enableval=$enable_dnssrv;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2863,14 +3483,14 @@
 
 else
   	ol_enable_dnssrv=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-dnssrv
 # OpenLDAP --enable-hdb
 
-	# Check whether --enable-hdb or --disable-hdb was given.
+	# Check whether --enable-hdb was given.
 if test "${enable_hdb+set}" = set; then
-  enableval="$enable_hdb"
-
+  enableval=$enable_hdb;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2886,14 +3506,14 @@
 
 else
   	ol_enable_hdb=${ol_enable_backends:-yes}
-fi;
+fi
+
 # end --enable-hdb
 # OpenLDAP --enable-ldap
 
-	# Check whether --enable-ldap or --disable-ldap was given.
+	# Check whether --enable-ldap was given.
 if test "${enable_ldap+set}" = set; then
-  enableval="$enable_ldap"
-
+  enableval=$enable_ldap;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2909,14 +3529,14 @@
 
 else
   	ol_enable_ldap=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-ldap
 # OpenLDAP --enable-meta
 
-	# Check whether --enable-meta or --disable-meta was given.
+	# Check whether --enable-meta was given.
 if test "${enable_meta+set}" = set; then
-  enableval="$enable_meta"
-
+  enableval=$enable_meta;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2932,14 +3552,14 @@
 
 else
   	ol_enable_meta=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-meta
 # OpenLDAP --enable-monitor
 
-	# Check whether --enable-monitor or --disable-monitor was given.
+	# Check whether --enable-monitor was given.
 if test "${enable_monitor+set}" = set; then
-  enableval="$enable_monitor"
-
+  enableval=$enable_monitor;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2955,14 +3575,37 @@
 
 else
   	ol_enable_monitor=${ol_enable_backends:-yes}
-fi;
+fi
+
 # end --enable-monitor
+# OpenLDAP --enable-ndb
+
+	# Check whether --enable-ndb was given.
+if test "${enable_ndb+set}" = set; then
+  enableval=$enable_ndb;
+	ol_arg=invalid
+	for ol_val in no yes mod ; do
+		if test "$enableval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		{ { echo "$as_me:$LINENO: error: bad value $enableval for --enable-ndb" >&5
+echo "$as_me: error: bad value $enableval for --enable-ndb" >&2;}
+   { (exit 1); exit 1; }; }
+	fi
+	ol_enable_ndb="$ol_arg"
+
+else
+  	ol_enable_ndb=${ol_enable_backends:-no}
+fi
+
+# end --enable-ndb
 # OpenLDAP --enable-null
 
-	# Check whether --enable-null or --disable-null was given.
+	# Check whether --enable-null was given.
 if test "${enable_null+set}" = set; then
-  enableval="$enable_null"
-
+  enableval=$enable_null;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -2978,14 +3621,14 @@
 
 else
   	ol_enable_null=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-null
 # OpenLDAP --enable-passwd
 
-	# Check whether --enable-passwd or --disable-passwd was given.
+	# Check whether --enable-passwd was given.
 if test "${enable_passwd+set}" = set; then
-  enableval="$enable_passwd"
-
+  enableval=$enable_passwd;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3001,14 +3644,14 @@
 
 else
   	ol_enable_passwd=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-passwd
 # OpenLDAP --enable-perl
 
-	# Check whether --enable-perl or --disable-perl was given.
+	# Check whether --enable-perl was given.
 if test "${enable_perl+set}" = set; then
-  enableval="$enable_perl"
-
+  enableval=$enable_perl;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3024,14 +3667,14 @@
 
 else
   	ol_enable_perl=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-perl
 # OpenLDAP --enable-relay
 
-	# Check whether --enable-relay or --disable-relay was given.
+	# Check whether --enable-relay was given.
 if test "${enable_relay+set}" = set; then
-  enableval="$enable_relay"
-
+  enableval=$enable_relay;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3047,14 +3690,14 @@
 
 else
   	ol_enable_relay=${ol_enable_backends:-yes}
-fi;
+fi
+
 # end --enable-relay
 # OpenLDAP --enable-shell
 
-	# Check whether --enable-shell or --disable-shell was given.
+	# Check whether --enable-shell was given.
 if test "${enable_shell+set}" = set; then
-  enableval="$enable_shell"
-
+  enableval=$enable_shell;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3070,14 +3713,14 @@
 
 else
   	ol_enable_shell=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-shell
 # OpenLDAP --enable-sock
 
-	# Check whether --enable-sock or --disable-sock was given.
+	# Check whether --enable-sock was given.
 if test "${enable_sock+set}" = set; then
-  enableval="$enable_sock"
-
+  enableval=$enable_sock;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3093,14 +3736,14 @@
 
 else
   	ol_enable_sock=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-sock
 # OpenLDAP --enable-sql
 
-	# Check whether --enable-sql or --disable-sql was given.
+	# Check whether --enable-sql was given.
 if test "${enable_sql+set}" = set; then
-  enableval="$enable_sql"
-
+  enableval=$enable_sql;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3116,13 +3759,16 @@
 
 else
   	ol_enable_sql=${ol_enable_backends:-no}
-fi;
+fi
+
 # end --enable-sql
 
 Overlays="accesslog \
 	auditlog \
+	collect \
 	constraint \
 	dds \
+	deref \
 	dyngroup \
 	dynlist \
 	memberof \
@@ -3137,18 +3783,17 @@
 	unique \
 	valsort"
 
-# Check whether --enable-xxslapoverlays or --disable-xxslapoverlays was given.
+# Check whether --enable-xxslapoverlays was given.
 if test "${enable_xxslapoverlays+set}" = set; then
-  enableval="$enable_xxslapoverlays"
+  enableval=$enable_xxslapoverlays;
+fi
 
-fi;
 
 # OpenLDAP --enable-overlays
 
-	# Check whether --enable-overlays or --disable-overlays was given.
+	# Check whether --enable-overlays was given.
 if test "${enable_overlays+set}" = set; then
-  enableval="$enable_overlays"
-
+  enableval=$enable_overlays;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3162,14 +3807,14 @@
 	fi
 	ol_enable_overlays="$ol_arg"
 
-fi;
+fi
+
 # end --enable-overlays
 # OpenLDAP --enable-accesslog
 
-	# Check whether --enable-accesslog or --disable-accesslog was given.
+	# Check whether --enable-accesslog was given.
 if test "${enable_accesslog+set}" = set; then
-  enableval="$enable_accesslog"
-
+  enableval=$enable_accesslog;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3185,15 +3830,15 @@
 
 else
   	ol_enable_accesslog=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-accesslog
 
 # OpenLDAP --enable-auditlog
 
-	# Check whether --enable-auditlog or --disable-auditlog was given.
+	# Check whether --enable-auditlog was given.
 if test "${enable_auditlog+set}" = set; then
-  enableval="$enable_auditlog"
-
+  enableval=$enable_auditlog;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3209,15 +3854,39 @@
 
 else
   	ol_enable_auditlog=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-auditlog
 
+# OpenLDAP --enable-collect
+
+	# Check whether --enable-collect was given.
+if test "${enable_collect+set}" = set; then
+  enableval=$enable_collect;
+	ol_arg=invalid
+	for ol_val in no yes mod ; do
+		if test "$enableval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		{ { echo "$as_me:$LINENO: error: bad value $enableval for --enable-collect" >&5
+echo "$as_me: error: bad value $enableval for --enable-collect" >&2;}
+   { (exit 1); exit 1; }; }
+	fi
+	ol_enable_collect="$ol_arg"
+
+else
+  	ol_enable_collect=${ol_enable_overlays:-no}
+fi
+
+# end --enable-collect
+
 # OpenLDAP --enable-constraint
 
-	# Check whether --enable-constraint or --disable-constraint was given.
+	# Check whether --enable-constraint was given.
 if test "${enable_constraint+set}" = set; then
-  enableval="$enable_constraint"
-
+  enableval=$enable_constraint;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3233,15 +3902,15 @@
 
 else
   	ol_enable_constraint=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-constraint
 
 # OpenLDAP --enable-dds
 
-	# Check whether --enable-dds or --disable-dds was given.
+	# Check whether --enable-dds was given.
 if test "${enable_dds+set}" = set; then
-  enableval="$enable_dds"
-
+  enableval=$enable_dds;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3257,15 +3926,39 @@
 
 else
   	ol_enable_dds=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-dds
 
+# OpenLDAP --enable-deref
+
+	# Check whether --enable-deref was given.
+if test "${enable_deref+set}" = set; then
+  enableval=$enable_deref;
+	ol_arg=invalid
+	for ol_val in no yes mod ; do
+		if test "$enableval" = "$ol_val" ; then
+			ol_arg="$ol_val"
+		fi
+	done
+	if test "$ol_arg" = "invalid" ; then
+		{ { echo "$as_me:$LINENO: error: bad value $enableval for --enable-deref" >&5
+echo "$as_me: error: bad value $enableval for --enable-deref" >&2;}
+   { (exit 1); exit 1; }; }
+	fi
+	ol_enable_deref="$ol_arg"
+
+else
+  	ol_enable_deref=${ol_enable_overlays:-no}
+fi
+
+# end --enable-deref
+
 # OpenLDAP --enable-dyngroup
 
-	# Check whether --enable-dyngroup or --disable-dyngroup was given.
+	# Check whether --enable-dyngroup was given.
 if test "${enable_dyngroup+set}" = set; then
-  enableval="$enable_dyngroup"
-
+  enableval=$enable_dyngroup;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3281,15 +3974,15 @@
 
 else
   	ol_enable_dyngroup=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-dyngroup
 
 # OpenLDAP --enable-dynlist
 
-	# Check whether --enable-dynlist or --disable-dynlist was given.
+	# Check whether --enable-dynlist was given.
 if test "${enable_dynlist+set}" = set; then
-  enableval="$enable_dynlist"
-
+  enableval=$enable_dynlist;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3305,15 +3998,15 @@
 
 else
   	ol_enable_dynlist=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-dynlist
 
 # OpenLDAP --enable-memberof
 
-	# Check whether --enable-memberof or --disable-memberof was given.
+	# Check whether --enable-memberof was given.
 if test "${enable_memberof+set}" = set; then
-  enableval="$enable_memberof"
-
+  enableval=$enable_memberof;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3329,15 +4022,15 @@
 
 else
   	ol_enable_memberof=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-memberof
 
 # OpenLDAP --enable-ppolicy
 
-	# Check whether --enable-ppolicy or --disable-ppolicy was given.
+	# Check whether --enable-ppolicy was given.
 if test "${enable_ppolicy+set}" = set; then
-  enableval="$enable_ppolicy"
-
+  enableval=$enable_ppolicy;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3353,15 +4046,15 @@
 
 else
   	ol_enable_ppolicy=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-ppolicy
 
 # OpenLDAP --enable-proxycache
 
-	# Check whether --enable-proxycache or --disable-proxycache was given.
+	# Check whether --enable-proxycache was given.
 if test "${enable_proxycache+set}" = set; then
-  enableval="$enable_proxycache"
-
+  enableval=$enable_proxycache;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3377,15 +4070,15 @@
 
 else
   	ol_enable_proxycache=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-proxycache
 
 # OpenLDAP --enable-refint
 
-	# Check whether --enable-refint or --disable-refint was given.
+	# Check whether --enable-refint was given.
 if test "${enable_refint+set}" = set; then
-  enableval="$enable_refint"
-
+  enableval=$enable_refint;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3401,15 +4094,15 @@
 
 else
   	ol_enable_refint=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-refint
 
 # OpenLDAP --enable-retcode
 
-	# Check whether --enable-retcode or --disable-retcode was given.
+	# Check whether --enable-retcode was given.
 if test "${enable_retcode+set}" = set; then
-  enableval="$enable_retcode"
-
+  enableval=$enable_retcode;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3425,15 +4118,15 @@
 
 else
   	ol_enable_retcode=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-retcode
 
 # OpenLDAP --enable-rwm
 
-	# Check whether --enable-rwm or --disable-rwm was given.
+	# Check whether --enable-rwm was given.
 if test "${enable_rwm+set}" = set; then
-  enableval="$enable_rwm"
-
+  enableval=$enable_rwm;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3449,15 +4142,15 @@
 
 else
   	ol_enable_rwm=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-rwm
 
 # OpenLDAP --enable-seqmod
 
-	# Check whether --enable-seqmod or --disable-seqmod was given.
+	# Check whether --enable-seqmod was given.
 if test "${enable_seqmod+set}" = set; then
-  enableval="$enable_seqmod"
-
+  enableval=$enable_seqmod;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3473,15 +4166,15 @@
 
 else
   	ol_enable_seqmod=${ol_enable_overlays:-yes}
-fi;
+fi
+
 # end --enable-seqmod
 
 # OpenLDAP --enable-syncprov
 
-	# Check whether --enable-syncprov or --disable-syncprov was given.
+	# Check whether --enable-syncprov was given.
 if test "${enable_syncprov+set}" = set; then
-  enableval="$enable_syncprov"
-
+  enableval=$enable_syncprov;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3497,15 +4190,15 @@
 
 else
   	ol_enable_syncprov=${ol_enable_overlays:-yes}
-fi;
+fi
+
 # end --enable-syncprov
 
 # OpenLDAP --enable-translucent
 
-	# Check whether --enable-translucent or --disable-translucent was given.
+	# Check whether --enable-translucent was given.
 if test "${enable_translucent+set}" = set; then
-  enableval="$enable_translucent"
-
+  enableval=$enable_translucent;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3521,15 +4214,15 @@
 
 else
   	ol_enable_translucent=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-translucent
 
 # OpenLDAP --enable-unique
 
-	# Check whether --enable-unique or --disable-unique was given.
+	# Check whether --enable-unique was given.
 if test "${enable_unique+set}" = set; then
-  enableval="$enable_unique"
-
+  enableval=$enable_unique;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3545,15 +4238,15 @@
 
 else
   	ol_enable_unique=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-unique
 
 # OpenLDAP --enable-valsort
 
-	# Check whether --enable-valsort or --disable-valsort was given.
+	# Check whether --enable-valsort was given.
 if test "${enable_valsort+set}" = set; then
-  enableval="$enable_valsort"
-
+  enableval=$enable_valsort;
 	ol_arg=invalid
 	for ol_val in no yes mod ; do
 		if test "$enableval" = "$ol_val" ; then
@@ -3569,19 +4262,19 @@
 
 else
   	ol_enable_valsort=${ol_enable_overlays:-no}
-fi;
+fi
+
 # end --enable-valsort
 
 
-# Check whether --enable-xxliboptions or --disable-xxliboptions was given.
+# Check whether --enable-xxliboptions was given.
 if test "${enable_xxliboptions+set}" = set; then
-  enableval="$enable_xxliboptions"
+  enableval=$enable_xxliboptions;
+fi
 
-fi;
-# Check whether --enable-static or --disable-static was given.
+# Check whether --enable-static was given.
 if test "${enable_static+set}" = set; then
-  enableval="$enable_static"
-  p=${PACKAGE-default}
+  enableval=$enable_static; p=${PACKAGE-default}
     case $enableval in
     yes) enable_static=yes ;;
     no) enable_static=no ;;
@@ -3600,12 +4293,12 @@
     esac
 else
   enable_static=yes
-fi;
+fi
 
-# Check whether --enable-shared or --disable-shared was given.
+
+# Check whether --enable-shared was given.
 if test "${enable_shared+set}" = set; then
-  enableval="$enable_shared"
-  p=${PACKAGE-default}
+  enableval=$enable_shared; p=${PACKAGE-default}
     case $enableval in
     yes) enable_shared=yes ;;
     no) enable_shared=no ;;
@@ -3624,10 +4317,11 @@
     esac
 else
   enable_shared=yes
-fi;
+fi
 
 
 
+
 # validate options
 if test $ol_enable_slapd = no ; then
 		if test $ol_enable_slapi = yes ; then
@@ -3703,6 +4397,7 @@
 	test $ol_enable_ldap = no &&
 	test $ol_enable_meta = no &&
 	test $ol_enable_monitor = no &&
+	test $ol_enable_ndb = no &&
 	test $ol_enable_null = no &&
 	test $ol_enable_passwd = no &&
 	test $ol_enable_perl = no &&
@@ -3745,11 +4440,13 @@
 	ol_with_cyrus_sasl=yes
 fi
 
-echo "$as_me:$LINENO: result: done" >&5
-echo "${ECHO_T}done" >&6
+{ echo "$as_me:$LINENO: result: done" >&5
+echo "${ECHO_T}done" >&6; }
 
 LDAP_LIBS=
 BDB_LIBS=
+SLAPD_NDB_LIBS=
+SLAPD_NDB_INCS=
 LTHREAD_LIBS=
 LUTIL_LIBS=
 
@@ -3768,6 +4465,7 @@
 BUILD_LDAP=no
 BUILD_META=no
 BUILD_MONITOR=no
+BUILD_NDB=no
 BUILD_NULL=no
 BUILD_PASSWD=no
 BUILD_PERL=no
@@ -3816,6 +4514,7 @@
 KRB4_LIBS=
 KRB5_LIBS=
 SASL_LIBS=
+GSSAPI_LIBS=
 TLS_LIBS=
 MODULES_LIBS=
 SLAPI_LIBS=
@@ -3852,8 +4551,8 @@
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -3866,25 +4565,27 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   test -n "$CC" && break
 done
 
@@ -3914,8 +4615,8 @@
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -3928,25 +4629,27 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   test -n "$CC" && break
 done
 test -n "$CC" || CC="missing"
@@ -3964,8 +4667,8 @@
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_AR+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -3978,25 +4681,27 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_AR="$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 AR=$ac_cv_prog_AR
 if test -n "$AR"; then
-  echo "$as_me:$LINENO: result: $AR" >&5
-echo "${ECHO_T}$AR" >&6
+  { echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   test -n "$AR" && break
 done
 test -n "$AR" || AR="missing"
@@ -4013,10 +4718,9 @@
 
 
 
-# Check whether --enable-fast-install or --disable-fast-install was given.
+# Check whether --enable-fast-install was given.
 if test "${enable_fast_install+set}" = set; then
-  enableval="$enable_fast_install"
-  p=${PACKAGE-default}
+  enableval=$enable_fast_install; p=${PACKAGE-default}
     case $enableval in
     yes) enable_fast_install=yes ;;
     no) enable_fast_install=no ;;
@@ -4035,11 +4739,12 @@
     esac
 else
   enable_fast_install=yes
-fi;
+fi
 
+
 DEPDIR="${am__leading_dot}deps"
 
-          ac_config_commands="$ac_config_commands depfiles"
+ac_config_commands="$ac_config_commands depfiles"
 
 
 am_make=${MAKE-make}
@@ -4049,8 +4754,8 @@
 .PHONY: am__doit
 END
 # If we don't find an include directive, just comment out the code.
-echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
-echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6; }
 am__include="#"
 am__quote=
 _am_result=none
@@ -4077,15 +4782,15 @@
 fi
 
 
-echo "$as_me:$LINENO: result: $_am_result" >&5
-echo "${ECHO_T}$_am_result" >&6
+{ echo "$as_me:$LINENO: result: $_am_result" >&5
+echo "${ECHO_T}$_am_result" >&6; }
 rm -f confinc confmf
 
-# Check whether --enable-dependency-tracking or --disable-dependency-tracking was given.
+# Check whether --enable-dependency-tracking was given.
 if test "${enable_dependency_tracking+set}" = set; then
-  enableval="$enable_dependency_tracking"
+  enableval=$enable_dependency_tracking;
+fi
 
-fi;
 if test "x$enable_dependency_tracking" != xno; then
   am_depcomp="$ac_aux_dir/depcomp"
   AMDEPBACKSLASH='\'
@@ -4110,8 +4815,8 @@
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4124,32 +4829,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="${ac_tool_prefix}gcc"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_CC"; then
   ac_ct_CC=$CC
   # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4162,36 +4869,51 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_CC="gcc"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  CC=$ac_ct_CC
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
 else
   CC="$ac_cv_prog_CC"
 fi
 
 if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4204,74 +4926,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="${ac_tool_prefix}cc"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
 
+  fi
 fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  CC=$ac_ct_CC
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-fi
 if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4285,7 +4967,7 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
        ac_prog_rejected=yes
        continue
@@ -4296,6 +4978,7 @@
   fi
 done
 done
+IFS=$as_save_IFS
 
 if test $ac_prog_rejected = yes; then
   # We found a bogon in the path, so make sure we never use it.
@@ -4313,22 +4996,23 @@
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$CC"; then
   if test -n "$ac_tool_prefix"; then
-  for ac_prog in cl
+  for ac_prog in cl.exe
   do
     # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4341,36 +5025,38 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
     test -n "$CC" && break
   done
 fi
 if test -z "$CC"; then
   ac_ct_CC=$CC
-  for ac_prog in cl
+  for ac_prog in cl.exe
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4383,29 +5069,45 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_CC="$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   test -n "$ac_ct_CC" && break
 done
 
-  CC=$ac_ct_CC
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
 fi
 
 fi
@@ -4418,21 +5120,35 @@
    { (exit 1); exit 1; }; }
 
 # Provide some information about the compiler.
-echo "$as_me:$LINENO:" \
-     "checking for C compiler version" >&5
+echo "$as_me:$LINENO: checking for C compiler version" >&5
 ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
-  (eval $ac_compiler --version </dev/null >&5) 2>&5
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
-  (eval $ac_compiler -v </dev/null >&5) 2>&5
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
-  (eval $ac_compiler -V </dev/null >&5) 2>&5
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }
@@ -4457,47 +5173,77 @@
 # Try to create an executable without -o first, disregard a.out.
 # It will help us diagnose broken compilers, and finding out an intuition
 # of exeext.
-echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
-echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; }
 ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
-  (eval $ac_link_default) 2>&5
+#
+# List of possible output files, starting from the most likely.
+# The algorithm is not robust to junk in `.', hence go to wildcards (a.*)
+# only as a last resort.  b.out is created by i960 compilers.
+ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out'
+#
+# The IRIX 6 linker writes into existing files which may not be
+# executable, retaining their permissions.  Remove them first so a
+# subsequent execution test works.
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link_default") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; then
-  # Find the output, starting from the most likely.  This scheme is
-# not robust to junk in `.', hence go to wildcards (a.*) only as a last
-# resort.
-
-# Be careful to initialize this variable, since it used to be cached.
-# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
-ac_cv_exeext=
-# b.out is created by i960 compilers.
-for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
 do
   test -f "$ac_file" || continue
   case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj )
 	;;
-    conftest.$ac_ext )
-	# This is the source file.
-	;;
     [ab].out )
 	# We found the default executable, but exeext='' is most
 	# certainly right.
 	break;;
     *.* )
-	ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-	# FIXME: I believe we export ac_cv_exeext for Libtool,
-	# but it would be cool to find out if it's true.  Does anybody
-	# maintain Libtool? --akim.
-	export ac_cv_exeext
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
 	break;;
     * )
 	break;;
   esac
 done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
 else
+  ac_file=''
+fi
+
+{ echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6; }
+if test -z "$ac_file"; then
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
@@ -4509,19 +5255,21 @@
 fi
 
 ac_exeext=$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6
 
-# Check the compiler produces executables we can run.  If not, either
+# Check that the compiler produces executables we can run.  If not, either
 # the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; }
 # FIXME: These cross compiler hacks should be removed for Autoconf 3.0
 # If not cross compiling, check that we can run a simple program.
 if test "$cross_compiling" != yes; then
   if { ac_try='./$ac_file'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -4540,22 +5288,27 @@
     fi
   fi
 fi
-echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+{ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
 
 rm -f a.out a.exe conftest$ac_cv_exeext b.out
 ac_clean_files=$ac_clean_files_save
-# Check the compiler produces executables we can run.  If not, either
+# Check that the compiler produces executables we can run.  If not, either
 # the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6
+{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6; }
 
-echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+{ echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; then
@@ -4566,9 +5319,8 @@
 for ac_file in conftest.exe conftest conftest.*; do
   test -f "$ac_file" || continue
   case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
     *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
-	  export ac_cv_exeext
 	  break;;
     * ) break;;
   esac
@@ -4582,14 +5334,14 @@
 fi
 
 rm -f conftest$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6; }
 
 rm -f conftest.$ac_ext
 EXEEXT=$ac_cv_exeext
 ac_exeext=$EXEEXT
-echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; }
 if test "${ac_cv_objext+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4609,14 +5361,20 @@
 }
 _ACEOF
 rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>&5
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; then
-  for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
   case $ac_file in
-    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;;
     *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
        break;;
   esac
@@ -4634,12 +5392,12 @@
 
 rm -f conftest.$ac_cv_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6; }
 OBJEXT=$ac_cv_objext
 ac_objext=$OBJEXT
-echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
 if test "${ac_cv_c_compiler_gnu+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -4662,50 +5420,49 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_compiler_gnu=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_compiler_gnu=no
+	ac_compiler_gnu=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
 GCC=`test $ac_compiler_gnu = yes && echo yes`
 ac_test_CFLAGS=${CFLAGS+set}
 ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
 if test "${ac_cv_prog_cc_g+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  cat >conftest.$ac_ext <<_ACEOF
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -4721,38 +5478,118 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_prog_cc_g=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_prog_cc_g=no
+
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
 if test "$ac_test_CFLAGS" = set; then
   CFLAGS=$ac_save_CFLAGS
 elif test $ac_cv_prog_cc_g = yes; then
@@ -4768,12 +5605,12 @@
     CFLAGS=
   fi
 fi
-echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_stdc+set}" = set; then
+{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  ac_cv_prog_cc_stdc=no
+  ac_cv_prog_cc_c89=no
 ac_save_CC=$CC
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -4807,12 +5644,17 @@
 /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
    function prototypes and stuff, but not '\xHH' hex character constants.
    These don't provoke an error unfortunately, instead are silently treated
-   as 'x'.  The following induces an error, until -std1 is added to get
+   as 'x'.  The following induces an error, until -std is added to get
    proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
    array size at least.  It's necessary to write '\x00'==0 to get something
-   that's true only with -std1.  */
+   that's true only with -std.  */
 int osf4_cc_array ['\x00' == 0 ? 1 : -1];
 
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
 int test (int i, double x);
 struct s1 {int (*f) (int a);};
 struct s2 {int (*f) (double a);};
@@ -4827,205 +5669,57 @@
   return 0;
 }
 _ACEOF
-# Don't try gcc -ansi; that turns off useful extensions and
-# breaks some systems' header files.
-# AIX			-qlanglvl=ansi
-# Ultrix and OSF/1	-std1
-# HP-UX 10.20 and later	-Ae
-# HP-UX older versions	-Aa -D_HPUX_SOURCE
-# SVR4			-Xc -D__EXTENSIONS__
-for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
 do
   CC="$ac_save_CC $ac_arg"
   rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_cc_stdc=$ac_arg
-break
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
 done
-rm -f conftest.$ac_ext conftest.$ac_objext
+rm -f conftest.$ac_ext
 CC=$ac_save_CC
 
 fi
-
-case "x$ac_cv_prog_cc_stdc" in
-  x|xno)
-    echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6 ;;
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6; } ;;
+  xno)
+    { echo "$as_me:$LINENO: result: unsupported" >&5
+echo "${ECHO_T}unsupported" >&6; } ;;
   *)
-    echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
-    CC="$CC $ac_cv_prog_cc_stdc" ;;
+    CC="$CC $ac_cv_prog_cc_c89"
+    { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
 esac
 
-# Some people use a C++ compiler to compile C.  Since we use `exit',
-# in C++ we need to declare it.  In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-#ifndef __cplusplus
-  choke me
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  for ac_declaration in \
-   '' \
-   'extern "C" void std::exit (int) throw (); using std::exit;' \
-   'extern "C" void std::exit (int); using std::exit;' \
-   'extern "C" void exit (int) throw ();' \
-   'extern "C" void exit (int);' \
-   'void exit (int);'
-do
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_declaration
-#include <stdlib.h>
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
 
-continue
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_declaration
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-rm -f conftest*
-if test -n "$ac_declaration"; then
-  echo '#ifdef __cplusplus' >>confdefs.h
-  echo $ac_declaration      >>confdefs.h
-  echo '#endif'             >>confdefs.h
-fi
-
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -5034,8 +5728,8 @@
 
 depcc="$CC"   am_compiler_list=
 
-echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
-echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; }
 if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5124,8 +5818,8 @@
 fi
 
 fi
-echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
-echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
+{ echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; }
 CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
 
 
@@ -5141,8 +5835,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
-echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5
+echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; }
 if test "${lt_cv_path_SED+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5195,37 +5889,184 @@
 fi
 
 SED=$lt_cv_path_SED
-echo "$as_me:$LINENO: result: $SED" >&5
-echo "${ECHO_T}$SED" >&6
+{ echo "$as_me:$LINENO: result: $SED" >&5
+echo "${ECHO_T}$SED" >&6; }
 
-echo "$as_me:$LINENO: checking for egrep" >&5
-echo $ECHO_N "checking for egrep... $ECHO_C" >&6
-if test "${ac_cv_prog_egrep+set}" = set; then
+{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
+echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if echo a | (grep -E '(a|b)') >/dev/null 2>&1
-    then ac_cv_prog_egrep='grep -E'
-    else ac_cv_prog_egrep='egrep'
+  # Extract the first word of "grep ggrep" to use in msg output
+if test -z "$GREP"; then
+set dummy grep ggrep; ac_prog_name=$2
+if test "${ac_cv_path_GREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_path_GREP_found=false
+# Loop through the user's path and test for each of PROGNAME-LIST
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in grep ggrep; do
+  for ac_exec_ext in '' $ac_executable_extensions; do
+    ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+    { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+    # Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    echo 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    ac_count=`expr $ac_count + 1`
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
     fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+
+    $ac_path_GREP_found && break 3
+  done
+done
+
+done
+IFS=$as_save_IFS
+
+
 fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
-echo "${ECHO_T}$ac_cv_prog_egrep" >&6
- EGREP=$ac_cv_prog_egrep
 
+GREP="$ac_cv_path_GREP"
+if test -z "$GREP"; then
+  { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
+echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
+   { (exit 1); exit 1; }; }
+fi
 
+else
+  ac_cv_path_GREP=$GREP
+fi
 
-# Check whether --with-gnu-ld or --without-gnu-ld was given.
+
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
+echo "${ECHO_T}$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     # Extract the first word of "egrep" to use in msg output
+if test -z "$EGREP"; then
+set dummy egrep; ac_prog_name=$2
+if test "${ac_cv_path_EGREP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_path_EGREP_found=false
+# Loop through the user's path and test for each of PROGNAME-LIST
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in egrep; do
+  for ac_exec_ext in '' $ac_executable_extensions; do
+    ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+    { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+    # Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    echo 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    ac_count=`expr $ac_count + 1`
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+
+    $ac_path_EGREP_found && break 3
+  done
+done
+
+done
+IFS=$as_save_IFS
+
+
+fi
+
+EGREP="$ac_cv_path_EGREP"
+if test -z "$EGREP"; then
+  { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
+echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+else
+  ac_cv_path_EGREP=$EGREP
+fi
+
+
+   fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
+echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+
+# Check whether --with-gnu-ld was given.
 if test "${with_gnu_ld+set}" = set; then
-  withval="$with_gnu_ld"
-  test "$withval" = no || with_gnu_ld=yes
+  withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
 else
   with_gnu_ld=no
-fi;
+fi
+
 ac_prog=ld
 if test "$GCC" = yes; then
   # Check if gcc -print-prog-name=ld gives a path.
-  echo "$as_me:$LINENO: checking for ld used by $CC" >&5
-echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for ld used by $CC" >&5
+echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; }
   case $host in
   *-*-mingw*)
     # gcc leaves a trailing carriage return which upsets mingw
@@ -5254,11 +6095,11 @@
     ;;
   esac
 elif test "$with_gnu_ld" = yes; then
-  echo "$as_me:$LINENO: checking for GNU ld" >&5
-echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for GNU ld" >&5
+echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; }
 else
-  echo "$as_me:$LINENO: checking for non-GNU ld" >&5
-echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for non-GNU ld" >&5
+echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; }
 fi
 if test "${lt_cv_path_LD+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5291,17 +6132,17 @@
 
 LD="$lt_cv_path_LD"
 if test -n "$LD"; then
-  echo "$as_me:$LINENO: result: $LD" >&5
-echo "${ECHO_T}$LD" >&6
+  { echo "$as_me:$LINENO: result: $LD" >&5
+echo "${ECHO_T}$LD" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5
 echo "$as_me: error: no acceptable ld found in \$PATH" >&2;}
    { (exit 1); exit 1; }; }
-echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
-echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5
+echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; }
 if test "${lt_cv_prog_gnu_ld+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5315,20 +6156,20 @@
   ;;
 esac
 fi
-echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
-echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_gnu_ld" >&5
+echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; }
 with_gnu_ld=$lt_cv_prog_gnu_ld
 
 
-echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
-echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5
+echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; }
 if test "${lt_cv_ld_reload_flag+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   lt_cv_ld_reload_flag='-r'
 fi
-echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
-echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5
+echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; }
 reload_flag=$lt_cv_ld_reload_flag
 case $reload_flag in
 "" | " "*) ;;
@@ -5345,8 +6186,8 @@
     ;;
 esac
 
-echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
-echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5
+echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6; }
 if test "${lt_cv_path_NM+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5387,23 +6228,23 @@
   test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm
 fi
 fi
-echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
-echo "${ECHO_T}$lt_cv_path_NM" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5
+echo "${ECHO_T}$lt_cv_path_NM" >&6; }
 NM="$lt_cv_path_NM"
 
-echo "$as_me:$LINENO: checking whether ln -s works" >&5
-echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether ln -s works" >&5
+echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; }
 LN_S=$as_ln_s
 if test "$LN_S" = "ln -s"; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
 else
-  echo "$as_me:$LINENO: result: no, using $LN_S" >&5
-echo "${ECHO_T}no, using $LN_S" >&6
+  { echo "$as_me:$LINENO: result: no, using $LN_S" >&5
+echo "${ECHO_T}no, using $LN_S" >&6; }
 fi
 
-echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
-echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5
+echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; }
 if test "${lt_cv_deplibs_check_method+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5574,8 +6415,8 @@
 esac
 
 fi
-echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
-echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5
+echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; }
 file_magic_cmd=$lt_cv_file_magic_cmd
 deplibs_check_method=$lt_cv_deplibs_check_method
 test -z "$deplibs_check_method" && deplibs_check_method=unknown
@@ -5590,11 +6431,11 @@
 compiler=$CC
 
 
-# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+# Check whether --enable-libtool-lock was given.
 if test "${enable_libtool_lock+set}" = set; then
-  enableval="$enable_libtool_lock"
+  enableval=$enable_libtool_lock;
+fi
 
-fi;
 test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
 
 # Some flags need to be propagated to the compiler or linker for good
@@ -5621,7 +6462,7 @@
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 5624 "configure"' > conftest.$ac_ext
+  echo '#line 6465 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -5706,8 +6547,8 @@
   # On SCO OpenServer 5, we need -belf to get full-featured binaries.
   SAVE_CFLAGS="$CFLAGS"
   CFLAGS="$CFLAGS -belf"
-  echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
-echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5
+echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; }
 if test "${lt_cv_cc_needs_belf+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5733,35 +6574,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   lt_cv_cc_needs_belf=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-lt_cv_cc_needs_belf=no
+	lt_cv_cc_needs_belf=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
      ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
@@ -5770,8 +6608,8 @@
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 fi
-echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
-echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5
+echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; }
   if test x"$lt_cv_cc_needs_belf" != x"yes"; then
     # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
     CFLAGS="$SAVE_CFLAGS"
@@ -5781,8 +6619,8 @@
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
 set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_DLLTOOL+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5795,32 +6633,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 DLLTOOL=$ac_cv_prog_DLLTOOL
 if test -n "$DLLTOOL"; then
-  echo "$as_me:$LINENO: result: $DLLTOOL" >&5
-echo "${ECHO_T}$DLLTOOL" >&6
+  { echo "$as_me:$LINENO: result: $DLLTOOL" >&5
+echo "${ECHO_T}$DLLTOOL" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_DLLTOOL"; then
   ac_ct_DLLTOOL=$DLLTOOL
   # Extract the first word of "dlltool", so it can be a program name with args.
 set dummy dlltool; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_DLLTOOL+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5833,27 +6673,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_DLLTOOL="dlltool"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_DLLTOOL" && ac_cv_prog_ac_ct_DLLTOOL="false"
 fi
 fi
 ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
 if test -n "$ac_ct_DLLTOOL"; then
-  echo "$as_me:$LINENO: result: $ac_ct_DLLTOOL" >&5
-echo "${ECHO_T}$ac_ct_DLLTOOL" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_DLLTOOL" >&5
+echo "${ECHO_T}$ac_ct_DLLTOOL" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  DLLTOOL=$ac_ct_DLLTOOL
+  if test "x$ac_ct_DLLTOOL" = x; then
+    DLLTOOL="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    DLLTOOL=$ac_ct_DLLTOOL
+  fi
 else
   DLLTOOL="$ac_cv_prog_DLLTOOL"
 fi
@@ -5861,8 +6715,8 @@
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}as", so it can be a program name with args.
 set dummy ${ac_tool_prefix}as; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_AS+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5875,32 +6729,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_AS="${ac_tool_prefix}as"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 AS=$ac_cv_prog_AS
 if test -n "$AS"; then
-  echo "$as_me:$LINENO: result: $AS" >&5
-echo "${ECHO_T}$AS" >&6
+  { echo "$as_me:$LINENO: result: $AS" >&5
+echo "${ECHO_T}$AS" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_AS"; then
   ac_ct_AS=$AS
   # Extract the first word of "as", so it can be a program name with args.
 set dummy as; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_AS+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5913,27 +6769,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_AS="as"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_AS" && ac_cv_prog_ac_ct_AS="false"
 fi
 fi
 ac_ct_AS=$ac_cv_prog_ac_ct_AS
 if test -n "$ac_ct_AS"; then
-  echo "$as_me:$LINENO: result: $ac_ct_AS" >&5
-echo "${ECHO_T}$ac_ct_AS" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_AS" >&5
+echo "${ECHO_T}$ac_ct_AS" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  AS=$ac_ct_AS
+  if test "x$ac_ct_AS" = x; then
+    AS="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    AS=$ac_ct_AS
+  fi
 else
   AS="$ac_cv_prog_AS"
 fi
@@ -5941,8 +6811,8 @@
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
 set dummy ${ac_tool_prefix}objdump; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_OBJDUMP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5955,32 +6825,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 OBJDUMP=$ac_cv_prog_OBJDUMP
 if test -n "$OBJDUMP"; then
-  echo "$as_me:$LINENO: result: $OBJDUMP" >&5
-echo "${ECHO_T}$OBJDUMP" >&6
+  { echo "$as_me:$LINENO: result: $OBJDUMP" >&5
+echo "${ECHO_T}$OBJDUMP" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_OBJDUMP"; then
   ac_ct_OBJDUMP=$OBJDUMP
   # Extract the first word of "objdump", so it can be a program name with args.
 set dummy objdump; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -5993,27 +6865,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_OBJDUMP="objdump"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_OBJDUMP" && ac_cv_prog_ac_ct_OBJDUMP="false"
 fi
 fi
 ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
 if test -n "$ac_ct_OBJDUMP"; then
-  echo "$as_me:$LINENO: result: $ac_ct_OBJDUMP" >&5
-echo "${ECHO_T}$ac_ct_OBJDUMP" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_OBJDUMP" >&5
+echo "${ECHO_T}$ac_ct_OBJDUMP" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  OBJDUMP=$ac_ct_OBJDUMP
+  if test "x$ac_ct_OBJDUMP" = x; then
+    OBJDUMP="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    OBJDUMP=$ac_ct_OBJDUMP
+  fi
 else
   OBJDUMP="$ac_cv_prog_OBJDUMP"
 fi
@@ -6030,8 +6916,8 @@
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -6065,24 +6951,22 @@
 #endif
 		     Syntax error
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   :
 else
   echo "$as_me: failed program was:" >&5
@@ -6091,9 +6975,10 @@
   # Broken: fails on valid input.
 continue
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
-  # OK, works on sane cases.  Now check whether non-existent headers
+  # OK, works on sane cases.  Now check whether nonexistent headers
   # can be detected and how.
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -6103,24 +6988,22 @@
 /* end confdefs.h.  */
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   # Broken: success on invalid input.
 continue
 else
@@ -6131,6 +7014,7 @@
 ac_preproc_ok=:
 break
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
 done
@@ -6148,8 +7032,8 @@
 else
   ac_cv_prog_CPP=$CPP
 fi
-echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6
+{ echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6; }
 ac_preproc_ok=false
 for ac_c_preproc_warn_flag in '' yes
 do
@@ -6172,24 +7056,22 @@
 #endif
 		     Syntax error
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   :
 else
   echo "$as_me: failed program was:" >&5
@@ -6198,9 +7080,10 @@
   # Broken: fails on valid input.
 continue
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
-  # OK, works on sane cases.  Now check whether non-existent headers
+  # OK, works on sane cases.  Now check whether nonexistent headers
   # can be detected and how.
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -6210,24 +7093,22 @@
 /* end confdefs.h.  */
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   # Broken: success on invalid input.
 continue
 else
@@ -6238,6 +7119,7 @@
 ac_preproc_ok=:
 break
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
 done
@@ -6260,8 +7142,8 @@
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
-echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
 if test "${ac_cv_header_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -6285,36 +7167,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_header_stdc=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_header_stdc=no
+	ac_cv_header_stdc=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
@@ -6369,6 +7247,7 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 #include <ctype.h>
+#include <stdlib.h>
 #if ((' ' & 0x0FF) == 0x020)
 # define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
 # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
@@ -6388,18 +7267,27 @@
   for (i = 0; i < 256; i++)
     if (XOR (islower (i), ISLOWER (i))
 	|| toupper (i) != TOUPPER (i))
-      exit(2);
-  exit (0);
+      return 2;
+  return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -6412,12 +7300,14 @@
 ( exit $ac_status )
 ac_cv_header_stdc=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
 fi
-echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
 if test $ac_cv_header_stdc = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -6440,9 +7330,9 @@
 		  inttypes.h stdint.h unistd.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -6456,38 +7346,35 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   eval "$as_ac_Header=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_Header=no"
+	eval "$as_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
@@ -6502,18 +7389,19 @@
 for ac_header in dlfcn.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -6524,41 +7412,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -6567,24 +7451,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -6592,9 +7474,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -6618,25 +7501,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -6652,8 +7534,8 @@
 # Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers!
 
 # find the maximum length of command line arguments
-echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
-echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5
+echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; }
 if test "${lt_cv_sys_max_cmd_len+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -6744,19 +7626,19 @@
 fi
 
 if test -n $lt_cv_sys_max_cmd_len ; then
-  echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
-echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6
+  { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5
+echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; }
 else
-  echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6
+  { echo "$as_me:$LINENO: result: none" >&5
+echo "${ECHO_T}none" >&6; }
 fi
 
 
 
 
 # Check for command to grab the raw symbol name followed by C symbol from nm.
-echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
-echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5
+echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; }
 if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -6951,15 +7833,15 @@
   lt_cv_sys_global_symbol_to_cdecl=
 fi
 if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  echo "$as_me:$LINENO: result: failed" >&5
-echo "${ECHO_T}failed" >&6
+  { echo "$as_me:$LINENO: result: failed" >&5
+echo "${ECHO_T}failed" >&6; }
 else
-  echo "$as_me:$LINENO: result: ok" >&5
-echo "${ECHO_T}ok" >&6
+  { echo "$as_me:$LINENO: result: ok" >&5
+echo "${ECHO_T}ok" >&6; }
 fi
 
-echo "$as_me:$LINENO: checking for objdir" >&5
-echo $ECHO_N "checking for objdir... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for objdir" >&5
+echo $ECHO_N "checking for objdir... $ECHO_C" >&6; }
 if test "${lt_cv_objdir+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -6973,8 +7855,8 @@
 fi
 rmdir .libs 2>/dev/null
 fi
-echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
-echo "${ECHO_T}$lt_cv_objdir" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5
+echo "${ECHO_T}$lt_cv_objdir" >&6; }
 objdir=$lt_cv_objdir
 
 
@@ -7025,8 +7907,8 @@
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
 set dummy ${ac_tool_prefix}ar; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_AR+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7039,32 +7921,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_AR="${ac_tool_prefix}ar"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 AR=$ac_cv_prog_AR
 if test -n "$AR"; then
-  echo "$as_me:$LINENO: result: $AR" >&5
-echo "${ECHO_T}$AR" >&6
+  { echo "$as_me:$LINENO: result: $AR" >&5
+echo "${ECHO_T}$AR" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_AR"; then
   ac_ct_AR=$AR
   # Extract the first word of "ar", so it can be a program name with args.
 set dummy ar; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_AR+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7077,27 +7961,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_AR="ar"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_AR" && ac_cv_prog_ac_ct_AR="false"
 fi
 fi
 ac_ct_AR=$ac_cv_prog_ac_ct_AR
 if test -n "$ac_ct_AR"; then
-  echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
-echo "${ECHO_T}$ac_ct_AR" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5
+echo "${ECHO_T}$ac_ct_AR" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  AR=$ac_ct_AR
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
 else
   AR="$ac_cv_prog_AR"
 fi
@@ -7105,8 +8003,8 @@
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
 set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7119,32 +8017,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 RANLIB=$ac_cv_prog_RANLIB
 if test -n "$RANLIB"; then
-  echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6
+  { echo "$as_me:$LINENO: result: $RANLIB" >&5
+echo "${ECHO_T}$RANLIB" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_RANLIB"; then
   ac_ct_RANLIB=$RANLIB
   # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7157,27 +8057,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_RANLIB="ranlib"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
 fi
 fi
 ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
 if test -n "$ac_ct_RANLIB"; then
-  echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
+echo "${ECHO_T}$ac_ct_RANLIB" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  RANLIB=$ac_ct_RANLIB
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
 else
   RANLIB="$ac_cv_prog_RANLIB"
 fi
@@ -7185,8 +8099,8 @@
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
 set dummy ${ac_tool_prefix}strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_STRIP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7199,32 +8113,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_STRIP="${ac_tool_prefix}strip"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 STRIP=$ac_cv_prog_STRIP
 if test -n "$STRIP"; then
-  echo "$as_me:$LINENO: result: $STRIP" >&5
-echo "${ECHO_T}$STRIP" >&6
+  { echo "$as_me:$LINENO: result: $STRIP" >&5
+echo "${ECHO_T}$STRIP" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_STRIP"; then
   ac_ct_STRIP=$STRIP
   # Extract the first word of "strip", so it can be a program name with args.
 set dummy strip; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7237,27 +8153,41 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_STRIP="strip"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
-  test -z "$ac_cv_prog_ac_ct_STRIP" && ac_cv_prog_ac_ct_STRIP=":"
 fi
 fi
 ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
 if test -n "$ac_ct_STRIP"; then
-  echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
-echo "${ECHO_T}$ac_ct_STRIP" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+echo "${ECHO_T}$ac_ct_STRIP" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  STRIP=$ac_ct_STRIP
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
 else
   STRIP="$ac_cv_prog_STRIP"
 fi
@@ -7315,8 +8245,8 @@
 case $deplibs_check_method in
 file_magic*)
   if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
-echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6
+    { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5
+echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; }
 if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7368,17 +8298,17 @@
 
 MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
 if test -n "$MAGIC_CMD"; then
-  echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6
+  { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
 if test -z "$lt_cv_path_MAGIC_CMD"; then
   if test -n "$ac_tool_prefix"; then
-    echo "$as_me:$LINENO: checking for file" >&5
-echo $ECHO_N "checking for file... $ECHO_C" >&6
+    { echo "$as_me:$LINENO: checking for file" >&5
+echo $ECHO_N "checking for file... $ECHO_C" >&6; }
 if test "${lt_cv_path_MAGIC_CMD+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7430,11 +8360,11 @@
 
 MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
 if test -n "$MAGIC_CMD"; then
-  echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
-echo "${ECHO_T}$MAGIC_CMD" >&6
+  { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5
+echo "${ECHO_T}$MAGIC_CMD" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
   else
@@ -7449,21 +8379,21 @@
 enable_dlopen=yes
 enable_win32_dll=yes
 
-# Check whether --enable-libtool-lock or --disable-libtool-lock was given.
+# Check whether --enable-libtool-lock was given.
 if test "${enable_libtool_lock+set}" = set; then
-  enableval="$enable_libtool_lock"
+  enableval=$enable_libtool_lock;
+fi
 
-fi;
 test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
 
 
-# Check whether --with-pic or --without-pic was given.
+# Check whether --with-pic was given.
 if test "${with_pic+set}" = set; then
-  withval="$with_pic"
-  pic_mode="$withval"
+  withval=$with_pic; pic_mode="$withval"
 else
   pic_mode=default
-fi;
+fi
+
 test -z "$pic_mode" && pic_mode=default
 
 # Use C for the default configuration in the libtool script
@@ -7537,8 +8467,8 @@
 #
 # Check to make sure the static flag actually works.
 #
-echo "$as_me:$LINENO: checking if $compiler static flag $lt_prog_compiler_static works" >&5
-echo $ECHO_N "checking if $compiler static flag $lt_prog_compiler_static works... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_prog_compiler_static works" >&5
+echo $ECHO_N "checking if $compiler static flag $lt_prog_compiler_static works... $ECHO_C" >&6; }
 if test "${lt_prog_compiler_static_works+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7565,8 +8495,8 @@
    LDFLAGS="$save_LDFLAGS"
 
 fi
-echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
-echo "${ECHO_T}$lt_prog_compiler_static_works" >&6
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_static_works" >&6; }
 
 if test x"$lt_prog_compiler_static_works" = xyes; then
     :
@@ -7583,8 +8513,8 @@
   lt_prog_compiler_no_builtin_flag=' -fno-builtin'
 
 
-echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; }
 if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7601,11 +8531,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:7604: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8534: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:7608: \$? = $ac_status" >&5
+   echo "$as_me:8538: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -7618,8 +8548,8 @@
    $rm conftest*
 
 fi
-echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; }
 
 if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
     lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
@@ -7633,8 +8563,8 @@
 lt_prog_compiler_pic=
 lt_prog_compiler_static=
 
-echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
-echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5
+echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; }
 
   if test "$GCC" = yes; then
     lt_prog_compiler_wl='-Wl,'
@@ -7837,16 +8767,16 @@
     esac
   fi
 
-echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic" >&6
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic" >&6; }
 
 #
 # Check to make sure the PIC flag actually works.
 #
 if test -n "$lt_prog_compiler_pic"; then
 
-echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; }
 if test "${lt_prog_compiler_pic_works+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7863,11 +8793,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:7866: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8796: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:7870: \$? = $ac_status" >&5
+   echo "$as_me:8800: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -7880,8 +8810,8 @@
    $rm conftest*
 
 fi
-echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
-echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6
+{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5
+echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6; }
 
 if test x"$lt_prog_compiler_pic_works" = xyes; then
     case $lt_prog_compiler_pic in
@@ -7904,8 +8834,8 @@
     ;;
 esac
 
-echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
-echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5
+echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; }
 if test "${lt_cv_prog_compiler_c_o+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -7925,11 +8855,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:7928: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8858: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:7932: \$? = $ac_status" >&5
+   echo "$as_me:8862: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -7951,23 +8881,23 @@
    $rm conftest*
 
 fi
-echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
-echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5
+echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; }
 
 
 hard_links="nottested"
 if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
   # do not overwrite the value of need_locks provided by the user
-  echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
-echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5
+echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; }
   hard_links=yes
   $rm conftest*
   ln conftest.a conftest.b 2>/dev/null && hard_links=no
   touch conftest.a
   ln conftest.a conftest.b 2>&5 || hard_links=no
   ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  echo "$as_me:$LINENO: result: $hard_links" >&5
-echo "${ECHO_T}$hard_links" >&6
+  { echo "$as_me:$LINENO: result: $hard_links" >&5
+echo "${ECHO_T}$hard_links" >&6; }
   if test "$hard_links" = no; then
     { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
 echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
@@ -7977,8 +8907,8 @@
   need_locks=no
 fi
 
-echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; }
 
   runpath_var=
   allow_undefined_flag=
@@ -8345,27 +9275,23 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
 
 aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
 }'`
@@ -8376,8 +9302,10 @@
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
 
@@ -8406,27 +9334,23 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
 
 aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
 }'`
@@ -8437,8 +9361,10 @@
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
 
@@ -8873,8 +9799,8 @@
     esac
   fi
 
-echo "$as_me:$LINENO: result: $ld_shlibs" >&5
-echo "${ECHO_T}$ld_shlibs" >&6
+{ echo "$as_me:$LINENO: result: $ld_shlibs" >&5
+echo "${ECHO_T}$ld_shlibs" >&6; }
 test "$ld_shlibs" = no && can_build_shared=no
 
 variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
@@ -8899,8 +9825,8 @@
       # Test whether the compiler implicitly links with -lc since on some
       # systems, -lgcc has to come before -lc. If gcc already passes -lc
       # to ld, don't add -lc before -lgcc.
-      echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
-echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6
+      { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5
+echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; }
       $rm conftest*
       printf "$lt_simple_compile_test_code" > conftest.$ac_ext
 
@@ -8936,16 +9862,16 @@
         cat conftest.err 1>&5
       fi
       $rm conftest*
-      echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
-echo "${ECHO_T}$archive_cmds_need_lc" >&6
+      { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5
+echo "${ECHO_T}$archive_cmds_need_lc" >&6; }
       ;;
     esac
   fi
   ;;
 esac
 
-echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
-echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5
+echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; }
 library_names_spec=
 libname_spec='lib$name'
 soname_spec=
@@ -9498,12 +10424,12 @@
   dynamic_linker=no
   ;;
 esac
-echo "$as_me:$LINENO: result: $dynamic_linker" >&5
-echo "${ECHO_T}$dynamic_linker" >&6
+{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5
+echo "${ECHO_T}$dynamic_linker" >&6; }
 test "$dynamic_linker" = no && can_build_shared=no
 
-echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
-echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5
+echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; }
 hardcode_action=
 if test -n "$hardcode_libdir_flag_spec" || \
    test -n "$runpath_var" || \
@@ -9527,8 +10453,8 @@
   # directories.
   hardcode_action=unsupported
 fi
-echo "$as_me:$LINENO: result: $hardcode_action" >&5
-echo "${ECHO_T}$hardcode_action" >&6
+{ echo "$as_me:$LINENO: result: $hardcode_action" >&5
+echo "${ECHO_T}$hardcode_action" >&6; }
 
 if test "$hardcode_action" = relink; then
   # Fast installation is not supported
@@ -9541,29 +10467,29 @@
 
 striplib=
 old_striplib=
-echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
-echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5
+echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; }
 if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
   test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
   test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
 else
 # FIXME - insert some real tests, host_os isn't really good enough
   case $host_os in
    darwin*)
        if test -n "$STRIP" ; then
          striplib="$STRIP -x"
-         echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+         { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
        else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
        ;;
    *)
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
     ;;
   esac
 fi
@@ -9595,8 +10521,8 @@
 
   darwin*)
   # if libdl is installed we need to link against it
-    echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+    { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_dl_dlopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -9609,56 +10535,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char dlopen ();
 int
 main ()
 {
-dlopen ();
+return dlopen ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_dl_dlopen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_dl_dlopen=no
+	ac_cv_lib_dl_dlopen=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
 if test $ac_cv_lib_dl_dlopen = yes; then
   lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
 else
@@ -9672,8 +10595,8 @@
    ;;
 
   *)
-    echo "$as_me:$LINENO: checking for shl_load" >&5
-echo $ECHO_N "checking for shl_load... $ECHO_C" >&6
+    { echo "$as_me:$LINENO: checking for shl_load" >&5
+echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; }
 if test "${ac_cv_func_shl_load+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -9700,73 +10623,64 @@
 
 #undef shl_load
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char shl_load ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_shl_load) || defined (__stub___shl_load)
+#if defined __stub_shl_load || defined __stub___shl_load
 choke me
-#else
-char (*f) () = shl_load;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != shl_load;
+return shl_load ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_shl_load=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_shl_load=no
+	ac_cv_func_shl_load=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
-echo "${ECHO_T}$ac_cv_func_shl_load" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5
+echo "${ECHO_T}$ac_cv_func_shl_load" >&6; }
 if test $ac_cv_func_shl_load = yes; then
   lt_cv_dlopen="shl_load"
 else
-  echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
-echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5
+echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; }
 if test "${ac_cv_lib_dld_shl_load+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -9779,61 +10693,58 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char shl_load ();
 int
 main ()
 {
-shl_load ();
+return shl_load ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_dld_shl_load=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_dld_shl_load=no
+	ac_cv_lib_dld_shl_load=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; }
 if test $ac_cv_lib_dld_shl_load = yes; then
   lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"
 else
-  echo "$as_me:$LINENO: checking for dlopen" >&5
-echo $ECHO_N "checking for dlopen... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for dlopen" >&5
+echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; }
 if test "${ac_cv_func_dlopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -9860,73 +10771,64 @@
 
 #undef dlopen
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char dlopen ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_dlopen) || defined (__stub___dlopen)
+#if defined __stub_dlopen || defined __stub___dlopen
 choke me
-#else
-char (*f) () = dlopen;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != dlopen;
+return dlopen ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_dlopen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_dlopen=no
+	ac_cv_func_dlopen=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
-echo "${ECHO_T}$ac_cv_func_dlopen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5
+echo "${ECHO_T}$ac_cv_func_dlopen" >&6; }
 if test $ac_cv_func_dlopen = yes; then
   lt_cv_dlopen="dlopen"
 else
-  echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
+echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_dl_dlopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -9939,61 +10841,58 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char dlopen ();
 int
 main ()
 {
-dlopen ();
+return dlopen ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_dl_dlopen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_dl_dlopen=no
+	ac_cv_lib_dl_dlopen=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; }
 if test $ac_cv_lib_dl_dlopen = yes; then
   lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
 else
-  echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
-echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5
+echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; }
 if test "${ac_cv_lib_svld_dlopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -10006,61 +10905,58 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char dlopen ();
 int
 main ()
 {
-dlopen ();
+return dlopen ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_svld_dlopen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_svld_dlopen=no
+	ac_cv_lib_svld_dlopen=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5
+echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; }
 if test $ac_cv_lib_svld_dlopen = yes; then
   lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
 else
-  echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
-echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5
+echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; }
 if test "${ac_cv_lib_dld_dld_link+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -10073,56 +10969,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char dld_link ();
 int
 main ()
 {
-dld_link ();
+return dld_link ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_dld_dld_link=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_dld_dld_link=no
+	ac_cv_lib_dld_dld_link=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
-echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5
+echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; }
 if test $ac_cv_lib_dld_dld_link = yes; then
   lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"
 fi
@@ -10162,8 +11055,8 @@
     save_LIBS="$LIBS"
     LIBS="$lt_cv_dlopen_libs $LIBS"
 
-    echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
-echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6
+    { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5
+echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; }
 if test "${lt_cv_dlopen_self+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -10173,7 +11066,7 @@
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 10176 "configure"
+#line 11069 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -10255,13 +11148,13 @@
 
 
 fi
-echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self" >&6; }
 
     if test "x$lt_cv_dlopen_self" = xyes; then
       LDFLAGS="$LDFLAGS $link_static_flag"
-      echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
-echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6
+      { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5
+echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; }
 if test "${lt_cv_dlopen_self_static+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -10271,7 +11164,7 @@
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 10274 "configure"
+#line 11167 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -10353,8 +11246,8 @@
 
 
 fi
-echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
-echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6
+{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5
+echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; }
     fi
 
     CPPFLAGS="$save_CPPFLAGS"
@@ -10376,13 +11269,13 @@
 
 
 # Report which librarie types wil actually be built
-echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
-echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $can_build_shared" >&5
-echo "${ECHO_T}$can_build_shared" >&6
+{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5
+echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; }
+{ echo "$as_me:$LINENO: result: $can_build_shared" >&5
+echo "${ECHO_T}$can_build_shared" >&6; }
 
-echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
-echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5
+echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; }
 test "$can_build_shared" = "no" && enable_shared=no
 
 # On AIX, shared libraries and static libraries use the same namespace, and
@@ -10402,15 +11295,15 @@
   fi
     ;;
 esac
-echo "$as_me:$LINENO: result: $enable_shared" >&5
-echo "${ECHO_T}$enable_shared" >&6
+{ echo "$as_me:$LINENO: result: $enable_shared" >&5
+echo "${ECHO_T}$enable_shared" >&6; }
 
-echo "$as_me:$LINENO: checking whether to build static libraries" >&5
-echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5
+echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; }
 # Make sure either enable_shared or enable_static is yes.
 test "$enable_shared" = yes || enable_static=yes
-echo "$as_me:$LINENO: result: $enable_static" >&5
-echo "${ECHO_T}$enable_static" >&6
+{ echo "$as_me:$LINENO: result: $enable_static" >&5
+echo "${ECHO_T}$enable_static" >&6; }
 
 # The else clause should only fire when bootstrapping the
 # libtool distribution, otherwise you forgot to ship ltmain.sh
@@ -10899,12 +11792,12 @@
 CC="$lt_save_CC"
 
 
-# Check whether --with-tags or --without-tags was given.
+# Check whether --with-tags was given.
 if test "${with_tags+set}" = set; then
-  withval="$with_tags"
-  tagnames="$withval"
-fi;
+  withval=$with_tags; tagnames="$withval"
+fi
 
+
 if test -f "$ltmain" && test -n "$tagnames"; then
   if test ! -f "${ofile}"; then
     { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5
@@ -10979,7 +11872,6 @@
       RC)
 
 
-
 # Source file extension for RC test sources.
 ac_ext=rc
 
@@ -11498,8 +12390,8 @@
 if test $ol_enable_perl != no ; then
 	# Extract the first word of "perl", so it can be a program name with args.
 set dummy perl; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_path_PERLBIN+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -11514,29 +12406,30 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_path_PERLBIN="$as_dir/$ac_word$ac_exec_ext"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
   test -z "$ac_cv_path_PERLBIN" && ac_cv_path_PERLBIN="/usr/bin/perl"
   ;;
 esac
 fi
 PERLBIN=$ac_cv_path_PERLBIN
-
 if test -n "$PERLBIN"; then
-  echo "$as_me:$LINENO: result: $PERLBIN" >&5
-echo "${ECHO_T}$PERLBIN" >&6
+  { echo "$as_me:$LINENO: result: $PERLBIN" >&5
+echo "${ECHO_T}$PERLBIN" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
 
+
 	if test "no$PERLBIN" = "no" ; then
 		if test $ol_enable_perl = yes ; then
 			{ { echo "$as_me:$LINENO: error: could not locate perl" >&5
@@ -11562,8 +12455,8 @@
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -11597,24 +12490,22 @@
 #endif
 		     Syntax error
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   :
 else
   echo "$as_me: failed program was:" >&5
@@ -11623,9 +12514,10 @@
   # Broken: fails on valid input.
 continue
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
-  # OK, works on sane cases.  Now check whether non-existent headers
+  # OK, works on sane cases.  Now check whether nonexistent headers
   # can be detected and how.
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -11635,24 +12527,22 @@
 /* end confdefs.h.  */
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   # Broken: success on invalid input.
 continue
 else
@@ -11663,6 +12553,7 @@
 ac_preproc_ok=:
 break
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
 done
@@ -11680,8 +12571,8 @@
 else
   ac_cv_prog_CPP=$CPP
 fi
-echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6
+{ echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6; }
 ac_preproc_ok=false
 for ac_c_preproc_warn_flag in '' yes
 do
@@ -11704,24 +12595,22 @@
 #endif
 		     Syntax error
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   :
 else
   echo "$as_me: failed program was:" >&5
@@ -11730,9 +12619,10 @@
   # Broken: fails on valid input.
 continue
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
-  # OK, works on sane cases.  Now check whether non-existent headers
+  # OK, works on sane cases.  Now check whether nonexistent headers
   # can be detected and how.
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -11742,24 +12632,22 @@
 /* end confdefs.h.  */
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   # Broken: success on invalid input.
 continue
 else
@@ -11770,6 +12658,7 @@
 ac_preproc_ok=:
 break
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
 done
@@ -11791,10 +12680,56 @@
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
+{ echo "$as_me:$LINENO: checking whether we are using MS Visual C++" >&5
+echo $ECHO_N "checking whether we are using MS Visual C++... $ECHO_C" >&6; }
+if test "${ol_cv_msvc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
 
+#ifndef _MSC_VER
+#include <__FOO__/generate_error.h>
+#endif
+
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  ol_cv_msvc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ol_cv_msvc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ol_cv_msvc" >&5
+echo "${ECHO_T}$ol_cv_msvc" >&6; }
+
 case $host_os in
   *mingw32* ) ac_cv_mingw32=yes ;;
   *cygwin* ) ac_cv_cygwin=yes ;;
+  *interix* ) ac_cv_interix=yes ;;
 esac
 
 
@@ -11805,8 +12740,8 @@
 _ACEOF
 
 
-echo "$as_me:$LINENO: checking for be_app in -lbe" >&5
-echo $ECHO_N "checking for be_app in -lbe... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for be_app in -lbe" >&5
+echo $ECHO_N "checking for be_app in -lbe... $ECHO_C" >&6; }
 if test "${ac_cv_lib_be_be_app+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -11819,56 +12754,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char be_app ();
 int
 main ()
 {
-be_app ();
+return be_app ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_be_be_app=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_be_be_app=no
+	ac_cv_lib_be_be_app=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_be_be_app" >&5
-echo "${ECHO_T}$ac_cv_lib_be_be_app" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_be_be_app" >&5
+echo "${ECHO_T}$ac_cv_lib_be_be_app" >&6; }
 if test $ac_cv_lib_be_be_app = yes; then
   LIBS="$LIBS -lbe -lroot -lnet"
 else
@@ -11884,8 +12816,8 @@
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -11898,32 +12830,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="${ac_tool_prefix}gcc"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$ac_cv_prog_CC"; then
   ac_ct_CC=$CC
   # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -11936,36 +12870,51 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_CC="gcc"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-  CC=$ac_ct_CC
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
 else
   CC="$ac_cv_prog_CC"
 fi
 
 if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -11978,74 +12927,34 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="${ac_tool_prefix}cc"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="cc"
-    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-done
 
+  fi
 fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-  CC=$ac_ct_CC
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-fi
 if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12059,7 +12968,7 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
        ac_prog_rejected=yes
        continue
@@ -12070,6 +12979,7 @@
   fi
 done
 done
+IFS=$as_save_IFS
 
 if test $ac_prog_rejected = yes; then
   # We found a bogon in the path, so make sure we never use it.
@@ -12087,22 +12997,23 @@
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
 fi
 if test -z "$CC"; then
   if test -n "$ac_tool_prefix"; then
-  for ac_prog in cl
+  for ac_prog in cl.exe
   do
     # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12115,36 +13026,38 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+  { echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
     test -n "$CC" && break
   done
 fi
 if test -z "$CC"; then
   ac_ct_CC=$CC
-  for ac_prog in cl
+  for ac_prog in cl.exe
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12157,29 +13070,45 @@
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
   for ac_exec_ext in '' $ac_executable_extensions; do
-  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
     ac_cv_prog_ac_ct_CC="$ac_prog"
     echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
     break 2
   fi
 done
 done
+IFS=$as_save_IFS
 
 fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
+  { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6; }
 else
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
 
+
   test -n "$ac_ct_CC" && break
 done
 
-  CC=$ac_ct_CC
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&5
+echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
+whose name does not start with the host triplet.  If you think this
+configuration is useful to you, please write to autoconf at gnu.org." >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
 fi
 
 fi
@@ -12192,27 +13121,41 @@
    { (exit 1); exit 1; }; }
 
 # Provide some information about the compiler.
-echo "$as_me:$LINENO:" \
-     "checking for C compiler version" >&5
+echo "$as_me:$LINENO: checking for C compiler version" >&5
 ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
-  (eval $ac_compiler --version </dev/null >&5) 2>&5
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
-  (eval $ac_compiler -v </dev/null >&5) 2>&5
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
-  (eval $ac_compiler -V </dev/null >&5) 2>&5
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }
 
-echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
 if test "${ac_cv_c_compiler_gnu+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12235,50 +13178,49 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_compiler_gnu=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_compiler_gnu=no
+	ac_compiler_gnu=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
 GCC=`test $ac_compiler_gnu = yes && echo yes`
 ac_test_CFLAGS=${CFLAGS+set}
 ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
 if test "${ac_cv_prog_cc_g+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  cat >conftest.$ac_ext <<_ACEOF
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -12294,38 +13236,118 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_prog_cc_g=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_prog_cc_g=no
+
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
 if test "$ac_test_CFLAGS" = set; then
   CFLAGS=$ac_save_CFLAGS
 elif test $ac_cv_prog_cc_g = yes; then
@@ -12341,12 +13363,12 @@
     CFLAGS=
   fi
 fi
-echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_stdc+set}" = set; then
+{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  ac_cv_prog_cc_stdc=no
+  ac_cv_prog_cc_c89=no
 ac_save_CC=$CC
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -12380,12 +13402,17 @@
 /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
    function prototypes and stuff, but not '\xHH' hex character constants.
    These don't provoke an error unfortunately, instead are silently treated
-   as 'x'.  The following induces an error, until -std1 is added to get
+   as 'x'.  The following induces an error, until -std is added to get
    proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
    array size at least.  It's necessary to write '\x00'==0 to get something
-   that's true only with -std1.  */
+   that's true only with -std.  */
 int osf4_cc_array ['\x00' == 0 ? 1 : -1];
 
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
 int test (int i, double x);
 struct s1 {int (*f) (int a);};
 struct s2 {int (*f) (double a);};
@@ -12400,205 +13427,57 @@
   return 0;
 }
 _ACEOF
-# Don't try gcc -ansi; that turns off useful extensions and
-# breaks some systems' header files.
-# AIX			-qlanglvl=ansi
-# Ultrix and OSF/1	-std1
-# HP-UX 10.20 and later	-Ae
-# HP-UX older versions	-Aa -D_HPUX_SOURCE
-# SVR4			-Xc -D__EXTENSIONS__
-for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
 do
   CC="$ac_save_CC $ac_arg"
   rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_prog_cc_stdc=$ac_arg
-break
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
 done
-rm -f conftest.$ac_ext conftest.$ac_objext
+rm -f conftest.$ac_ext
 CC=$ac_save_CC
 
 fi
-
-case "x$ac_cv_prog_cc_stdc" in
-  x|xno)
-    echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6 ;;
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6; } ;;
+  xno)
+    { echo "$as_me:$LINENO: result: unsupported" >&5
+echo "${ECHO_T}unsupported" >&6; } ;;
   *)
-    echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
-    CC="$CC $ac_cv_prog_cc_stdc" ;;
+    CC="$CC $ac_cv_prog_cc_c89"
+    { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
 esac
 
-# Some people use a C++ compiler to compile C.  Since we use `exit',
-# in C++ we need to declare it.  In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-#ifndef __cplusplus
-  choke me
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  for ac_declaration in \
-   '' \
-   'extern "C" void std::exit (int) throw (); using std::exit;' \
-   'extern "C" void std::exit (int); using std::exit;' \
-   'extern "C" void exit (int) throw ();' \
-   'extern "C" void exit (int);' \
-   'void exit (int);'
-do
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_declaration
-#include <stdlib.h>
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  :
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
 
-continue
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-  cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-$ac_declaration
-int
-main ()
-{
-exit (42);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  break
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-rm -f conftest*
-if test -n "$ac_declaration"; then
-  echo '#ifdef __cplusplus' >>confdefs.h
-  echo $ac_declaration      >>confdefs.h
-  echo '#endif'             >>confdefs.h
-fi
-
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -12607,8 +13486,8 @@
 
 depcc="$CC"   am_compiler_list=
 
-echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
-echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; }
 if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12697,8 +13576,8 @@
 fi
 
 fi
-echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
-echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6
+{ echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; }
 CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
 
 
@@ -12726,8 +13605,8 @@
 if test -z "${MKDEP}"; then
 	OL_MKDEP="${CC-cc}"
 	if test -z "${MKDEP_FLAGS}"; then
-		echo "$as_me:$LINENO: checking for ${OL_MKDEP} depend flag" >&5
-echo $ECHO_N "checking for ${OL_MKDEP} depend flag... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for ${OL_MKDEP} depend flag" >&5
+echo $ECHO_N "checking for ${OL_MKDEP} depend flag... $ECHO_C" >&6; }
 if test "${ol_cv_mkdep+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12755,8 +13634,8 @@
 			rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_mkdep" >&5
-echo "${ECHO_T}$ol_cv_mkdep" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_mkdep" >&5
+echo "${ECHO_T}$ol_cv_mkdep" >&6; }
 		test "$ol_cv_mkdep" = no && OL_MKDEP=":"
 	else
 		cc_cv_mkdep=yes
@@ -12776,8 +13655,8 @@
 echo "$as_me: WARNING: do not know how to generate dependencies" >&2;}
 fi
 
-echo "$as_me:$LINENO: checking for afopen in -ls" >&5
-echo $ECHO_N "checking for afopen in -ls... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for afopen in -ls" >&5
+echo $ECHO_N "checking for afopen in -ls... $ECHO_C" >&6; }
 if test "${ac_cv_lib_s_afopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -12790,56 +13669,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char afopen ();
 int
 main ()
 {
-afopen ();
+return afopen ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_s_afopen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_s_afopen=no
+	ac_cv_lib_s_afopen=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_s_afopen" >&5
-echo "${ECHO_T}$ac_cv_lib_s_afopen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_s_afopen" >&5
+echo "${ECHO_T}$ac_cv_lib_s_afopen" >&6; }
 if test $ac_cv_lib_s_afopen = yes; then
 
 	AUTH_LIBS=-ls
@@ -12870,18 +13746,19 @@
 for ac_header in ltdl.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -12892,41 +13769,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -12935,24 +13808,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -12960,9 +13831,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -12986,25 +13858,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -13023,8 +13894,8 @@
    { (exit 1); exit 1; }; }
 	fi
 
-	echo "$as_me:$LINENO: checking for lt_dlinit in -lltdl" >&5
-echo $ECHO_N "checking for lt_dlinit in -lltdl... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for lt_dlinit in -lltdl" >&5
+echo $ECHO_N "checking for lt_dlinit in -lltdl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_ltdl_lt_dlinit+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -13037,56 +13908,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char lt_dlinit ();
 int
 main ()
 {
-lt_dlinit ();
+return lt_dlinit ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_ltdl_lt_dlinit=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_ltdl_lt_dlinit=no
+	ac_cv_lib_ltdl_lt_dlinit=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ltdl_lt_dlinit" >&5
-echo "${ECHO_T}$ac_cv_lib_ltdl_lt_dlinit" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ltdl_lt_dlinit" >&5
+echo "${ECHO_T}$ac_cv_lib_ltdl_lt_dlinit" >&6; }
 if test $ac_cv_lib_ltdl_lt_dlinit = yes; then
 
 		MODULES_LIBS=-lltdl
@@ -13127,8 +13995,8 @@
 fi
 
 # test for EBCDIC
-echo "$as_me:$LINENO: checking for EBCDIC" >&5
-echo $ECHO_N "checking for EBCDIC... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for EBCDIC" >&5
+echo $ECHO_N "checking for EBCDIC... $ECHO_C" >&6; }
 if test "${ol_cv_cpp_ebcdic+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -13145,24 +14013,22 @@
 #endif
 
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ol_cv_cpp_ebcdic=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -13170,10 +14036,11 @@
 
   ol_cv_cpp_ebcdic=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_cpp_ebcdic" >&5
-echo "${ECHO_T}$ol_cv_cpp_ebcdic" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_cpp_ebcdic" >&5
+echo "${ECHO_T}$ol_cv_cpp_ebcdic" >&6; }
 if test $ol_cv_cpp_ebcdic = yes ; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -13182,8 +14049,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
 if test "${ol_cv_header_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -13198,24 +14065,22 @@
 #include <string.h>
 #include <float.h>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ol_cv_header_stdc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -13223,6 +14088,7 @@
 
   ol_cv_header_stdc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
 
 if test $ol_cv_header_stdc = yes; then
@@ -13295,13 +14161,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -13314,12 +14189,14 @@
 ( exit $ac_status )
 ol_cv_header_stdc=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
 fi
-echo "$as_me:$LINENO: result: $ol_cv_header_stdc" >&5
-echo "${ECHO_T}$ol_cv_header_stdc" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_header_stdc" >&5
+echo "${ECHO_T}$ol_cv_header_stdc" >&6; }
 if test $ol_cv_header_stdc = yes; then
   cat >>confdefs.h <<\_ACEOF
 #define STDC_HEADERS 1
@@ -13342,9 +14219,9 @@
 ac_header_dirent=no
 for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
   as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5
-echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5
+echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -13366,38 +14243,35 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   eval "$as_ac_Header=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_Header=no"
+	eval "$as_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
@@ -13409,13 +14283,12 @@
 done
 # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
 if test $ac_header_dirent = dirent.h; then
-  echo "$as_me:$LINENO: checking for library containing opendir" >&5
-echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6; }
 if test "${ac_cv_search_opendir+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_func_search_save_LIBS=$LIBS
-ac_cv_search_opendir=no
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -13423,126 +14296,83 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char opendir ();
 int
 main ()
 {
-opendir ();
+return opendir ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' dir; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_opendir="none required"
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_opendir=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_search_opendir" = no; then
-  for ac_lib in dir; do
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-    cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char opendir ();
-int
-main ()
-{
-opendir ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_opendir="-l$ac_lib"
-break
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_opendir+set}" = set; then
+  break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then
+  :
 else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
+  ac_cv_search_opendir=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-  done
-fi
+rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
-echo "${ECHO_T}$ac_cv_search_opendir" >&6
-if test "$ac_cv_search_opendir" != no; then
-  test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+{ echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
 fi
 
 else
-  echo "$as_me:$LINENO: checking for library containing opendir" >&5
-echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6; }
 if test "${ac_cv_search_opendir+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_func_search_save_LIBS=$LIBS
-ac_cv_search_opendir=no
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -13550,122 +14380,80 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char opendir ();
 int
 main ()
 {
-opendir ();
+return opendir ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' x; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_opendir="none required"
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_opendir=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_search_opendir" = no; then
-  for ac_lib in x; do
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-    cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char opendir ();
-int
-main ()
-{
-opendir ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_opendir="-l$ac_lib"
-break
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_opendir+set}" = set; then
+  break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then
+  :
 else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
+  ac_cv_search_opendir=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-  done
-fi
+rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
-echo "${ECHO_T}$ac_cv_search_opendir" >&6
-if test "$ac_cv_search_opendir" != no; then
-  test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+{ echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
 
 fi
 
 fi
 
-echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5
-echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6; }
 if test "${ac_cv_header_sys_wait_h+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -13678,7 +14466,7 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 #ifndef WEXITSTATUS
-# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
+# define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8)
 #endif
 #ifndef WIFEXITED
 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
@@ -13695,38 +14483,34 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_header_sys_wait_h=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_header_sys_wait_h=no
+	ac_cv_header_sys_wait_h=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5
-echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5
+echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6; }
 if test $ac_cv_header_sys_wait_h = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -13735,8 +14519,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking whether termios.h defines TIOCGWINSZ" >&5
-echo $ECHO_N "checking whether termios.h defines TIOCGWINSZ... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether termios.h defines TIOCGWINSZ" >&5
+echo $ECHO_N "checking whether termios.h defines TIOCGWINSZ... $ECHO_C" >&6; }
 if test "${ac_cv_sys_tiocgwinsz_in_termios_h+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -13762,12 +14546,12 @@
 rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_tiocgwinsz_in_termios_h" >&5
-echo "${ECHO_T}$ac_cv_sys_tiocgwinsz_in_termios_h" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_tiocgwinsz_in_termios_h" >&5
+echo "${ECHO_T}$ac_cv_sys_tiocgwinsz_in_termios_h" >&6; }
 
 if test $ac_cv_sys_tiocgwinsz_in_termios_h != yes; then
-  echo "$as_me:$LINENO: checking whether sys/ioctl.h defines TIOCGWINSZ" >&5
-echo $ECHO_N "checking whether sys/ioctl.h defines TIOCGWINSZ... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking whether sys/ioctl.h defines TIOCGWINSZ" >&5
+echo $ECHO_N "checking whether sys/ioctl.h defines TIOCGWINSZ... $ECHO_C" >&6; }
 if test "${ac_cv_sys_tiocgwinsz_in_sys_ioctl_h+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -13793,8 +14577,8 @@
 rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_tiocgwinsz_in_sys_ioctl_h" >&5
-echo "${ECHO_T}$ac_cv_sys_tiocgwinsz_in_sys_ioctl_h" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_tiocgwinsz_in_sys_ioctl_h" >&5
+echo "${ECHO_T}$ac_cv_sys_tiocgwinsz_in_sys_ioctl_h" >&6; }
 
   if test $ac_cv_sys_tiocgwinsz_in_sys_ioctl_h = yes; then
 
@@ -13904,18 +14688,19 @@
 
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -13926,41 +14711,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -13969,24 +14750,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -13994,9 +14773,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -14020,25 +14800,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -14051,24 +14830,28 @@
 done
 
 
-if test "$ac_cv_mingw32" = yes ; then
+if test "$ac_cv_mingw32" = yes \
+	-o "$ac_cv_interix" = yes \
+	-o "$ol_cv_msvc" = yes
+then
 
 
 for ac_header in winsock.h winsock2.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -14079,41 +14862,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -14122,24 +14901,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -14147,9 +14924,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -14173,25 +14951,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -14209,9 +14986,9 @@
 for ac_header in resolv.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -14227,38 +15004,35 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   eval "$as_ac_Header=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_Header=no"
+	eval "$as_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
@@ -14273,9 +15047,9 @@
 for ac_header in netinet/tcp.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -14291,38 +15065,35 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   eval "$as_ac_Header=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_Header=no"
+	eval "$as_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
@@ -14337,9 +15108,9 @@
 for ac_header in sys/ucred.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -14357,38 +15128,35 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   eval "$as_ac_Header=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_Header=no"
+	eval "$as_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
@@ -14405,9 +15173,9 @@
 for ac_func in sigaction sigset
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -14433,68 +15201,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -14506,8 +15266,8 @@
 
 if test $ac_cv_func_sigaction = no && test $ac_cv_func_sigaction = no ; then
 
-echo "$as_me:$LINENO: checking for sigset in -lV3" >&5
-echo $ECHO_N "checking for sigset in -lV3... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for sigset in -lV3" >&5
+echo $ECHO_N "checking for sigset in -lV3... $ECHO_C" >&6; }
 if test "${ac_cv_lib_V3_sigset+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -14520,56 +15280,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char sigset ();
 int
 main ()
 {
-sigset ();
+return sigset ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_V3_sigset=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_V3_sigset=no
+	ac_cv_lib_V3_sigset=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_V3_sigset" >&5
-echo "${ECHO_T}$ac_cv_lib_V3_sigset" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_V3_sigset" >&5
+echo "${ECHO_T}$ac_cv_lib_V3_sigset" >&6; }
 if test $ac_cv_lib_V3_sigset = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBV3 1
@@ -14581,16 +15338,23 @@
 
 fi
 
+if test $ol_cv_msvc ; then
+   ol_cv_winsock=yes
+fi
+
 if test "$ac_cv_header_winsock_h" = yes; then
-echo "$as_me:$LINENO: checking for winsock" >&5
-echo $ECHO_N "checking for winsock... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for winsock" >&5
+echo $ECHO_N "checking for winsock... $ECHO_C" >&6; }
 if test "${ol_cv_winsock+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  save_LIBS="$LIBS"
-for curlib in ws2_32 wsock32; do
-	LIBS="$LIBS -l$curlib"
-	cat >conftest.$ac_ext <<_ACEOF
+
+	save_LIBS="$LIBS"
+	for curlib in none ws2_32 wsock32; do
+		if test curlib != none ; then
+	    	LIBS="$save_LIBS -l$curlib"
+		fi
+		cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -14612,67 +15376,70 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_winsock=yes
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ol_cv_winsock=$curlib
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_winsock=no
+	ol_cv_winsock=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
-	if test $ol_cv_winsock = yes; then
+		test "$ol_cv_winsock" != no && break
+	done
+	LIBS="$save_LIBS"
 
+fi
+{ echo "$as_me:$LINENO: result: $ol_cv_winsock" >&5
+echo "${ECHO_T}$ol_cv_winsock" >&6; }
+
+	if test $ol_cv_winsock != no ; then
+
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_WINSOCK 1
 _ACEOF
 
-		ac_cv_func_socket=yes
-		ac_cv_func_select=yes
-		ac_cv_func_closesocket=yes
-		ac_cv_func_gethostname=yes
-		if test $curlib = ws2_32; then
-			ol_cv_winsock=winsock2
+    	ac_cv_func_socket=yes
+    	ac_cv_func_select=yes
+    	ac_cv_func_closesocket=yes
+    	ac_cv_func_gethostname=yes
 
+		if test $ol_cv_winsock != none -a $ol_cv_winsock != yes ; then
+        	LIBS="$LIBS -l$ol_cv_winsock"
+		fi
+
+    	if test $ol_cv_winsock = ws2_32 -o $ol_cv_winsock = yes ; then
+
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_WINSOCK2 1
 _ACEOF
 
-		fi
-		break
+    	fi
 	fi
-	LIBS="$save_LIBS"
-done
 fi
-echo "$as_me:$LINENO: result: $ol_cv_winsock" >&5
-echo "${ECHO_T}$ol_cv_winsock" >&6
-fi
 
 
-echo "$as_me:$LINENO: checking for socket" >&5
-echo $ECHO_N "checking for socket... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for socket" >&5
+echo $ECHO_N "checking for socket... $ECHO_C" >&6; }
 if test "${ac_cv_func_socket+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -14699,75 +15466,66 @@
 
 #undef socket
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char socket ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_socket) || defined (__stub___socket)
+#if defined __stub_socket || defined __stub___socket
 choke me
-#else
-char (*f) () = socket;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != socket;
+return socket ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_socket=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_socket=no
+	ac_cv_func_socket=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_socket" >&5
-echo "${ECHO_T}$ac_cv_func_socket" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_socket" >&5
+echo "${ECHO_T}$ac_cv_func_socket" >&6; }
 if test $ac_cv_func_socket = yes; then
   :
 else
 
 
-echo "$as_me:$LINENO: checking for main in -lsocket" >&5
-echo $ECHO_N "checking for main in -lsocket... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for main in -lsocket" >&5
+echo $ECHO_N "checking for main in -lsocket... $ECHO_C" >&6; }
 if test "${ac_cv_lib_socket_main+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -14784,46 +15542,43 @@
 int
 main ()
 {
-main ();
+return main ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_socket_main=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_socket_main=no
+	ac_cv_lib_socket_main=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_main" >&5
-echo "${ECHO_T}$ac_cv_lib_socket_main" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_main" >&5
+echo "${ECHO_T}$ac_cv_lib_socket_main" >&6; }
 if test $ac_cv_lib_socket_main = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBSOCKET 1
@@ -14834,8 +15589,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for main in -lnet" >&5
-echo $ECHO_N "checking for main in -lnet... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for main in -lnet" >&5
+echo $ECHO_N "checking for main in -lnet... $ECHO_C" >&6; }
 if test "${ac_cv_lib_net_main+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -14852,46 +15607,43 @@
 int
 main ()
 {
-main ();
+return main ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_net_main=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_net_main=no
+	ac_cv_lib_net_main=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_net_main" >&5
-echo "${ECHO_T}$ac_cv_lib_net_main" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_net_main" >&5
+echo "${ECHO_T}$ac_cv_lib_net_main" >&6; }
 if test $ac_cv_lib_net_main = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBNET 1
@@ -14902,8 +15654,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for main in -lnsl_s" >&5
-echo $ECHO_N "checking for main in -lnsl_s... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for main in -lnsl_s" >&5
+echo $ECHO_N "checking for main in -lnsl_s... $ECHO_C" >&6; }
 if test "${ac_cv_lib_nsl_s_main+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -14920,46 +15672,43 @@
 int
 main ()
 {
-main ();
+return main ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_nsl_s_main=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_nsl_s_main=no
+	ac_cv_lib_nsl_s_main=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_s_main" >&5
-echo "${ECHO_T}$ac_cv_lib_nsl_s_main" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_s_main" >&5
+echo "${ECHO_T}$ac_cv_lib_nsl_s_main" >&6; }
 if test $ac_cv_lib_nsl_s_main = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBNSL_S 1
@@ -14970,8 +15719,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for main in -lnsl" >&5
-echo $ECHO_N "checking for main in -lnsl... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for main in -lnsl" >&5
+echo $ECHO_N "checking for main in -lnsl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_nsl_main+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -14988,46 +15737,43 @@
 int
 main ()
 {
-main ();
+return main ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_nsl_main=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_nsl_main=no
+	ac_cv_lib_nsl_main=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_main" >&5
-echo "${ECHO_T}$ac_cv_lib_nsl_main" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_main" >&5
+echo "${ECHO_T}$ac_cv_lib_nsl_main" >&6; }
 if test $ac_cv_lib_nsl_main = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBNSL 1
@@ -15038,8 +15784,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for socket in -linet" >&5
-echo $ECHO_N "checking for socket in -linet... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for socket in -linet" >&5
+echo $ECHO_N "checking for socket in -linet... $ECHO_C" >&6; }
 if test "${ac_cv_lib_inet_socket+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -15052,56 +15798,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char socket ();
 int
 main ()
 {
-socket ();
+return socket ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_inet_socket=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_inet_socket=no
+	ac_cv_lib_inet_socket=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_inet_socket" >&5
-echo "${ECHO_T}$ac_cv_lib_inet_socket" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_inet_socket" >&5
+echo "${ECHO_T}$ac_cv_lib_inet_socket" >&6; }
 if test $ac_cv_lib_inet_socket = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBINET 1
@@ -15112,8 +15855,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for main in -lgen" >&5
-echo $ECHO_N "checking for main in -lgen... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for main in -lgen" >&5
+echo $ECHO_N "checking for main in -lgen... $ECHO_C" >&6; }
 if test "${ac_cv_lib_gen_main+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -15130,46 +15873,43 @@
 int
 main ()
 {
-main ();
+return main ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_gen_main=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_gen_main=no
+	ac_cv_lib_gen_main=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_gen_main" >&5
-echo "${ECHO_T}$ac_cv_lib_gen_main" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gen_main" >&5
+echo "${ECHO_T}$ac_cv_lib_gen_main" >&6; }
 if test $ac_cv_lib_gen_main = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBGEN 1
@@ -15183,8 +15923,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for select" >&5
-echo $ECHO_N "checking for select... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for select" >&5
+echo $ECHO_N "checking for select... $ECHO_C" >&6; }
 if test "${ac_cv_func_select+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -15211,68 +15951,59 @@
 
 #undef select
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char select ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_select) || defined (__stub___select)
+#if defined __stub_select || defined __stub___select
 choke me
-#else
-char (*f) () = select;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != select;
+return select ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_select=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_select=no
+	ac_cv_func_select=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_select" >&5
-echo "${ECHO_T}$ac_cv_func_select" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_select" >&5
+echo "${ECHO_T}$ac_cv_func_select" >&6; }
 if test $ac_cv_func_select = yes; then
   :
 else
@@ -15288,18 +16019,19 @@
 for ac_header in sys/select.h sys/socket.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -15310,41 +16042,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -15353,24 +16081,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -15378,9 +16104,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -15404,25 +16131,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -15434,13 +16160,13 @@
 
 done
 
-echo "$as_me:$LINENO: checking types of arguments for select" >&5
-echo $ECHO_N "checking types of arguments for select... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking types of arguments for select" >&5
+echo $ECHO_N "checking types of arguments for select... $ECHO_C" >&6; }
 if test "${ac_cv_func_select_args+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   for ac_arg234 in 'fd_set *' 'int *' 'void *'; do
- for ac_arg1 in 'int' 'size_t' 'unsigned long' 'unsigned'; do
+ for ac_arg1 in 'int' 'size_t' 'unsigned long int' 'unsigned int'; do
   for ac_arg5 in 'struct timeval *' 'const struct timeval *'; do
    cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -15449,10 +16175,10 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
-#if HAVE_SYS_SELECT_H
+#ifdef HAVE_SYS_SELECT_H
 # include <sys/select.h>
 #endif
-#if HAVE_SYS_SOCKET_H
+#ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
 
@@ -15467,34 +16193,31 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_func_select_args="$ac_arg1,$ac_arg234,$ac_arg5"; break 3
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
  done
 done
@@ -15502,8 +16225,8 @@
 : ${ac_cv_func_select_args='int,int *,struct timeval *'}
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_select_args" >&5
-echo "${ECHO_T}$ac_cv_func_select_args" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_select_args" >&5
+echo "${ECHO_T}$ac_cv_func_select_args" >&6; }
 ac_save_IFS=$IFS; IFS=','
 set dummy `echo "$ac_cv_func_select_args" | sed 's/\*/\*/g'`
 IFS=$ac_save_IFS
@@ -15532,9 +16255,9 @@
 for ac_func in poll
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -15560,68 +16283,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -15636,18 +16351,19 @@
 for ac_header in poll.h sys/poll.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -15658,41 +16374,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -15701,24 +16413,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -15726,9 +16436,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -15752,25 +16463,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -15788,18 +16498,19 @@
 for ac_header in sys/epoll.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -15810,41 +16521,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -15853,24 +16560,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -15878,9 +16583,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -15904,25 +16610,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -15935,11 +16640,11 @@
 done
 
 if test "${ac_cv_header_sys_epoll_h}" = yes; then
-	echo "$as_me:$LINENO: checking for epoll system call" >&5
-echo $ECHO_N "checking for epoll system call... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for epoll system call" >&5
+echo $ECHO_N "checking for epoll system call... $ECHO_C" >&6; }
 	if test "$cross_compiling" = yes; then
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -15954,18 +16659,27 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
 
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_EPOLL 1
@@ -15977,29 +16691,32 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
 
 
 for ac_header in sys/devpoll.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -16010,41 +16727,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -16053,24 +16766,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -16078,9 +16789,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -16104,25 +16816,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -16137,11 +16848,11 @@
 if test "${ac_cv_header_sys_devpoll_h}" = yes \
 		-a "${ac_cv_header_poll_h}" = yes ; \
 then
-	echo "$as_me:$LINENO: checking for /dev/poll" >&5
-echo $ECHO_N "checking for /dev/poll... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for /dev/poll" >&5
+echo $ECHO_N "checking for /dev/poll... $ECHO_C" >&6; }
 	if test "$cross_compiling" = yes; then
-  echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -16156,18 +16867,27 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
 
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_DEVPOLL 1
@@ -16179,16 +16899,17 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
 
-# strerror checks
-echo "$as_me:$LINENO: checking declaration of sys_errlist" >&5
-echo $ECHO_N "checking declaration of sys_errlist... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking declaration of sys_errlist" >&5
+echo $ECHO_N "checking declaration of sys_errlist... $ECHO_C" >&6; }
 if test "${ol_cv_dcl_sys_errlist+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -16215,39 +16936,35 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_dcl_sys_errlist=yes
 	ol_cv_have_sys_errlist=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_dcl_sys_errlist=no
+	ol_cv_dcl_sys_errlist=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_dcl_sys_errlist" >&5
-echo "${ECHO_T}$ol_cv_dcl_sys_errlist" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_dcl_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_dcl_sys_errlist" >&6; }
 #
 # It's possible (for near-UNIX clones) that sys_errlist doesn't exist
 if test $ol_cv_dcl_sys_errlist = no ; then
@@ -16257,8 +16974,8 @@
 _ACEOF
 
 
-	echo "$as_me:$LINENO: checking existence of sys_errlist" >&5
-echo $ECHO_N "checking existence of sys_errlist... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking existence of sys_errlist" >&5
+echo $ECHO_N "checking existence of sys_errlist... $ECHO_C" >&6; }
 if test "${ol_cv_have_sys_errlist+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -16279,39 +16996,36 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_have_sys_errlist=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_have_sys_errlist=no
+	ol_cv_have_sys_errlist=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_have_sys_errlist" >&5
-echo "${ECHO_T}$ol_cv_have_sys_errlist" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_have_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_have_sys_errlist" >&6; }
 fi
 if test $ol_cv_have_sys_errlist = yes ; then
 
@@ -16325,9 +17039,9 @@
 for ac_func in strerror strerror_r
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -16353,68 +17067,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -16425,8 +17131,8 @@
 
 ol_cv_func_strerror_r=no
 if test "${ac_cv_func_strerror_r}" = yes ; then
-	echo "$as_me:$LINENO: checking non-posix strerror_r" >&5
-echo $ECHO_N "checking non-posix strerror_r... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking non-posix strerror_r" >&5
+echo $ECHO_N "checking non-posix strerror_r... $ECHO_C" >&6; }
 if test "${ol_cv_nonposix_strerror_r+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -16468,35 +17174,31 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_nonposix_strerror_r=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_nonposix_strerror_r=no
+	ol_cv_nonposix_strerror_r=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 	else
 		if test "$cross_compiling" = yes; then
   ol_cv_nonposix_strerror=no
@@ -16517,13 +17219,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -16536,13 +17247,15 @@
 ( exit $ac_status )
 ol_cv_nonposix_strerror=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 	fi
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_nonposix_strerror_r" >&5
-echo "${ECHO_T}$ol_cv_nonposix_strerror_r" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_nonposix_strerror_r" >&5
+echo "${ECHO_T}$ol_cv_nonposix_strerror_r" >&6; }
 if test $ol_cv_nonposix_strerror_r = yes ; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -16552,8 +17265,8 @@
 fi
 
 elif test "${ac_cv_func_strerror}" = no ; then
-	echo "$as_me:$LINENO: checking declaration of sys_errlist" >&5
-echo $ECHO_N "checking declaration of sys_errlist... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking declaration of sys_errlist" >&5
+echo $ECHO_N "checking declaration of sys_errlist... $ECHO_C" >&6; }
 if test "${ol_cv_dcl_sys_errlist+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -16580,39 +17293,35 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_dcl_sys_errlist=yes
 	ol_cv_have_sys_errlist=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_dcl_sys_errlist=no
+	ol_cv_dcl_sys_errlist=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_dcl_sys_errlist" >&5
-echo "${ECHO_T}$ol_cv_dcl_sys_errlist" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_dcl_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_dcl_sys_errlist" >&6; }
 #
 # It's possible (for near-UNIX clones) that sys_errlist doesn't exist
 if test $ol_cv_dcl_sys_errlist = no ; then
@@ -16622,8 +17331,8 @@
 _ACEOF
 
 
-	echo "$as_me:$LINENO: checking existence of sys_errlist" >&5
-echo $ECHO_N "checking existence of sys_errlist... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking existence of sys_errlist" >&5
+echo $ECHO_N "checking existence of sys_errlist... $ECHO_C" >&6; }
 if test "${ol_cv_have_sys_errlist+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -16644,39 +17353,36 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_have_sys_errlist=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_have_sys_errlist=no
+	ol_cv_have_sys_errlist=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_have_sys_errlist" >&5
-echo "${ECHO_T}$ol_cv_have_sys_errlist" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_have_sys_errlist" >&5
+echo "${ECHO_T}$ol_cv_have_sys_errlist" >&6; }
 fi
 if test $ol_cv_have_sys_errlist = yes ; then
 
@@ -16693,9 +17399,9 @@
 for ac_header in regex.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -16713,38 +17419,35 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   eval "$as_ac_Header=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_Header=no"
+	eval "$as_ac_Header=no"
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
@@ -16760,13 +17463,12 @@
 echo "$as_me: error: POSIX regex.h required." >&2;}
    { (exit 1); exit 1; }; }
 fi
-echo "$as_me:$LINENO: checking for library containing regfree" >&5
-echo $ECHO_N "checking for library containing regfree... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for library containing regfree" >&5
+echo $ECHO_N "checking for library containing regfree... $ECHO_C" >&6; }
 if test "${ac_cv_search_regfree+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_func_search_save_LIBS=$LIBS
-ac_cv_search_regfree=no
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -16774,115 +17476,73 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char regfree ();
 int
 main ()
 {
-regfree ();
+return regfree ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' regex gnuregex; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_regfree="none required"
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_regfree=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_search_regfree" = no; then
-  for ac_lib in regex gnuregex; do
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-    cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char regfree ();
-int
-main ()
-{
-regfree ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_regfree="-l$ac_lib"
-break
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_regfree+set}" = set; then
+  break
+fi
+done
+if test "${ac_cv_search_regfree+set}" = set; then
+  :
 else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
+  ac_cv_search_regfree=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-  done
-fi
+rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_search_regfree" >&5
-echo "${ECHO_T}$ac_cv_search_regfree" >&6
-if test "$ac_cv_search_regfree" != no; then
-  test "$ac_cv_search_regfree" = "none required" || LIBS="$ac_cv_search_regfree $LIBS"
+{ echo "$as_me:$LINENO: result: $ac_cv_search_regfree" >&5
+echo "${ECHO_T}$ac_cv_search_regfree" >&6; }
+ac_res=$ac_cv_search_regfree
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
   :
 else
   { { echo "$as_me:$LINENO: error: POSIX regex required." >&5
@@ -16892,8 +17552,8 @@
 
 
 
-echo "$as_me:$LINENO: checking for compatible POSIX regex" >&5
-echo $ECHO_N "checking for compatible POSIX regex... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for compatible POSIX regex" >&5
+echo $ECHO_N "checking for compatible POSIX regex... $ECHO_C" >&6; }
 if test "${ol_cv_c_posix_regex+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -16932,13 +17592,22 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -16951,11 +17620,13 @@
 ( exit $ac_status )
 ol_cv_c_posix_regex=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-echo "$as_me:$LINENO: result: $ol_cv_c_posix_regex" >&5
-echo "${ECHO_T}$ol_cv_c_posix_regex" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_c_posix_regex" >&5
+echo "${ECHO_T}$ol_cv_c_posix_regex" >&6; }
 
 if test "$ol_cv_c_posix_regex" = no ; then
 	{ { echo "$as_me:$LINENO: error: broken POSIX regex!" >&5
@@ -16969,18 +17640,19 @@
 for ac_header in sys/uuid.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -16991,41 +17663,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -17034,24 +17702,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -17059,9 +17725,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -17085,25 +17752,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -17117,13 +17783,12 @@
 
 if test $ac_cv_header_sys_uuid_h = yes ; then
 	save_LIBS="$LIBS"
-	echo "$as_me:$LINENO: checking for library containing uuid_to_str" >&5
-echo $ECHO_N "checking for library containing uuid_to_str... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for library containing uuid_to_str" >&5
+echo $ECHO_N "checking for library containing uuid_to_str... $ECHO_C" >&6; }
 if test "${ac_cv_search_uuid_to_str+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_func_search_save_LIBS=$LIBS
-ac_cv_search_uuid_to_str=no
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -17131,123 +17796,166 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char uuid_to_str ();
 int
 main ()
 {
-uuid_to_str ();
+return uuid_to_str ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' uuid; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_uuid_to_str="none required"
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_uuid_to_str=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_search_uuid_to_str" = no; then
-  for ac_lib in uuid; do
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-    cat >conftest.$ac_ext <<_ACEOF
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_uuid_to_str+set}" = set; then
+  break
+fi
+done
+if test "${ac_cv_search_uuid_to_str+set}" = set; then
+  :
+else
+  ac_cv_search_uuid_to_str=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_search_uuid_to_str" >&5
+echo "${ECHO_T}$ac_cv_search_uuid_to_str" >&6; }
+ac_res=$ac_cv_search_uuid_to_str
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  have_uuid=yes
+else
+  :
+fi
+
+	{ echo "$as_me:$LINENO: checking for library containing uuid_create" >&5
+echo $ECHO_N "checking for library containing uuid_create... $ECHO_C" >&6; }
+if test "${ac_cv_search_uuid_create+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char uuid_to_str ();
+char uuid_create ();
 int
 main ()
 {
-uuid_to_str ();
+return uuid_create ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' uuid; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_uuid_to_str="-l$ac_lib"
-break
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_uuid_create=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-  done
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_uuid_create+set}" = set; then
+  break
 fi
+done
+if test "${ac_cv_search_uuid_create+set}" = set; then
+  :
+else
+  ac_cv_search_uuid_create=no
+fi
+rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_search_uuid_to_str" >&5
-echo "${ECHO_T}$ac_cv_search_uuid_to_str" >&6
-if test "$ac_cv_search_uuid_to_str" != no; then
-  test "$ac_cv_search_uuid_to_str" = "none required" || LIBS="$ac_cv_search_uuid_to_str $LIBS"
-  have_uuid=yes
-else
+{ echo "$as_me:$LINENO: result: $ac_cv_search_uuid_create" >&5
+echo "${ECHO_T}$ac_cv_search_uuid_create" >&6; }
+ac_res=$ac_cv_search_uuid_create
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
   :
+else
+  have_uuid=no
 fi
 
 	LIBS="$save_LIBS"
 
-	if test have_uuid = yes ; then
+	if test $have_uuid = yes ; then
 
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_UUID_TO_STR 1
@@ -17264,18 +17972,19 @@
 for ac_header in uuid/uuid.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -17286,41 +17995,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -17329,24 +18034,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -17354,9 +18057,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -17380,25 +18084,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -17412,13 +18115,12 @@
 
 	if test $ac_cv_header_uuid_uuid_h = yes ; then
 		save_LIBS="$LIBS"
-		echo "$as_me:$LINENO: checking for library containing uuid_generate" >&5
-echo $ECHO_N "checking for library containing uuid_generate... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for library containing uuid_generate" >&5
+echo $ECHO_N "checking for library containing uuid_generate... $ECHO_C" >&6; }
 if test "${ac_cv_search_uuid_generate+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_func_search_save_LIBS=$LIBS
-ac_cv_search_uuid_generate=no
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -17426,123 +18128,166 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char uuid_generate ();
 int
 main ()
 {
-uuid_generate ();
+return uuid_generate ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' uuid; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_uuid_generate="none required"
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_uuid_generate=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_search_uuid_generate" = no; then
-  for ac_lib in uuid; do
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-    cat >conftest.$ac_ext <<_ACEOF
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_uuid_generate+set}" = set; then
+  break
+fi
+done
+if test "${ac_cv_search_uuid_generate+set}" = set; then
+  :
+else
+  ac_cv_search_uuid_generate=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_search_uuid_generate" >&5
+echo "${ECHO_T}$ac_cv_search_uuid_generate" >&6; }
+ac_res=$ac_cv_search_uuid_generate
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  have_uuid=yes
+else
+  :
+fi
+
+		{ echo "$as_me:$LINENO: checking for library containing uuid_unparse_lower" >&5
+echo $ECHO_N "checking for library containing uuid_unparse_lower... $ECHO_C" >&6; }
+if test "${ac_cv_search_uuid_unparse_lower+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char uuid_generate ();
+char uuid_unparse_lower ();
 int
 main ()
 {
-uuid_generate ();
+return uuid_unparse_lower ();
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+for ac_lib in '' uuid; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_search_uuid_generate="-l$ac_lib"
-break
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_search_uuid_unparse_lower=$ac_res
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-  done
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_uuid_unparse_lower+set}" = set; then
+  break
 fi
+done
+if test "${ac_cv_search_uuid_unparse_lower+set}" = set; then
+  :
+else
+  ac_cv_search_uuid_unparse_lower=no
+fi
+rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_search_uuid_generate" >&5
-echo "${ECHO_T}$ac_cv_search_uuid_generate" >&6
-if test "$ac_cv_search_uuid_generate" != no; then
-  test "$ac_cv_search_uuid_generate" = "none required" || LIBS="$ac_cv_search_uuid_generate $LIBS"
-  have_uuid=yes
-else
+{ echo "$as_me:$LINENO: result: $ac_cv_search_uuid_unparse_lower" >&5
+echo "${ECHO_T}$ac_cv_search_uuid_unparse_lower" >&6; }
+ac_res=$ac_cv_search_uuid_unparse_lower
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
   :
+else
+  have_uuid=no
 fi
 
 		LIBS="$save_LIBS"
 
-		if test have_uuid = yes ; then
+		if test $have_uuid = yes ; then
 
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_UUID_GENERATE 1
@@ -17556,8 +18301,8 @@
 fi
 
 if test $have_uuid = no ; then
-	echo "$as_me:$LINENO: checking to see if -lrpcrt4 is needed for win32 UUID support" >&5
-echo $ECHO_N "checking to see if -lrpcrt4 is needed for win32 UUID support... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking to see if -lrpcrt4 is needed for win32 UUID support" >&5
+echo $ECHO_N "checking to see if -lrpcrt4 is needed for win32 UUID support... $ECHO_C" >&6; }
 	save_LIBS="$LIBS"
 	LIBS="$LIBS -lrpcrt4"
 	cat >conftest.$ac_ext <<_ACEOF
@@ -17582,48 +18327,45 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   need_rpcrt=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-need_rpcrt=no
+	need_rpcrt=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 	if test $need_rpcrt = yes; then
 		SLAPD_LIBS="$SLAPD_LIBS -lrpcrt4"
 	fi
 	LIBS="$save_LIBS"
-	echo "$as_me:$LINENO: result: $need_rpcrt" >&5
-echo "${ECHO_T}$need_rpcrt" >&6
+	{ echo "$as_me:$LINENO: result: $need_rpcrt" >&5
+echo "${ECHO_T}$need_rpcrt" >&6; }
 fi
 
 ol_cv_lib_resolver=no
 if test $ol_cv_lib_resolver = no ; then
-	echo "$as_me:$LINENO: checking for resolver link (default)" >&5
-echo $ECHO_N "checking for resolver link (default)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for resolver link (default)" >&5
+echo $ECHO_N "checking for resolver link (default)... $ECHO_C" >&6; }
 if test "${ol_cv_resolver_none+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -17688,42 +18430,39 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_resolver_none=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_resolver_none=no
+	ol_cv_resolver_none=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_resolver_none" >&5
-echo "${ECHO_T}$ol_cv_resolver_none" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_resolver_none" >&5
+echo "${ECHO_T}$ol_cv_resolver_none" >&6; }
 
 	if test $ol_cv_resolver_none = yes ; then
 		ol_cv_lib_resolver=yes
@@ -17731,8 +18470,8 @@
 fi
 
 if test $ol_cv_lib_resolver = no ; then
-	echo "$as_me:$LINENO: checking for resolver link (-lresolv)" >&5
-echo $ECHO_N "checking for resolver link (-lresolv)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for resolver link (-lresolv)" >&5
+echo $ECHO_N "checking for resolver link (-lresolv)... $ECHO_C" >&6; }
 if test "${ol_cv_resolver_resolv+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -17797,42 +18536,39 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_resolver_resolv=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_resolver_resolv=no
+	ol_cv_resolver_resolv=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_resolver_resolv" >&5
-echo "${ECHO_T}$ol_cv_resolver_resolv" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_resolver_resolv" >&5
+echo "${ECHO_T}$ol_cv_resolver_resolv" >&6; }
 
 	if test $ol_cv_resolver_resolv = yes ; then
 		ol_cv_lib_resolver=-lresolv
@@ -17840,8 +18576,8 @@
 fi
 
 if test $ol_cv_lib_resolver = no ; then
-	echo "$as_me:$LINENO: checking for resolver link (-lbind)" >&5
-echo $ECHO_N "checking for resolver link (-lbind)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for resolver link (-lbind)" >&5
+echo $ECHO_N "checking for resolver link (-lbind)... $ECHO_C" >&6; }
 if test "${ol_cv_resolver_bind+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -17906,42 +18642,39 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_resolver_bind=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_resolver_bind=no
+	ol_cv_resolver_bind=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_resolver_bind" >&5
-echo "${ECHO_T}$ol_cv_resolver_bind" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_resolver_bind" >&5
+echo "${ECHO_T}$ol_cv_resolver_bind" >&6; }
 
 	if test $ol_cv_resolver_bind = yes ; then
 		ol_cv_lib_resolver=-lbind
@@ -17981,9 +18714,9 @@
 for ac_func in hstrerror
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -18009,68 +18742,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -18087,9 +18812,9 @@
 for ac_func in getaddrinfo getnameinfo gai_strerror inet_ntop
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -18115,68 +18840,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -18194,8 +18911,8 @@
    { (exit 1); exit 1; }; }
 	fi
 elif test $ol_enable_ipv6 != no ; then
-	echo "$as_me:$LINENO: checking INET6_ADDRSTRLEN" >&5
-echo $ECHO_N "checking INET6_ADDRSTRLEN... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking INET6_ADDRSTRLEN" >&5
+echo $ECHO_N "checking INET6_ADDRSTRLEN... $ECHO_C" >&6; }
 if test "${ol_cv_inet6_addrstrlen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -18222,12 +18939,12 @@
 rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_inet6_addrstrlen" >&5
-echo "${ECHO_T}$ol_cv_inet6_addrstrlen" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_inet6_addrstrlen" >&5
+echo "${ECHO_T}$ol_cv_inet6_addrstrlen" >&6; }
 
 
-	echo "$as_me:$LINENO: checking struct sockaddr_storage" >&5
-echo $ECHO_N "checking struct sockaddr_storage... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking struct sockaddr_storage" >&5
+echo $ECHO_N "checking struct sockaddr_storage... $ECHO_C" >&6; }
 if test "${ol_cv_struct_sockaddr_storage+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -18253,38 +18970,34 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_struct_sockaddr_storage=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_struct_sockaddr_storage=no
+	ol_cv_struct_sockaddr_storage=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_struct_sockaddr_storage" >&5
-echo "${ECHO_T}$ol_cv_struct_sockaddr_storage" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_struct_sockaddr_storage" >&5
+echo "${ECHO_T}$ol_cv_struct_sockaddr_storage" >&6; }
 
 	if test $ol_cv_inet6_addrstrlen = yes &&
 	   test $ol_cv_struct_sockaddr_storage = yes ; then
@@ -18307,18 +19020,19 @@
 for ac_header in sys/un.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -18329,41 +19043,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -18372,24 +19082,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -18397,9 +19105,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -18423,25 +19132,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -18463,29 +19171,28 @@
 	fi
 fi
 
+ol_link_gssapi=no
 
-if test $ol_with_tls = yes ; then
-	ol_with_tls=auto
-fi
+case $ol_with_gssapi in yes | auto)
 
-ol_link_tls=no
-if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
+	ol_header_gssapi=no
 
-for ac_header in openssl/ssl.h
+for ac_header in gssapi/gssapi.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -18496,41 +19203,185 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    ( cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+	if test $ac_cv_header_gssapi_gssapi_h = yes ; then
+		ol_header_gssapi=yes
+	else
+
+for ac_header in gssapi.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -18539,24 +19390,507 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  ac_header_preproc=yes
 else
-  ac_cpp_err=yes
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
 fi
-if test -z "$ac_cpp_err"; then
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    ( cat <<\_ASBOX
+## --------------------------------------------- ##
+## Report this to <http://www.openldap.org/its/> ##
+## --------------------------------------------- ##
+_ASBOX
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+		if test $ac_cv_header_gssapi_h = yes ; then
+			ol_header_gssapi=yes
+		fi
+
+								saveLIBS="$LIBS"
+		LIBS="$LIBS $GSSAPI_LIBS"
+
+for ac_func in gss_oid_to_str
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+		LIBS="$saveLIBS"
+	fi
+
+	if test $ol_header_gssapi = yes ; then
+						{ echo "$as_me:$LINENO: checking for gss_wrap in -lgssapi" >&5
+echo $ECHO_N "checking for gss_wrap in -lgssapi... $ECHO_C" >&6; }
+if test "${ac_cv_lib_gssapi_gss_wrap+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_wrap ();
+int
+main ()
+{
+return gss_wrap ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_lib_gssapi_gss_wrap=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_lib_gssapi_gss_wrap=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_wrap" >&5
+echo "${ECHO_T}$ac_cv_lib_gssapi_gss_wrap" >&6; }
+if test $ac_cv_lib_gssapi_gss_wrap = yes; then
+  ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"
+else
+  ol_link_gssapi=no
+fi
+
+		if test $ol_link_gssapi != yes ; then
+			{ echo "$as_me:$LINENO: checking for gss_wrap in -lgssapi_krb5" >&5
+echo $ECHO_N "checking for gss_wrap in -lgssapi_krb5... $ECHO_C" >&6; }
+if test "${ac_cv_lib_gssapi_krb5_gss_wrap+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi_krb5  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_wrap ();
+int
+main ()
+{
+return gss_wrap ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_lib_gssapi_krb5_gss_wrap=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_lib_gssapi_krb5_gss_wrap=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_wrap" >&5
+echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_wrap" >&6; }
+if test $ac_cv_lib_gssapi_krb5_gss_wrap = yes; then
+  ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"
+else
+  ol_link_gssapi=no
+fi
+
+		fi
+		if test $ol_link_gssapi != yes ; then
+			{ echo "$as_me:$LINENO: checking for gss_wrap in -lgss" >&5
+echo $ECHO_N "checking for gss_wrap in -lgss... $ECHO_C" >&6; }
+if test "${ac_cv_lib_gss_gss_wrap+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgss  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_wrap ();
+int
+main ()
+{
+return gss_wrap ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_lib_gss_gss_wrap=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_lib_gss_gss_wrap=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gss_gss_wrap" >&5
+echo "${ECHO_T}$ac_cv_lib_gss_gss_wrap" >&6; }
+if test $ac_cv_lib_gss_gss_wrap = yes; then
+  ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"
+else
+  ol_link_gssapi=no
+fi
+
+		fi
+	fi
+
+	;;
+esac
+
+WITH_GSSAPI=no
+if test $ol_link_gssapi = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_GSSAPI 1
+_ACEOF
+
+	WITH_GSSAPI=yes
+elif test $ol_with_gssapi = auto ; then
+	{ echo "$as_me:$LINENO: WARNING: Could not locate GSSAPI package" >&5
+echo "$as_me: WARNING: Could not locate GSSAPI package" >&2;}
+	{ echo "$as_me:$LINENO: WARNING: GSSAPI authentication not supported!" >&5
+echo "$as_me: WARNING: GSSAPI authentication not supported!" >&2;}
+elif test $ol_with_gssapi = yes ; then
+	{ { echo "$as_me:$LINENO: error: GSSAPI detection failed" >&5
+echo "$as_me: error: GSSAPI detection failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+if test $ol_with_tls = yes ; then
+	ol_with_tls=auto
+fi
+
+ol_link_tls=no
+if test $ol_with_tls = openssl || test $ol_with_tls = auto ; then
+
+for ac_header in openssl/ssl.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -18564,9 +19898,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -18590,25 +19925,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -18622,8 +19956,8 @@
 
 
 	if test $ac_cv_header_openssl_ssl_h = yes ; then
-		echo "$as_me:$LINENO: checking for SSL_library_init in -lssl" >&5
-echo $ECHO_N "checking for SSL_library_init in -lssl... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for SSL_library_init in -lssl" >&5
+echo $ECHO_N "checking for SSL_library_init in -lssl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_ssl_SSL_library_init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -18636,56 +19970,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char SSL_library_init ();
 int
 main ()
 {
-SSL_library_init ();
+return SSL_library_init ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_ssl_SSL_library_init=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_ssl_SSL_library_init=no
+	ac_cv_lib_ssl_SSL_library_init=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_library_init" >&5
-echo "${ECHO_T}$ac_cv_lib_ssl_SSL_library_init" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_library_init" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_SSL_library_init" >&6; }
 if test $ac_cv_lib_ssl_SSL_library_init = yes; then
   have_openssl=yes
 			need_rsaref=no
@@ -18695,8 +20026,8 @@
 
 
 		if test $have_openssl = no ; then
-			echo "$as_me:$LINENO: checking for ssl3_accept in -lssl" >&5
-echo $ECHO_N "checking for ssl3_accept in -lssl... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking for ssl3_accept in -lssl" >&5
+echo $ECHO_N "checking for ssl3_accept in -lssl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_ssl_ssl3_accept+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -18709,56 +20040,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char ssl3_accept ();
 int
 main ()
 {
-ssl3_accept ();
+return ssl3_accept ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_ssl_ssl3_accept=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_ssl_ssl3_accept=no
+	ac_cv_lib_ssl_ssl3_accept=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_ssl3_accept" >&5
-echo "${ECHO_T}$ac_cv_lib_ssl_ssl3_accept" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_ssl3_accept" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_ssl3_accept" >&6; }
 if test $ac_cv_lib_ssl_ssl3_accept = yes; then
   have_openssl=yes
 				need_rsaref=yes
@@ -18790,8 +20118,8 @@
 				TLS_LIBS="-lssl -lcrypto"
 			fi
 
-			echo "$as_me:$LINENO: checking OpenSSL library version (CRL checking capability)" >&5
-echo $ECHO_N "checking OpenSSL library version (CRL checking capability)... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking OpenSSL library version (CRL checking capability)" >&5
+echo $ECHO_N "checking OpenSSL library version (CRL checking capability)... $ECHO_C" >&6; }
 if test "${ol_cv_ssl_crl_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -18822,8 +20150,8 @@
 rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_ssl_crl_compat" >&5
-echo "${ECHO_T}$ol_cv_ssl_crl_compat" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_ssl_crl_compat" >&5
+echo "${ECHO_T}$ol_cv_ssl_crl_compat" >&6; }
 
 			if test $ol_cv_ssl_crl_compat = yes ; then
 
@@ -18842,18 +20170,19 @@
 for ac_header in gnutls/gnutls.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -18864,41 +20193,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -18907,24 +20232,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -18932,9 +20255,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -18958,25 +20282,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -18990,8 +20313,8 @@
 
 
 		if test $ac_cv_header_gnutls_gnutls_h = yes ; then
-			echo "$as_me:$LINENO: checking for gnutls_init in -lgnutls" >&5
-echo $ECHO_N "checking for gnutls_init in -lgnutls... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking for gnutls_init in -lgnutls" >&5
+echo $ECHO_N "checking for gnutls_init in -lgnutls... $ECHO_C" >&6; }
 if test "${ac_cv_lib_gnutls_gnutls_init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -19004,56 +20327,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char gnutls_init ();
 int
 main ()
 {
-gnutls_init ();
+return gnutls_init ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_gnutls_gnutls_init=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_gnutls_gnutls_init=no
+	ac_cv_lib_gnutls_gnutls_init=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_gnutls_gnutls_init" >&5
-echo "${ECHO_T}$ac_cv_lib_gnutls_gnutls_init" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gnutls_gnutls_init" >&5
+echo "${ECHO_T}$ac_cv_lib_gnutls_gnutls_init" >&6; }
 if test $ac_cv_lib_gnutls_gnutls_init = yes; then
   have_gnutls=yes
 else
@@ -19118,8 +20438,8 @@
 case $ol_with_threads in auto | yes | nt)
 
 
-	echo "$as_me:$LINENO: checking for _beginthread" >&5
-echo $ECHO_N "checking for _beginthread... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for _beginthread" >&5
+echo $ECHO_N "checking for _beginthread... $ECHO_C" >&6; }
 if test "${ac_cv_func__beginthread+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -19146,68 +20466,59 @@
 
 #undef _beginthread
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char _beginthread ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub__beginthread) || defined (__stub____beginthread)
+#if defined __stub__beginthread || defined __stub____beginthread
 choke me
-#else
-char (*f) () = _beginthread;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != _beginthread;
+return _beginthread ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func__beginthread=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func__beginthread=no
+	ac_cv_func__beginthread=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func__beginthread" >&5
-echo "${ECHO_T}$ac_cv_func__beginthread" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func__beginthread" >&5
+echo "${ECHO_T}$ac_cv_func__beginthread" >&6; }
 
 
 	if test $ac_cv_func__beginthread = yes ; then
@@ -19251,18 +20562,19 @@
 for ac_header in pthread.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -19273,41 +20585,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -19316,24 +20624,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -19341,9 +20647,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -19367,25 +20674,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -19399,8 +20705,8 @@
 
 
 	if test $ac_cv_header_pthread_h = yes ; then
-		echo "$as_me:$LINENO: checking POSIX thread version" >&5
-echo $ECHO_N "checking POSIX thread version... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking POSIX thread version" >&5
+echo $ECHO_N "checking POSIX thread version... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_version+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -19425,27 +20731,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
 
 	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -19529,11 +20830,12 @@
 rm -f conftest*
 
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_version" >&5
-echo "${ECHO_T}$ol_cv_pthread_version" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_version" >&5
+echo "${ECHO_T}$ol_cv_pthread_version" >&6; }
 
 
 		if test $ol_cv_pthread_version != 0 ; then
@@ -19552,8 +20854,8 @@
 		ol_with_threads=found
 
 
-	echo "$as_me:$LINENO: checking for LinuxThreads pthread.h" >&5
-echo $ECHO_N "checking for LinuxThreads pthread.h... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for LinuxThreads pthread.h" >&5
+echo $ECHO_N "checking for LinuxThreads pthread.h... $ECHO_C" >&6; }
 if test "${ol_cv_header_linux_threads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -19575,8 +20877,8 @@
 
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_header_linux_threads" >&5
-echo "${ECHO_T}$ol_cv_header_linux_threads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_header_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_header_linux_threads" >&6; }
 	if test $ol_cv_header_linux_threads = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -19586,8 +20888,8 @@
 	fi
 
 
-	echo "$as_me:$LINENO: checking for GNU Pth pthread.h" >&5
-echo $ECHO_N "checking for GNU Pth pthread.h... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for GNU Pth pthread.h" >&5
+echo $ECHO_N "checking for GNU Pth pthread.h... $ECHO_C" >&6; }
 if test "${ol_cv_header_gnu_pth_pthread_h+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -19613,8 +20915,8 @@
 
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_header_gnu_pth_pthread_h" >&5
-echo "${ECHO_T}$ol_cv_header_gnu_pth_pthread_h" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_header_gnu_pth_pthread_h" >&5
+echo "${ECHO_T}$ol_cv_header_gnu_pth_pthread_h" >&6; }
 
 
 		if test $ol_cv_header_gnu_pth_pthread_h = no ; then
@@ -19622,18 +20924,19 @@
 for ac_header in sched.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -19644,41 +20947,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -19687,24 +20986,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -19712,9 +21009,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -19738,25 +21036,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -19771,8 +21068,8 @@
 		fi
 
 
-				echo "$as_me:$LINENO: checking for pthread_create in default libraries" >&5
-echo $ECHO_N "checking for pthread_create in default libraries... $ECHO_C" >&6
+				{ echo "$as_me:$LINENO: checking for pthread_create in default libraries" >&5
+echo $ECHO_N "checking for pthread_create in default libraries... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_create+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -19855,35 +21152,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_create=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_create=no
+	ol_cv_pthread_create=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -19964,13 +21258,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -19983,11 +21286,13 @@
 ( exit $ac_status )
 ol_cv_pthread_create=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_create" >&5
-echo "${ECHO_T}$ol_cv_pthread_create" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_create" >&5
+echo "${ECHO_T}$ol_cv_pthread_create" >&6; }
 
 		if test $ol_cv_pthread_create != no ; then
 			ol_link_threads=posix
@@ -19997,8 +21302,8 @@
 		# Pthread try link: -kthread (ol_cv_pthread_kthread)
 if test "$ol_link_threads" = no ; then
 	# try -kthread
-	echo "$as_me:$LINENO: checking for pthread link with -kthread" >&5
-echo $ECHO_N "checking for pthread link with -kthread... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -kthread" >&5
+echo $ECHO_N "checking for pthread link with -kthread... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_kthread+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -20085,35 +21390,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_kthread=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_kthread=no
+	ol_cv_pthread_kthread=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -20194,13 +21496,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -20213,15 +21524,17 @@
 ( exit $ac_status )
 ol_cv_pthread_kthread=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_kthread" >&5
-echo "${ECHO_T}$ol_cv_pthread_kthread" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_kthread" >&5
+echo "${ECHO_T}$ol_cv_pthread_kthread" >&6; }
 
 	if test $ol_cv_pthread_kthread = yes ; then
 		ol_link_pthreads="-kthread"
@@ -20232,8 +21545,8 @@
 		# Pthread try link: -pthread (ol_cv_pthread_pthread)
 if test "$ol_link_threads" = no ; then
 	# try -pthread
-	echo "$as_me:$LINENO: checking for pthread link with -pthread" >&5
-echo $ECHO_N "checking for pthread link with -pthread... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -pthread" >&5
+echo $ECHO_N "checking for pthread link with -pthread... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_pthread+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -20320,35 +21633,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_pthread=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_pthread=no
+	ol_cv_pthread_pthread=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -20429,13 +21739,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -20448,15 +21767,17 @@
 ( exit $ac_status )
 ol_cv_pthread_pthread=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_pthread" >&5
-echo "${ECHO_T}$ol_cv_pthread_pthread" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_pthread" >&5
+echo "${ECHO_T}$ol_cv_pthread_pthread" >&6; }
 
 	if test $ol_cv_pthread_pthread = yes ; then
 		ol_link_pthreads="-pthread"
@@ -20467,8 +21788,8 @@
 		# Pthread try link: -pthreads (ol_cv_pthread_pthreads)
 if test "$ol_link_threads" = no ; then
 	# try -pthreads
-	echo "$as_me:$LINENO: checking for pthread link with -pthreads" >&5
-echo $ECHO_N "checking for pthread link with -pthreads... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -pthreads" >&5
+echo $ECHO_N "checking for pthread link with -pthreads... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_pthreads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -20555,35 +21876,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_pthreads=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_pthreads=no
+	ol_cv_pthread_pthreads=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -20664,13 +21982,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -20683,15 +22010,17 @@
 ( exit $ac_status )
 ol_cv_pthread_pthreads=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_pthreads" >&5
-echo "${ECHO_T}$ol_cv_pthread_pthreads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_pthreads" >&5
+echo "${ECHO_T}$ol_cv_pthread_pthreads" >&6; }
 
 	if test $ol_cv_pthread_pthreads = yes ; then
 		ol_link_pthreads="-pthreads"
@@ -20702,8 +22031,8 @@
 		# Pthread try link: -mthreads (ol_cv_pthread_mthreads)
 if test "$ol_link_threads" = no ; then
 	# try -mthreads
-	echo "$as_me:$LINENO: checking for pthread link with -mthreads" >&5
-echo $ECHO_N "checking for pthread link with -mthreads... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -mthreads" >&5
+echo $ECHO_N "checking for pthread link with -mthreads... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_mthreads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -20790,35 +22119,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_mthreads=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_mthreads=no
+	ol_cv_pthread_mthreads=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -20899,13 +22225,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -20918,15 +22253,17 @@
 ( exit $ac_status )
 ol_cv_pthread_mthreads=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_mthreads" >&5
-echo "${ECHO_T}$ol_cv_pthread_mthreads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_mthreads" >&5
+echo "${ECHO_T}$ol_cv_pthread_mthreads" >&6; }
 
 	if test $ol_cv_pthread_mthreads = yes ; then
 		ol_link_pthreads="-mthreads"
@@ -20937,8 +22274,8 @@
 		# Pthread try link: -thread (ol_cv_pthread_thread)
 if test "$ol_link_threads" = no ; then
 	# try -thread
-	echo "$as_me:$LINENO: checking for pthread link with -thread" >&5
-echo $ECHO_N "checking for pthread link with -thread... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -thread" >&5
+echo $ECHO_N "checking for pthread link with -thread... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_thread+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -21025,35 +22362,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_thread=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_thread=no
+	ol_cv_pthread_thread=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -21134,13 +22468,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -21153,15 +22496,17 @@
 ( exit $ac_status )
 ol_cv_pthread_thread=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_thread" >&5
-echo "${ECHO_T}$ol_cv_pthread_thread" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_thread" >&5
+echo "${ECHO_T}$ol_cv_pthread_thread" >&6; }
 
 	if test $ol_cv_pthread_thread = yes ; then
 		ol_link_pthreads="-thread"
@@ -21173,8 +22518,8 @@
 		# Pthread try link: -lpthread -lmach -lexc -lc_r (ol_cv_pthread_lpthread_lmach_lexc_lc_r)
 if test "$ol_link_threads" = no ; then
 	# try -lpthread -lmach -lexc -lc_r
-	echo "$as_me:$LINENO: checking for pthread link with -lpthread -lmach -lexc -lc_r" >&5
-echo $ECHO_N "checking for pthread link with -lpthread -lmach -lexc -lc_r... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthread -lmach -lexc -lc_r" >&5
+echo $ECHO_N "checking for pthread link with -lpthread -lmach -lexc -lc_r... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lpthread_lmach_lexc_lc_r+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -21261,35 +22606,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lpthread_lmach_lexc_lc_r=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lpthread_lmach_lexc_lc_r=no
+	ol_cv_pthread_lpthread_lmach_lexc_lc_r=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -21370,13 +22712,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -21389,15 +22740,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lpthread_lmach_lexc_lc_r=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread_lmach_lexc_lc_r" >&5
-echo "${ECHO_T}$ol_cv_pthread_lpthread_lmach_lexc_lc_r" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread_lmach_lexc_lc_r" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthread_lmach_lexc_lc_r" >&6; }
 
 	if test $ol_cv_pthread_lpthread_lmach_lexc_lc_r = yes ; then
 		ol_link_pthreads="-lpthread -lmach -lexc -lc_r"
@@ -21408,8 +22761,8 @@
 		# Pthread try link: -lpthread -lmach -lexc (ol_cv_pthread_lpthread_lmach_lexc)
 if test "$ol_link_threads" = no ; then
 	# try -lpthread -lmach -lexc
-	echo "$as_me:$LINENO: checking for pthread link with -lpthread -lmach -lexc" >&5
-echo $ECHO_N "checking for pthread link with -lpthread -lmach -lexc... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthread -lmach -lexc" >&5
+echo $ECHO_N "checking for pthread link with -lpthread -lmach -lexc... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lpthread_lmach_lexc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -21496,35 +22849,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lpthread_lmach_lexc=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lpthread_lmach_lexc=no
+	ol_cv_pthread_lpthread_lmach_lexc=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -21605,13 +22955,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -21624,15 +22983,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lpthread_lmach_lexc=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread_lmach_lexc" >&5
-echo "${ECHO_T}$ol_cv_pthread_lpthread_lmach_lexc" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread_lmach_lexc" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthread_lmach_lexc" >&6; }
 
 	if test $ol_cv_pthread_lpthread_lmach_lexc = yes ; then
 		ol_link_pthreads="-lpthread -lmach -lexc"
@@ -21644,8 +23005,8 @@
 		# Pthread try link: -lpthread -Wl,-woff,85 (ol_cv_pthread_lib_lpthread_woff)
 if test "$ol_link_threads" = no ; then
 	# try -lpthread -Wl,-woff,85
-	echo "$as_me:$LINENO: checking for pthread link with -lpthread -Wl,-woff,85" >&5
-echo $ECHO_N "checking for pthread link with -lpthread -Wl,-woff,85... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthread -Wl,-woff,85" >&5
+echo $ECHO_N "checking for pthread link with -lpthread -Wl,-woff,85... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lib_lpthread_woff+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -21732,35 +23093,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lib_lpthread_woff=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lib_lpthread_woff=no
+	ol_cv_pthread_lib_lpthread_woff=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -21841,13 +23199,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -21860,15 +23227,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lib_lpthread_woff=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lib_lpthread_woff" >&5
-echo "${ECHO_T}$ol_cv_pthread_lib_lpthread_woff" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lib_lpthread_woff" >&5
+echo "${ECHO_T}$ol_cv_pthread_lib_lpthread_woff" >&6; }
 
 	if test $ol_cv_pthread_lib_lpthread_woff = yes ; then
 		ol_link_pthreads="-lpthread -Wl,-woff,85"
@@ -21880,8 +23249,8 @@
 		# Pthread try link: -lpthread (ol_cv_pthread_lpthread)
 if test "$ol_link_threads" = no ; then
 	# try -lpthread
-	echo "$as_me:$LINENO: checking for pthread link with -lpthread" >&5
-echo $ECHO_N "checking for pthread link with -lpthread... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthread" >&5
+echo $ECHO_N "checking for pthread link with -lpthread... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lpthread+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -21968,35 +23337,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lpthread=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lpthread=no
+	ol_cv_pthread_lpthread=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -22077,13 +23443,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -22096,15 +23471,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lpthread=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread" >&5
-echo "${ECHO_T}$ol_cv_pthread_lpthread" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthread" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthread" >&6; }
 
 	if test $ol_cv_pthread_lpthread = yes ; then
 		ol_link_pthreads="-lpthread"
@@ -22115,8 +23492,8 @@
 		# Pthread try link: -lc_r (ol_cv_pthread_lc_r)
 if test "$ol_link_threads" = no ; then
 	# try -lc_r
-	echo "$as_me:$LINENO: checking for pthread link with -lc_r" >&5
-echo $ECHO_N "checking for pthread link with -lc_r... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lc_r" >&5
+echo $ECHO_N "checking for pthread link with -lc_r... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lc_r+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -22203,35 +23580,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lc_r=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lc_r=no
+	ol_cv_pthread_lc_r=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -22312,13 +23686,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -22331,15 +23714,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lc_r=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lc_r" >&5
-echo "${ECHO_T}$ol_cv_pthread_lc_r" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lc_r" >&5
+echo "${ECHO_T}$ol_cv_pthread_lc_r" >&6; }
 
 	if test $ol_cv_pthread_lc_r = yes ; then
 		ol_link_pthreads="-lc_r"
@@ -22351,8 +23736,8 @@
 		# Pthread try link: -threads (ol_cv_pthread_threads)
 if test "$ol_link_threads" = no ; then
 	# try -threads
-	echo "$as_me:$LINENO: checking for pthread link with -threads" >&5
-echo $ECHO_N "checking for pthread link with -threads... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -threads" >&5
+echo $ECHO_N "checking for pthread link with -threads... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_threads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -22439,35 +23824,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_threads=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_threads=no
+	ol_cv_pthread_threads=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -22548,13 +23930,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -22567,15 +23958,17 @@
 ( exit $ac_status )
 ol_cv_pthread_threads=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_threads" >&5
-echo "${ECHO_T}$ol_cv_pthread_threads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_threads" >&5
+echo "${ECHO_T}$ol_cv_pthread_threads" >&6; }
 
 	if test $ol_cv_pthread_threads = yes ; then
 		ol_link_pthreads="-threads"
@@ -22587,8 +23980,8 @@
 		# Pthread try link: -lpthreads -lmach -lexc -lc_r (ol_cv_pthread_lpthreads_lmach_lexc_lc_r)
 if test "$ol_link_threads" = no ; then
 	# try -lpthreads -lmach -lexc -lc_r
-	echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lmach -lexc -lc_r" >&5
-echo $ECHO_N "checking for pthread link with -lpthreads -lmach -lexc -lc_r... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lmach -lexc -lc_r" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads -lmach -lexc -lc_r... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lpthreads_lmach_lexc_lc_r+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -22675,35 +24068,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lpthreads_lmach_lexc_lc_r=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lpthreads_lmach_lexc_lc_r=no
+	ol_cv_pthread_lpthreads_lmach_lexc_lc_r=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -22784,13 +24174,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -22803,15 +24202,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lpthreads_lmach_lexc_lc_r=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lmach_lexc_lc_r" >&5
-echo "${ECHO_T}$ol_cv_pthread_lpthreads_lmach_lexc_lc_r" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lmach_lexc_lc_r" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthreads_lmach_lexc_lc_r" >&6; }
 
 	if test $ol_cv_pthread_lpthreads_lmach_lexc_lc_r = yes ; then
 		ol_link_pthreads="-lpthreads -lmach -lexc -lc_r"
@@ -22822,8 +24223,8 @@
 		# Pthread try link: -lpthreads -lmach -lexc (ol_cv_pthread_lpthreads_lmach_lexc)
 if test "$ol_link_threads" = no ; then
 	# try -lpthreads -lmach -lexc
-	echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lmach -lexc" >&5
-echo $ECHO_N "checking for pthread link with -lpthreads -lmach -lexc... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lmach -lexc" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads -lmach -lexc... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lpthreads_lmach_lexc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -22910,35 +24311,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lpthreads_lmach_lexc=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lpthreads_lmach_lexc=no
+	ol_cv_pthread_lpthreads_lmach_lexc=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -23019,13 +24417,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -23038,15 +24445,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lpthreads_lmach_lexc=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lmach_lexc" >&5
-echo "${ECHO_T}$ol_cv_pthread_lpthreads_lmach_lexc" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lmach_lexc" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthreads_lmach_lexc" >&6; }
 
 	if test $ol_cv_pthread_lpthreads_lmach_lexc = yes ; then
 		ol_link_pthreads="-lpthreads -lmach -lexc"
@@ -23057,8 +24466,8 @@
 		# Pthread try link: -lpthreads -lexc (ol_cv_pthread_lpthreads_lexc)
 if test "$ol_link_threads" = no ; then
 	# try -lpthreads -lexc
-	echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lexc" >&5
-echo $ECHO_N "checking for pthread link with -lpthreads -lexc... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthreads -lexc" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads -lexc... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lpthreads_lexc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -23145,35 +24554,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lpthreads_lexc=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lpthreads_lexc=no
+	ol_cv_pthread_lpthreads_lexc=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -23254,13 +24660,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -23273,15 +24688,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lpthreads_lexc=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lexc" >&5
-echo "${ECHO_T}$ol_cv_pthread_lpthreads_lexc" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lpthreads_lexc" >&5
+echo "${ECHO_T}$ol_cv_pthread_lpthreads_lexc" >&6; }
 
 	if test $ol_cv_pthread_lpthreads_lexc = yes ; then
 		ol_link_pthreads="-lpthreads -lexc"
@@ -23293,8 +24710,8 @@
 		# Pthread try link: -lpthreads (ol_cv_pthread_lib_lpthreads)
 if test "$ol_link_threads" = no ; then
 	# try -lpthreads
-	echo "$as_me:$LINENO: checking for pthread link with -lpthreads" >&5
-echo $ECHO_N "checking for pthread link with -lpthreads... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for pthread link with -lpthreads" >&5
+echo $ECHO_N "checking for pthread link with -lpthreads... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_lib_lpthreads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -23381,35 +24798,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_pthread_lib_lpthreads=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_pthread_lib_lpthreads=no
+	ol_cv_pthread_lib_lpthreads=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -23490,13 +24904,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -23509,15 +24932,17 @@
 ( exit $ac_status )
 ol_cv_pthread_lib_lpthreads=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 		# restore the LIBS
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_lib_lpthreads" >&5
-echo "${ECHO_T}$ol_cv_pthread_lib_lpthreads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_lib_lpthreads" >&5
+echo "${ECHO_T}$ol_cv_pthread_lib_lpthreads" >&6; }
 
 	if test $ol_cv_pthread_lib_lpthreads = yes ; then
 		ol_link_pthreads="-lpthreads"
@@ -23539,9 +24964,9 @@
 for ac_func in sched_yield pthread_yield thr_yield
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -23567,68 +24992,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -23641,8 +25058,8 @@
 			if test $ac_cv_func_sched_yield = no &&
 			   test $ac_cv_func_pthread_yield = no &&
 			   test $ac_cv_func_thr_yield = no ; then
-								echo "$as_me:$LINENO: checking for sched_yield in -lrt" >&5
-echo $ECHO_N "checking for sched_yield in -lrt... $ECHO_C" >&6
+								{ echo "$as_me:$LINENO: checking for sched_yield in -lrt" >&5
+echo $ECHO_N "checking for sched_yield in -lrt... $ECHO_C" >&6; }
 if test "${ac_cv_lib_rt_sched_yield+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -23655,56 +25072,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char sched_yield ();
 int
 main ()
 {
-sched_yield ();
+return sched_yield ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_rt_sched_yield=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_rt_sched_yield=no
+	ac_cv_lib_rt_sched_yield=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_rt_sched_yield" >&5
-echo "${ECHO_T}$ac_cv_lib_rt_sched_yield" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_rt_sched_yield" >&5
+echo "${ECHO_T}$ac_cv_lib_rt_sched_yield" >&6; }
 if test $ac_cv_lib_rt_sched_yield = yes; then
   LTHREAD_LIBS="$LTHREAD_LIBS -lrt"
 
@@ -23729,9 +25143,9 @@
 for ac_func in pthread_kill
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -23757,68 +25171,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -23828,8 +25234,8 @@
 done
 
 
-									echo "$as_me:$LINENO: checking for pthread_rwlock_destroy with <pthread.h>" >&5
-echo $ECHO_N "checking for pthread_rwlock_destroy with <pthread.h>... $ECHO_C" >&6
+									{ echo "$as_me:$LINENO: checking for pthread_rwlock_destroy with <pthread.h>" >&5
+echo $ECHO_N "checking for pthread_rwlock_destroy with <pthread.h>... $ECHO_C" >&6; }
 if test "${ol_cv_func_pthread_rwlock_destroy+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -23853,40 +25259,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_func_pthread_rwlock_destroy=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_pthread_rwlock_destroy=no
+	ol_cv_func_pthread_rwlock_destroy=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_func_pthread_rwlock_destroy" >&5
-echo "${ECHO_T}$ol_cv_func_pthread_rwlock_destroy" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_func_pthread_rwlock_destroy" >&5
+echo "${ECHO_T}$ol_cv_func_pthread_rwlock_destroy" >&6; }
 			if test $ol_cv_func_pthread_rwlock_destroy = yes ; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -23895,8 +25298,8 @@
 
 			fi
 
-									echo "$as_me:$LINENO: checking for pthread_detach with <pthread.h>" >&5
-echo $ECHO_N "checking for pthread_detach with <pthread.h>... $ECHO_C" >&6
+									{ echo "$as_me:$LINENO: checking for pthread_detach with <pthread.h>" >&5
+echo $ECHO_N "checking for pthread_detach with <pthread.h>... $ECHO_C" >&6; }
 if test "${ol_cv_func_pthread_detach+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -23922,40 +25325,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_func_pthread_detach=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_pthread_detach=no
+	ol_cv_func_pthread_detach=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_func_pthread_detach" >&5
-echo "${ECHO_T}$ol_cv_func_pthread_detach" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_func_pthread_detach" >&5
+echo "${ECHO_T}$ol_cv_func_pthread_detach" >&6; }
 
 			if test $ol_cv_func_pthread_detach = no ; then
 				{ { echo "$as_me:$LINENO: error: could not locate pthread_detach()" >&5
@@ -23981,9 +25381,9 @@
 
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -24009,68 +25409,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -24085,9 +25477,9 @@
 for ac_func in pthread_kill_other_threads_np
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -24113,68 +25505,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -24183,21 +25567,21 @@
 fi
 done
 
-	echo "$as_me:$LINENO: checking for LinuxThreads implementation" >&5
-echo $ECHO_N "checking for LinuxThreads implementation... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for LinuxThreads implementation" >&5
+echo $ECHO_N "checking for LinuxThreads implementation... $ECHO_C" >&6; }
 if test "${ol_cv_sys_linux_threads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ol_cv_sys_linux_threads=$ac_cv_func_pthread_kill_other_threads_np
 fi
-echo "$as_me:$LINENO: result: $ol_cv_sys_linux_threads" >&5
-echo "${ECHO_T}$ol_cv_sys_linux_threads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_sys_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_sys_linux_threads" >&6; }
 
 
 
 
-	echo "$as_me:$LINENO: checking for LinuxThreads consistency" >&5
-echo $ECHO_N "checking for LinuxThreads consistency... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for LinuxThreads consistency" >&5
+echo $ECHO_N "checking for LinuxThreads consistency... $ECHO_C" >&6; }
 if test "${ol_cv_linux_threads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -24213,8 +25597,8 @@
 		fi
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_linux_threads" >&5
-echo "${ECHO_T}$ol_cv_linux_threads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_linux_threads" >&6; }
 
 
 			if test $ol_cv_linux_threads = error; then
@@ -24223,8 +25607,8 @@
    { (exit 1); exit 1; }; };
 			fi
 
-			echo "$as_me:$LINENO: checking if pthread_create() works" >&5
-echo $ECHO_N "checking if pthread_create() works... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking if pthread_create() works" >&5
+echo $ECHO_N "checking if pthread_create() works... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_create_works+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -24310,13 +25694,22 @@
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -24329,11 +25722,13 @@
 ( exit $ac_status )
 ol_cv_pthread_create_works=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_create_works" >&5
-echo "${ECHO_T}$ol_cv_pthread_create_works" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_create_works" >&5
+echo "${ECHO_T}$ol_cv_pthread_create_works" >&6; }
 
 			if test $ol_cv_pthread_create_works = no ; then
 				{ { echo "$as_me:$LINENO: error: pthread_create is not usable, check environment settings" >&5
@@ -24352,8 +25747,8 @@
 			fi
 
 						if test $ol_with_yielding_select = auto ; then
-				echo "$as_me:$LINENO: checking if select yields when using pthreads" >&5
-echo $ECHO_N "checking if select yields when using pthreads... $ECHO_C" >&6
+				{ echo "$as_me:$LINENO: checking if select yields when using pthreads" >&5
+echo $ECHO_N "checking if select yields when using pthreads... $ECHO_C" >&6; }
 if test "${ol_cv_pthread_select_yields+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -24443,13 +25838,22 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -24462,11 +25866,13 @@
 ( exit $ac_status )
 ol_cv_pthread_select_yields=yes
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-echo "$as_me:$LINENO: result: $ol_cv_pthread_select_yields" >&5
-echo "${ECHO_T}$ol_cv_pthread_select_yields" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_pthread_select_yields" >&5
+echo "${ECHO_T}$ol_cv_pthread_select_yields" >&6; }
 
 				if test $ol_cv_pthread_select_yields = cross ; then
 					{ { echo "$as_me:$LINENO: error: crossing compiling: use --with-yielding_select=yes|no|manual" >&5
@@ -24503,18 +25909,19 @@
 for ac_header in mach/cthreads.h cthreads.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -24525,41 +25932,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -24568,24 +25971,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -24593,9 +25994,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -24619,25 +26021,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -24652,8 +26053,8 @@
 	if test $ac_cv_header_mach_cthreads_h = yes ; then
 		ol_with_threads=found
 
-				echo "$as_me:$LINENO: checking for cthread_fork" >&5
-echo $ECHO_N "checking for cthread_fork... $ECHO_C" >&6
+				{ echo "$as_me:$LINENO: checking for cthread_fork" >&5
+echo $ECHO_N "checking for cthread_fork... $ECHO_C" >&6; }
 if test "${ac_cv_func_cthread_fork+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -24680,76 +26081,67 @@
 
 #undef cthread_fork
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char cthread_fork ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_cthread_fork) || defined (__stub___cthread_fork)
+#if defined __stub_cthread_fork || defined __stub___cthread_fork
 choke me
-#else
-char (*f) () = cthread_fork;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != cthread_fork;
+return cthread_fork ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_cthread_fork=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_cthread_fork=no
+	ac_cv_func_cthread_fork=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_cthread_fork" >&5
-echo "${ECHO_T}$ac_cv_func_cthread_fork" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_cthread_fork" >&5
+echo "${ECHO_T}$ac_cv_func_cthread_fork" >&6; }
 if test $ac_cv_func_cthread_fork = yes; then
   ol_link_threads=yes
 fi
 
 
 		if test $ol_link_threads = no ; then
-									echo "$as_me:$LINENO: checking for cthread_fork with -all_load" >&5
-echo $ECHO_N "checking for cthread_fork with -all_load... $ECHO_C" >&6
+									{ echo "$as_me:$LINENO: checking for cthread_fork with -all_load" >&5
+echo $ECHO_N "checking for cthread_fork with -all_load... $ECHO_C" >&6; }
 if test "${ol_cv_cthread_all_load+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -24774,41 +26166,38 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_cthread_all_load=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_cthread_all_load=no
+	ol_cv_cthread_all_load=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 								LIBS="$save_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_cthread_all_load" >&5
-echo "${ECHO_T}$ol_cv_cthread_all_load" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_cthread_all_load" >&5
+echo "${ECHO_T}$ol_cv_cthread_all_load" >&6; }
 
 			if test $ol_cv_cthread_all_load = yes ; then
 				LTHREAD_LIBS="$LTHREAD_LIBS -all_load"
@@ -24823,8 +26212,8 @@
 
 				save_LIBS="$LIBS"
 		LIBS="$LIBS -lthreads"
-		echo "$as_me:$LINENO: checking for cthread_fork" >&5
-echo $ECHO_N "checking for cthread_fork... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for cthread_fork" >&5
+echo $ECHO_N "checking for cthread_fork... $ECHO_C" >&6; }
 if test "${ac_cv_func_cthread_fork+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -24851,68 +26240,59 @@
 
 #undef cthread_fork
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char cthread_fork ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_cthread_fork) || defined (__stub___cthread_fork)
+#if defined __stub_cthread_fork || defined __stub___cthread_fork
 choke me
-#else
-char (*f) () = cthread_fork;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != cthread_fork;
+return cthread_fork ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_cthread_fork=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_cthread_fork=no
+	ac_cv_func_cthread_fork=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_cthread_fork" >&5
-echo "${ECHO_T}$ac_cv_func_cthread_fork" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_cthread_fork" >&5
+echo "${ECHO_T}$ac_cv_func_cthread_fork" >&6; }
 if test $ac_cv_func_cthread_fork = yes; then
   ol_link_threads=yes
 fi
@@ -24955,18 +26335,19 @@
 for ac_header in pth.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -24977,41 +26358,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25020,24 +26397,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -25045,9 +26420,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -25071,25 +26447,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -25103,8 +26478,8 @@
 
 
 	if test $ac_cv_header_pth_h = yes ; then
-		echo "$as_me:$LINENO: checking for pth_version in -lpth" >&5
-echo $ECHO_N "checking for pth_version in -lpth... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for pth_version in -lpth" >&5
+echo $ECHO_N "checking for pth_version in -lpth... $ECHO_C" >&6; }
 if test "${ac_cv_lib_pth_pth_version+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -25117,56 +26492,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char pth_version ();
 int
 main ()
 {
-pth_version ();
+return pth_version ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_pth_pth_version=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_pth_pth_version=no
+	ac_cv_lib_pth_pth_version=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_pth_pth_version" >&5
-echo "${ECHO_T}$ac_cv_lib_pth_pth_version" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_pth_pth_version" >&5
+echo "${ECHO_T}$ac_cv_lib_pth_pth_version" >&6; }
 if test $ac_cv_lib_pth_pth_version = yes; then
   have_pth=yes
 else
@@ -25199,18 +26571,19 @@
 for ac_header in thread.h synch.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25221,41 +26594,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25264,24 +26633,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -25289,9 +26656,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -25315,25 +26683,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -25347,8 +26714,8 @@
 
 	if test $ac_cv_header_thread_h = yes &&
 	   test $ac_cv_header_synch_h = yes ; then
-		echo "$as_me:$LINENO: checking for thr_create in -lthread" >&5
-echo $ECHO_N "checking for thr_create in -lthread... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for thr_create in -lthread" >&5
+echo $ECHO_N "checking for thr_create in -lthread... $ECHO_C" >&6; }
 if test "${ac_cv_lib_thread_thr_create+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -25361,56 +26728,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char thr_create ();
 int
 main ()
 {
-thr_create ();
+return thr_create ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_thread_thr_create=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_thread_thr_create=no
+	ac_cv_lib_thread_thr_create=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_thread_thr_create" >&5
-echo "${ECHO_T}$ac_cv_lib_thread_thr_create" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_thread_thr_create" >&5
+echo "${ECHO_T}$ac_cv_lib_thread_thr_create" >&6; }
 if test $ac_cv_lib_thread_thr_create = yes; then
   have_thr=yes
 else
@@ -25439,9 +26803,9 @@
 
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -25467,68 +26831,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -25544,18 +26900,19 @@
 for ac_header in lwp/lwp.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25566,41 +26923,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25609,24 +26962,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -25634,9 +26985,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -25660,25 +27012,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -25691,8 +27042,8 @@
 done
 
 	if test $ac_cv_header_lwp_lwp_h = yes ; then
-		echo "$as_me:$LINENO: checking for lwp_create in -llwp" >&5
-echo $ECHO_N "checking for lwp_create in -llwp... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for lwp_create in -llwp" >&5
+echo $ECHO_N "checking for lwp_create in -llwp... $ECHO_C" >&6; }
 if test "${ac_cv_lib_lwp_lwp_create+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -25705,56 +27056,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char lwp_create ();
 int
 main ()
 {
-lwp_create ();
+return lwp_create ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_lwp_lwp_create=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_lwp_lwp_create=no
+	ac_cv_lib_lwp_lwp_create=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_lwp_lwp_create" >&5
-echo "${ECHO_T}$ac_cv_lib_lwp_lwp_create" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_lwp_lwp_create" >&5
+echo "${ECHO_T}$ac_cv_lib_lwp_lwp_create" >&6; }
 if test $ac_cv_lib_lwp_lwp_create = yes; then
   have_lwp=yes
 else
@@ -25798,18 +27146,19 @@
 for ac_header in pthread.h sched.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25820,41 +27169,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -25863,24 +27208,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -25888,9 +27231,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -25914,25 +27258,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -25949,9 +27292,9 @@
 for ac_func in sched_yield pthread_yield
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -25977,68 +27320,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -26048,8 +27383,8 @@
 done
 
 
-	echo "$as_me:$LINENO: checking for LinuxThreads pthread.h" >&5
-echo $ECHO_N "checking for LinuxThreads pthread.h... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for LinuxThreads pthread.h" >&5
+echo $ECHO_N "checking for LinuxThreads pthread.h... $ECHO_C" >&6; }
 if test "${ol_cv_header_linux_threads+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -26071,8 +27406,8 @@
 
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_header_linux_threads" >&5
-echo "${ECHO_T}$ol_cv_header_linux_threads" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_header_linux_threads" >&5
+echo "${ECHO_T}$ol_cv_header_linux_threads" >&6; }
 	if test $ol_cv_header_linux_threads = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -26086,18 +27421,19 @@
 for ac_header in mach/cthreads.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26108,41 +27444,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26151,24 +27483,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -26176,9 +27506,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -26202,25 +27533,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -26236,18 +27566,19 @@
 for ac_header in lwp/lwp.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26258,41 +27589,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26301,24 +27628,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -26326,9 +27651,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -26352,25 +27678,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -26387,18 +27712,19 @@
 for ac_header in thread.h synch.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26409,41 +27735,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26452,24 +27774,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -26477,9 +27797,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -26503,25 +27824,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -26565,8 +27885,8 @@
 _ACEOF
 
 
-			echo "$as_me:$LINENO: checking for thread specific errno" >&5
-echo $ECHO_N "checking for thread specific errno... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking for thread specific errno" >&5
+echo $ECHO_N "checking for thread specific errno... $ECHO_C" >&6; }
 if test "${ol_cv_errno_thread_specific+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -26587,43 +27907,40 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_errno_thread_specific=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_errno_thread_specific=no
+	ol_cv_errno_thread_specific=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_errno_thread_specific" >&5
-echo "${ECHO_T}$ol_cv_errno_thread_specific" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_errno_thread_specific" >&5
+echo "${ECHO_T}$ol_cv_errno_thread_specific" >&6; }
 
-			echo "$as_me:$LINENO: checking for thread specific h_errno" >&5
-echo $ECHO_N "checking for thread specific h_errno... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking for thread specific h_errno" >&5
+echo $ECHO_N "checking for thread specific h_errno... $ECHO_C" >&6; }
 if test "${ol_cv_h_errno_thread_specific+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -26644,40 +27961,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_h_errno_thread_specific=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_h_errno_thread_specific=no
+	ol_cv_h_errno_thread_specific=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_h_errno_thread_specific" >&5
-echo "${ECHO_T}$ol_cv_h_errno_thread_specific" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_h_errno_thread_specific" >&5
+echo "${ECHO_T}$ol_cv_h_errno_thread_specific" >&6; }
 
 	if test $ol_cv_errno_thread_specific != yes ||
 	   test $ol_cv_h_errno_thread_specific != yes ; then
@@ -26728,9 +28042,9 @@
 
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -26756,68 +28070,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -26830,8 +28136,8 @@
 if test "$ac_cv_func_ctime_r" = no ; then
 	ol_cv_func_ctime_r_nargs=0
 else
-	echo "$as_me:$LINENO: checking number of arguments of ctime_r" >&5
-echo $ECHO_N "checking number of arguments of ctime_r... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking number of arguments of ctime_r" >&5
+echo $ECHO_N "checking number of arguments of ctime_r... $ECHO_C" >&6; }
 if test "${ol_cv_func_ctime_r_nargs+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -26851,36 +28157,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_func_ctime_r_nargs3=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_ctime_r_nargs3=no
+	ol_cv_func_ctime_r_nargs3=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -26897,36 +28199,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_func_ctime_r_nargs2=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_ctime_r_nargs2=no
+	ol_cv_func_ctime_r_nargs2=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 	if test $ol_cv_func_ctime_r_nargs3 = yes &&
 	   test $ol_cv_func_ctime_r_nargs2 = no ; then
 
@@ -26942,8 +28240,8 @@
 	fi
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_func_ctime_r_nargs" >&5
-echo "${ECHO_T}$ol_cv_func_ctime_r_nargs" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_func_ctime_r_nargs" >&5
+echo "${ECHO_T}$ol_cv_func_ctime_r_nargs" >&6; }
 
   if test $ol_cv_func_ctime_r_nargs -gt 1 ; then
 
@@ -26956,8 +28254,8 @@
 fi
 
 if test "$ac_cv_func_gethostbyname_r" = yes ; then
- 	echo "$as_me:$LINENO: checking number of arguments of gethostbyname_r" >&5
-echo $ECHO_N "checking number of arguments of gethostbyname_r... $ECHO_C" >&6
+ 	{ echo "$as_me:$LINENO: checking number of arguments of gethostbyname_r" >&5
+echo $ECHO_N "checking number of arguments of gethostbyname_r... $ECHO_C" >&6; }
 if test "${ol_cv_func_gethostbyname_r_nargs+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -26984,36 +28282,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_func_gethostbyname_r_nargs5=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_gethostbyname_r_nargs5=no
+	ol_cv_func_gethostbyname_r_nargs5=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -27038,36 +28332,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_func_gethostbyname_r_nargs6=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_gethostbyname_r_nargs6=no
+	ol_cv_func_gethostbyname_r_nargs6=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 	if test $ol_cv_func_gethostbyname_r_nargs5 = yes &&
 	   test $ol_cv_func_gethostbyname_r_nargs6 = no ; then
 
@@ -27083,8 +28373,8 @@
 	fi
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_func_gethostbyname_r_nargs" >&5
-echo "${ECHO_T}$ol_cv_func_gethostbyname_r_nargs" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_func_gethostbyname_r_nargs" >&5
+echo "${ECHO_T}$ol_cv_func_gethostbyname_r_nargs" >&6; }
   if test $ol_cv_func_gethostbyname_r_nargs -gt 1 ; then
 
 cat >>confdefs.h <<_ACEOF
@@ -27098,8 +28388,8 @@
 fi
 
 if test "$ac_cv_func_gethostbyaddr_r" = yes ; then
- 	echo "$as_me:$LINENO: checking number of arguments of gethostbyaddr_r" >&5
-echo $ECHO_N "checking number of arguments of gethostbyaddr_r... $ECHO_C" >&6
+ 	{ echo "$as_me:$LINENO: checking number of arguments of gethostbyaddr_r" >&5
+echo $ECHO_N "checking number of arguments of gethostbyaddr_r... $ECHO_C" >&6; }
 if test "${ol_cv_func_gethostbyaddr_r_nargs+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -27128,36 +28418,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_func_gethostbyaddr_r_nargs7=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_gethostbyaddr_r_nargs7=no
+	ol_cv_func_gethostbyaddr_r_nargs7=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -27185,36 +28471,32 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_func_gethostbyaddr_r_nargs8=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_gethostbyaddr_r_nargs8=no
+	ol_cv_func_gethostbyaddr_r_nargs8=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
 	if test $ol_cv_func_gethostbyaddr_r_nargs7 = yes &&
 	   test $ol_cv_func_gethostbyaddr_r_nargs8 = no ; then
 
@@ -27230,8 +28512,8 @@
 	fi
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_func_gethostbyaddr_r_nargs" >&5
-echo "${ECHO_T}$ol_cv_func_gethostbyaddr_r_nargs" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_func_gethostbyaddr_r_nargs" >&5
+echo "${ECHO_T}$ol_cv_func_gethostbyaddr_r_nargs" >&6; }
   if test $ol_cv_func_gethostbyaddr_r_nargs -gt 1 ; then
 
 cat >>confdefs.h <<_ACEOF
@@ -27252,18 +28534,19 @@
 for ac_header in db.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -27274,41 +28557,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -27317,24 +28596,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -27342,9 +28619,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -27368,25 +28646,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -27399,217 +28676,67 @@
 done
 
 if test $ac_cv_header_db_h = yes; then
-	ol_cv_lib_db=no
-
-echo "$as_me:$LINENO: checking for Berkeley DB major version" >&5
-echo $ECHO_N "checking for Berkeley DB major version... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for Berkeley DB major version in db.h" >&5
+echo $ECHO_N "checking for Berkeley DB major version in db.h... $ECHO_C" >&6; }
 if test "${ol_cv_bdb_major+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-	ol_cv_bdb_major=0
-	if test $ol_cv_bdb_major = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
+	cat >conftest.$ac_ext <<_ACEOF
 
 #include <db.h>
 #ifndef DB_VERSION_MAJOR
 #	define DB_VERSION_MAJOR 1
 #endif
-#if DB_VERSION_MAJOR == 4
-__db_version
-#endif
+__db_version DB_VERSION_MAJOR
 
 _ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_major=4
-else
-  :
-fi
-rm -f conftest*
+	set X `eval "$ac_cpp conftest.$ac_ext" | $EGREP __db_version` none none
+	ol_cv_bdb_major=${3}
 
-	fi
-	if test $ol_cv_bdb_major = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#if DB_VERSION_MAJOR == 3
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_major=3
-else
-  :
 fi
-rm -f conftest*
+{ echo "$as_me:$LINENO: result: $ol_cv_bdb_major" >&5
+echo "${ECHO_T}$ol_cv_bdb_major" >&6; }
+case $ol_cv_bdb_major in [1-9]*) : ;; *)
+	{ { echo "$as_me:$LINENO: error: Unknown Berkeley DB major version in db.h" >&5
+echo "$as_me: error: Unknown Berkeley DB major version in db.h" >&2;}
+   { (exit 1); exit 1; }; } ;;
+esac
 
-	fi
-	if test $ol_cv_bdb_major = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#if DB_VERSION_MAJOR == 2
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_major=2
-else
-  :
-fi
-rm -f conftest*
-
-	fi
-	if test $ol_cv_bdb_major = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#if DB_VERSION_MAJOR == 1
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_major=1
-else
-  :
-fi
-rm -f conftest*
-
-	fi
-
-	if test $ol_cv_bdb_major = 0 ; then
-		{ { echo "$as_me:$LINENO: error: Unknown Berkeley DB major version" >&5
-echo "$as_me: error: Unknown Berkeley DB major version" >&2;}
-   { (exit 1); exit 1; }; }
-	fi
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_bdb_major" >&5
-echo "${ECHO_T}$ol_cv_bdb_major" >&6
-
-echo "$as_me:$LINENO: checking for Berkeley DB minor version" >&5
-echo $ECHO_N "checking for Berkeley DB minor version... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for Berkeley DB minor version in db.h" >&5
+echo $ECHO_N "checking for Berkeley DB minor version in db.h... $ECHO_C" >&6; }
 if test "${ol_cv_bdb_minor+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-	ol_cv_bdb_minor=0
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
+	cat >conftest.$ac_ext <<_ACEOF
 
 #include <db.h>
 #ifndef DB_VERSION_MINOR
 #	define DB_VERSION_MINOR 0
 #endif
-#if DB_VERSION_MINOR == 9
-__db_version
-#endif
+__db_version DB_VERSION_MINOR
 
 _ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=9
-else
-  :
-fi
-rm -f conftest*
+	set X `eval "$ac_cpp conftest.$ac_ext" | $EGREP __db_version` none none
+	ol_cv_bdb_minor=${3}
 
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 8
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=8
-else
-  :
 fi
-rm -f conftest*
+{ echo "$as_me:$LINENO: result: $ol_cv_bdb_minor" >&5
+echo "${ECHO_T}$ol_cv_bdb_minor" >&6; }
+case $ol_cv_bdb_minor in [0-9]*) : ;; *)
+	{ { echo "$as_me:$LINENO: error: Unknown Berkeley DB minor version in db.h" >&5
+echo "$as_me: error: Unknown Berkeley DB minor version in db.h" >&2;}
+   { (exit 1); exit 1; }; } ;;
+esac
 
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 7
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=7
+	{ echo "$as_me:$LINENO: checking if Berkeley DB version supported by BDB/HDB backends" >&5
+echo $ECHO_N "checking if Berkeley DB version supported by BDB/HDB backends... $ECHO_C" >&6; }
+if test "${ol_cv_bdb_compat+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  :
-fi
-rm -f conftest*
 
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -27617,168 +28744,53 @@
 /* end confdefs.h.  */
 
 #include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 6
-__db_version
-#endif
 
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=6
-else
-  :
-fi
-rm -f conftest*
-
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
+ /* this check could be improved */
+#ifndef DB_VERSION_MAJOR
+#	define DB_VERSION_MAJOR 1
 #endif
-#if DB_VERSION_MINOR == 5
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=5
-else
-  :
-fi
-rm -f conftest*
-
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
 #ifndef DB_VERSION_MINOR
 #	define DB_VERSION_MINOR 0
 #endif
-#if DB_VERSION_MINOR == 4
-__db_version
-#endif
 
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=4
-else
-  :
-fi
-rm -f conftest*
+#define DB_VERSION_MM	((DB_VERSION_MAJOR<<8)|DB_VERSION_MINOR)
 
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
+/* require 4.4 or later */
+#if DB_VERSION_MM >= 0x0404
+	__db_version_compat
 #endif
-#if DB_VERSION_MINOR == 3
-__db_version
-#endif
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=3
+  $EGREP "__db_version_compat" >/dev/null 2>&1; then
+  ol_cv_bdb_compat=yes
 else
-  :
+  ol_cv_bdb_compat=no
 fi
 rm -f conftest*
 
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 2
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=2
-else
-  :
 fi
-rm -f conftest*
+{ echo "$as_me:$LINENO: result: $ol_cv_bdb_compat" >&5
+echo "${ECHO_T}$ol_cv_bdb_compat" >&6; }
 
-	fi
-	if test $ol_cv_bdb_minor = 0 ; then
-		cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
 
-#include <db.h>
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-#if DB_VERSION_MINOR == 1
-__db_version
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version" >/dev/null 2>&1; then
-  ol_cv_bdb_minor=1
-else
-  :
-fi
-rm -f conftest*
-
+	if test $ol_cv_bdb_compat != yes ; then
+		{ { echo "$as_me:$LINENO: error: BerkeleyDB version incompatible with BDB/HDB backends" >&5
+echo "$as_me: error: BerkeleyDB version incompatible with BDB/HDB backends" >&2;}
+   { (exit 1); exit 1; }; }
 	fi
 
-fi
-echo "$as_me:$LINENO: result: $ol_cv_bdb_minor" >&5
-echo "${ECHO_T}$ol_cv_bdb_minor" >&6
+	ol_cv_lib_db=no
 
 if test $ol_cv_bdb_major = 4 ; then
-	if test $ol_cv_bdb_minor = 6 ; then
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.6)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4.6)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_dot_6+set}" = set; then
+	if test $ol_cv_lib_db = no ; then
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.$ol_cv_bdb_minor)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4.$ol_cv_bdb_minor)... $ECHO_C" >&6; }
+if test "${ol_cv_db_db_4_dot_m+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-	ol_DB_LIB=-ldb-4.6
+	ol_DB_LIB=-ldb-4.$ol_cv_bdb_minor
 	ol_LIBS=$LIBS
 	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
 
@@ -27807,24 +28819,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -27838,165 +28832,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_dot_6=yes
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ol_cv_db_db_4_dot_m=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db_4_dot_6=no
+	ol_cv_db_db_4_dot_m=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
 
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_6" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_dot_6" >&6
-
-	if test $ol_cv_db_db_4_dot_6 = yes ; then
-		ol_cv_lib_db=-ldb-4.6
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb46)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb46)... $ECHO_C" >&6
-if test "${ol_cv_db_db46+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb46
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db46=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db46=no
-fi
-rm -f conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db46" >&5
-echo "${ECHO_T}$ol_cv_db_db46" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_m" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_dot_m" >&6; }
 
-	if test $ol_cv_db_db46 = yes ; then
-		ol_cv_lib_db=-ldb46
+	if test $ol_cv_db_db_4_dot_m = yes ; then
+		ol_cv_lib_db=-ldb-4.$ol_cv_bdb_minor
 	fi
 fi
 
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-46)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-46)... $ECHO_C" >&6
-if test "${ol_cv_db_db_46+set}" = set; then
+	if test $ol_cv_lib_db = no ; then
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb4$ol_cv_bdb_minor)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb4$ol_cv_bdb_minor)... $ECHO_C" >&6; }
+if test "${ol_cv_db_db4m+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-	ol_DB_LIB=-ldb-46
+	ol_DB_LIB=-ldb4$ol_cv_bdb_minor
 	ol_LIBS=$LIBS
 	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
 
@@ -28025,24 +28907,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -28056,166 +28920,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_46=yes
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ol_cv_db_db4m=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db_46=no
+	ol_cv_db_db4m=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
 
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_46" >&5
-echo "${ECHO_T}$ol_cv_db_db_46" >&6
-
-	if test $ol_cv_db_db_46 = yes ; then
-		ol_cv_lib_db=-ldb-46
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-6)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4-6)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_6+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4-6
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_6=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_6=no
-fi
-rm -f conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_6" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_6" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db4m" >&5
+echo "${ECHO_T}$ol_cv_db_db4m" >&6; }
 
-	if test $ol_cv_db_db_4_6 = yes ; then
-		ol_cv_lib_db=-ldb-4-6
+	if test $ol_cv_db_db4m = yes ; then
+		ol_cv_lib_db=-ldb4$ol_cv_bdb_minor
 	fi
 fi
 
-	elif test $ol_cv_bdb_minor = 5 ; then
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.5)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4.5)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_dot_5+set}" = set; then
+	if test $ol_cv_lib_db = no ; then
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4$ol_cv_bdb_minor)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4$ol_cv_bdb_minor)... $ECHO_C" >&6; }
+if test "${ol_cv_db_db_4m+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-	ol_DB_LIB=-ldb-4.5
+	ol_DB_LIB=-ldb-4$ol_cv_bdb_minor
 	ol_LIBS=$LIBS
 	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
 
@@ -28244,24 +28995,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -28275,165 +29008,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_dot_5=yes
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ol_cv_db_db_4m=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db_4_dot_5=no
+	ol_cv_db_db_4m=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
 
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_5" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_dot_5" >&6
-
-	if test $ol_cv_db_db_4_dot_5 = yes ; then
-		ol_cv_lib_db=-ldb-4.5
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb45)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb45)... $ECHO_C" >&6
-if test "${ol_cv_db_db45+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb45
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db45=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db45=no
-fi
-rm -f conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db45" >&5
-echo "${ECHO_T}$ol_cv_db_db45" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db_4m" >&5
+echo "${ECHO_T}$ol_cv_db_db_4m" >&6; }
 
-	if test $ol_cv_db_db45 = yes ; then
-		ol_cv_lib_db=-ldb45
+	if test $ol_cv_db_db_4m = yes ; then
+		ol_cv_lib_db=-ldb-4$ol_cv_bdb_minor
 	fi
 fi
 
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-45)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-45)... $ECHO_C" >&6
-if test "${ol_cv_db_db_45+set}" = set; then
+	if test $ol_cv_lib_db = no ; then
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-$ol_cv_bdb_minor)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4-$ol_cv_bdb_minor)... $ECHO_C" >&6; }
+if test "${ol_cv_db_db_4_m+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
-	ol_DB_LIB=-ldb-45
+	ol_DB_LIB=-ldb-4-$ol_cv_bdb_minor
 	ol_LIBS=$LIBS
 	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
 
@@ -28462,24 +29083,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -28493,1472 +29096,48 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_45=yes
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ol_cv_db_db_4_m=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db_45=no
+	ol_cv_db_db_4_m=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
 
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_45" >&5
-echo "${ECHO_T}$ol_cv_db_db_45" >&6
-
-	if test $ol_cv_db_db_45 = yes ; then
-		ol_cv_lib_db=-ldb-45
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-5)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4-5)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_5+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4-5
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_5=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_5=no
-fi
-rm -f conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_5" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_5" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db_4_m" >&5
+echo "${ECHO_T}$ol_cv_db_db_4_m" >&6; }
 
-	if test $ol_cv_db_db_4_5 = yes ; then
-		ol_cv_lib_db=-ldb-4-5
+	if test $ol_cv_db_db_4_m = yes ; then
+		ol_cv_lib_db=-ldb-4-$ol_cv_bdb_minor
 	fi
 fi
 
-	elif test $ol_cv_bdb_minor = 4 ; then
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.4)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4.4)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_dot_4+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4.4
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_dot_4=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_dot_4=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_4" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_dot_4" >&6
-
-	if test $ol_cv_db_db_4_dot_4 = yes ; then
-		ol_cv_lib_db=-ldb-4.4
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb44)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb44)... $ECHO_C" >&6
-if test "${ol_cv_db_db44+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb44
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db44=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db44=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db44" >&5
-echo "${ECHO_T}$ol_cv_db_db44" >&6
-
-	if test $ol_cv_db_db44 = yes ; then
-		ol_cv_lib_db=-ldb44
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-44)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-44)... $ECHO_C" >&6
-if test "${ol_cv_db_db_44+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-44
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_44=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_44=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_44" >&5
-echo "${ECHO_T}$ol_cv_db_db_44" >&6
-
-	if test $ol_cv_db_db_44 = yes ; then
-		ol_cv_lib_db=-ldb-44
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-4)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4-4)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_4+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4-4
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_4=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_4=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_4" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_4" >&6
-
-	if test $ol_cv_db_db_4_4 = yes ; then
-		ol_cv_lib_db=-ldb-4-4
-	fi
-fi
-
-	elif test $ol_cv_bdb_minor = 3 ; then
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.3)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4.3)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_dot_3+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4.3
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_dot_3=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_dot_3=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_3" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_dot_3" >&6
-
-	if test $ol_cv_db_db_4_dot_3 = yes ; then
-		ol_cv_lib_db=-ldb-4.3
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb43)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb43)... $ECHO_C" >&6
-if test "${ol_cv_db_db43+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb43
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db43=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db43=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db43" >&5
-echo "${ECHO_T}$ol_cv_db_db43" >&6
-
-	if test $ol_cv_db_db43 = yes ; then
-		ol_cv_lib_db=-ldb43
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-43)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-43)... $ECHO_C" >&6
-if test "${ol_cv_db_db_43+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-43
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_43=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_43=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_43" >&5
-echo "${ECHO_T}$ol_cv_db_db_43" >&6
-
-	if test $ol_cv_db_db_43 = yes ; then
-		ol_cv_lib_db=-ldb-43
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-3)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4-3)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_3+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4-3
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_3=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_3=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_3" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_3" >&6
-
-	if test $ol_cv_db_db_4_3 = yes ; then
-		ol_cv_lib_db=-ldb-4-3
-	fi
-fi
-
-	elif test $ol_cv_bdb_minor = 2 ; then
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4.2)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4.2)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_dot_2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4.2
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_dot_2=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_dot_2=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_dot_2" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_dot_2" >&6
-
-	if test $ol_cv_db_db_4_dot_2 = yes ; then
-		ol_cv_lib_db=-ldb-4.2
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb42)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb42)... $ECHO_C" >&6
-if test "${ol_cv_db_db42+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb42
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db42=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db42=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db42" >&5
-echo "${ECHO_T}$ol_cv_db_db42" >&6
-
-	if test $ol_cv_db_db42 = yes ; then
-		ol_cv_lib_db=-ldb42
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-42)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-42)... $ECHO_C" >&6
-if test "${ol_cv_db_db_42+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-42
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_42=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_42=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_42" >&5
-echo "${ECHO_T}$ol_cv_db_db_42" >&6
-
-	if test $ol_cv_db_db_42 = yes ; then
-		ol_cv_lib_db=-ldb-42
-	fi
-fi
-
-		if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4-2)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4-2)... $ECHO_C" >&6
-if test "${ol_cv_db_db_4_2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-4-2
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_4_2=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_4_2=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4_2" >&5
-echo "${ECHO_T}$ol_cv_db_db_4_2" >&6
-
-	if test $ol_cv_db_db_4_2 = yes ; then
-		ol_cv_lib_db=-ldb-4-2
-	fi
-fi
-
-	fi
 	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-4)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb-4)... $ECHO_C" >&6; }
 if test "${ol_cv_db_db_4+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -29992,24 +29171,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -30023,42 +29184,39 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_db_db_4=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db_4=no
+	ol_cv_db_db_4=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_4" >&5
-echo "${ECHO_T}$ol_cv_db_db_4" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db_4" >&5
+echo "${ECHO_T}$ol_cv_db_db_4" >&6; }
 
 	if test $ol_cv_db_db_4 = yes ; then
 		ol_cv_lib_db=-ldb-4
@@ -30066,8 +29224,8 @@
 fi
 
 	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb4)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb4)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb4)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb4)... $ECHO_C" >&6; }
 if test "${ol_cv_db_db4+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -30101,24 +29259,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -30132,42 +29272,39 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_db_db4=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db4=no
+	ol_cv_db_db4=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db4" >&5
-echo "${ECHO_T}$ol_cv_db_db4" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db4" >&5
+echo "${ECHO_T}$ol_cv_db_db4" >&6; }
 
 	if test $ol_cv_db_db4 = yes ; then
 		ol_cv_lib_db=-ldb4
@@ -30175,8 +29312,8 @@
 fi
 
 	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb)" >&5
+echo $ECHO_N "checking for Berkeley DB link (-ldb)... $ECHO_C" >&6; }
 if test "${ol_cv_db_db+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -30210,24 +29347,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -30241,712 +29360,49 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_db_db=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_db=no
+	ol_cv_db_db=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db" >&5
-echo "${ECHO_T}$ol_cv_db_db" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_db" >&5
+echo "${ECHO_T}$ol_cv_db_db" >&6; }
 
 	if test $ol_cv_db_db = yes ; then
 		ol_cv_lib_db=-ldb
 	fi
 fi
 
-
-elif test $ol_cv_bdb_major = 3 ; then
-	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb3)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb3)... $ECHO_C" >&6
-if test "${ol_cv_db_db3+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb3
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db3=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db3=no
 fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db3" >&5
-echo "${ECHO_T}$ol_cv_db_db3" >&6
-
-	if test $ol_cv_db_db3 = yes ; then
-		ol_cv_lib_db=-ldb3
-	fi
-fi
-
-	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-3)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-3)... $ECHO_C" >&6
-if test "${ol_cv_db_db_3+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-3
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_3=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_3=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_3" >&5
-echo "${ECHO_T}$ol_cv_db_db_3" >&6
-
-	if test $ol_cv_db_db_3 = yes ; then
-		ol_cv_lib_db=-ldb-3
-	fi
-fi
-
-
-elif test $ol_cv_bdb_major = 2 ; then
-	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb2)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb2)... $ECHO_C" >&6
-if test "${ol_cv_db_db2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb2
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db2=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db2=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db2" >&5
-echo "${ECHO_T}$ol_cv_db_db2" >&6
-
-	if test $ol_cv_db_db2 = yes ; then
-		ol_cv_lib_db=-ldb2
-	fi
-fi
-
-	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-2)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-2)... $ECHO_C" >&6
-if test "${ol_cv_db_db_2+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-2
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_2=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_2=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_2" >&5
-echo "${ECHO_T}$ol_cv_db_db_2" >&6
-
-	if test $ol_cv_db_db_2 = yes ; then
-		ol_cv_lib_db=-ldb-2
-	fi
-fi
-
-
-elif test $ol_cv_bdb_major = 1 ; then
-	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb1)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb1)... $ECHO_C" >&6
-if test "${ol_cv_db_db1+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb1
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db1=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db1=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db1" >&5
-echo "${ECHO_T}$ol_cv_db_db1" >&6
-
-	if test $ol_cv_db_db1 = yes ; then
-		ol_cv_lib_db=-ldb1
-	fi
-fi
-
-	if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (-ldb-1)" >&5
-echo $ECHO_N "checking for Berkeley DB link (-ldb-1)... $ECHO_C" >&6
-if test "${ol_cv_db_db_1+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	ol_DB_LIB=-ldb-1
-	ol_LIBS=$LIBS
-	LIBS="$ol_DB_LIB $LTHREAD_LIBS $LIBS"
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#ifdef HAVE_DB_185_H
-# include <db_185.h>
-#else
-# include <db.h>
-#endif
-
-#ifndef DB_VERSION_MAJOR
-# define DB_VERSION_MAJOR 1
-#endif
-
-#ifndef NULL
-#define NULL ((void*)0)
-#endif
-
-int
-main ()
-{
-
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
-#if DB_VERSION_MAJOR > 2
-	db_env_create( NULL, 0 );
-#elif DB_VERSION_MAJOR > 1
-	db_appexit( NULL );
-#else
-	(void) dbopen( NULL, 0, 0, 0, NULL);
-#endif
-
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
-  ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ol_cv_db_db_1=yes
-else
-  echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ol_cv_db_db_1=no
-fi
-rm -f conftest.err conftest.$ac_objext \
-      conftest$ac_exeext conftest.$ac_ext
-
-	LIBS="$ol_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_db_db_1" >&5
-echo "${ECHO_T}$ol_cv_db_db_1" >&6
-
-	if test $ol_cv_db_db_1 = yes ; then
-		ol_cv_lib_db=-ldb-1
-	fi
-fi
-
-fi
 if test $ol_cv_lib_db = no ; then
-	echo "$as_me:$LINENO: checking for Berkeley DB link (default)" >&5
-echo $ECHO_N "checking for Berkeley DB link (default)... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for Berkeley DB link (default)" >&5
+echo $ECHO_N "checking for Berkeley DB link (default)... $ECHO_C" >&6; }
 if test "${ol_cv_db_none+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -30980,24 +29436,6 @@
 main ()
 {
 
-#if DB_VERSION_MAJOR > 1
-	{
-		char *version;
-		int major, minor, patch;
-
-		version = db_version( &major, &minor, &patch );
-
-		if( major != DB_VERSION_MAJOR ||
-			minor < DB_VERSION_MINOR )
-		{
-			printf("Berkeley DB version mismatch\n"
-				"\theader: %s\n\tlibrary: %s\n",
-				DB_VERSION_STRING, version);
-			return 1;
-		}
-	}
-#endif
-
 #if DB_VERSION_MAJOR > 2
 	db_env_create( NULL, 0 );
 #elif DB_VERSION_MAJOR > 1
@@ -31011,42 +29449,39 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_db_none=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_db_none=no
+	ol_cv_db_none=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_db_none" >&5
-echo "${ECHO_T}$ol_cv_db_none" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_db_none" >&5
+echo "${ECHO_T}$ol_cv_db_none" >&6; }
 
 	if test $ol_cv_db_none = yes ; then
 		ol_cv_lib_db=yes
@@ -31056,8 +29491,8 @@
 
 	if test "$ol_cv_lib_db" != no ; then
 		ol_cv_berkeley_db=yes
-		echo "$as_me:$LINENO: checking for Berkeley DB version match" >&5
-echo $ECHO_N "checking for Berkeley DB version match... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for Berkeley DB library and header version match" >&5
+echo $ECHO_N "checking for Berkeley DB library and header version match... $ECHO_C" >&6; }
 if test "${ol_cv_berkeley_db_version+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -31112,13 +29547,22 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -31131,14 +29575,16 @@
 ( exit $ac_status )
 ol_cv_berkeley_db_version=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_berkeley_db_version" >&5
-echo "${ECHO_T}$ol_cv_berkeley_db_version" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_berkeley_db_version" >&5
+echo "${ECHO_T}$ol_cv_berkeley_db_version" >&6; }
 
 	if test $ol_cv_berkeley_db_version = no ; then
 		{ { echo "$as_me:$LINENO: error: Berkeley DB version mismatch" >&5
@@ -31146,8 +29592,8 @@
    { (exit 1); exit 1; }; }
 	fi
 
-		echo "$as_me:$LINENO: checking for Berkeley DB thread support" >&5
-echo $ECHO_N "checking for Berkeley DB thread support... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for Berkeley DB thread support" >&5
+echo $ECHO_N "checking for Berkeley DB thread support... $ECHO_C" >&6; }
 if test "${ol_cv_berkeley_db_thread+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -31233,13 +29679,22 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -31252,14 +29707,16 @@
 ( exit $ac_status )
 ol_cv_berkeley_db_thread=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+
+
 	LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_berkeley_db_thread" >&5
-echo "${ECHO_T}$ol_cv_berkeley_db_thread" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_berkeley_db_thread" >&5
+echo "${ECHO_T}$ol_cv_berkeley_db_thread" >&6; }
 
 	if test $ol_cv_berkeley_db_thread != no ; then
 
@@ -31289,54 +29746,6 @@
 		BDB_LIBS="$BDB_LIBS $ol_cv_lib_db"
 	fi
 
-	echo "$as_me:$LINENO: checking Berkeley DB version for BDB/HDB backends" >&5
-echo $ECHO_N "checking Berkeley DB version for BDB/HDB backends... $ECHO_C" >&6
-if test "${ol_cv_bdb_compat+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
-	cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h.  */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h.  */
-
-#include <db.h>
-
- /* this check could be improved */
-#ifndef DB_VERSION_MAJOR
-#	define DB_VERSION_MAJOR 1
-#endif
-#ifndef DB_VERSION_MINOR
-#	define DB_VERSION_MINOR 0
-#endif
-
-/* require 4.2 or later, but exclude 4.3 */
-#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 2) && (DB_VERSION_MINOR !=3)
-	__db_version_compat
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "__db_version_compat" >/dev/null 2>&1; then
-  ol_cv_bdb_compat=yes
-else
-  ol_cv_bdb_compat=no
-fi
-rm -f conftest*
-
-fi
-echo "$as_me:$LINENO: result: $ol_cv_bdb_compat" >&5
-echo "${ECHO_T}$ol_cv_bdb_compat" >&6
-
-
-	if test $ol_cv_bdb_compat != yes ; then
-		{ { echo "$as_me:$LINENO: error: BDB/HDB: BerkeleyDB version incompatible" >&5
-echo "$as_me: error: BDB/HDB: BerkeleyDB version incompatible" >&2;}
-   { (exit 1); exit 1; }; }
-	fi
-
 	SLAPD_LIBS="$SLAPD_LIBS \$(BDB_LIBS)"
 
 	ol_link_bdb=yes
@@ -31361,18 +29770,19 @@
 for ac_header in tcpd.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -31383,41 +29793,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -31426,24 +29832,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -31451,9 +29855,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -31477,25 +29882,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -31503,8 +29907,8 @@
 #define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
 _ACEOF
 
-		echo "$as_me:$LINENO: checking for TCP wrappers library" >&5
-echo $ECHO_N "checking for TCP wrappers library... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for TCP wrappers library" >&5
+echo $ECHO_N "checking for TCP wrappers library... $ECHO_C" >&6; }
 		save_LIBS="$LIBS"
 		LIBS="$LIBS -lwrap"
 		cat >conftest.$ac_ext <<_ACEOF
@@ -31531,29 +29935,25 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  echo "$as_me:$LINENO: result: -lwrap" >&5
-echo "${ECHO_T}-lwrap" >&6
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  { echo "$as_me:$LINENO: result: -lwrap" >&5
+echo "${ECHO_T}-lwrap" >&6; }
 		have_wrappers=yes
 		LIBS="$save_LIBS"
 else
@@ -31586,29 +29986,25 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  echo "$as_me:$LINENO: result: -lwrap -lnsl" >&5
-echo "${ECHO_T}-lwrap -lnsl" >&6
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  { echo "$as_me:$LINENO: result: -lwrap -lnsl" >&5
+echo "${ECHO_T}-lwrap -lnsl" >&6; }
 		have_wrappers=yes
 		LIBS="$save_LIBS -lnsl"
 else
@@ -31616,15 +30012,17 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 
-		echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+		{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
 		have_wrappers=no
 		LIBS=$save_LIBS
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 else
   have_wrappers=no
@@ -31652,8 +30050,8 @@
 fi
 
 if test $ol_enable_syslog != no ; then
-	echo "$as_me:$LINENO: checking for openlog" >&5
-echo $ECHO_N "checking for openlog... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for openlog" >&5
+echo $ECHO_N "checking for openlog... $ECHO_C" >&6; }
 if test "${ac_cv_func_openlog+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -31680,68 +30078,59 @@
 
 #undef openlog
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char openlog ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_openlog) || defined (__stub___openlog)
+#if defined __stub_openlog || defined __stub___openlog
 choke me
-#else
-char (*f) () = openlog;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != openlog;
+return openlog ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_openlog=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_openlog=no
+	ac_cv_func_openlog=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_openlog" >&5
-echo "${ECHO_T}$ac_cv_func_openlog" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_openlog" >&5
+echo "${ECHO_T}$ac_cv_func_openlog" >&6; }
 
 	if test $ac_cv_func_openlog = no && test $ol_enable_syslog = yes; then
 		{ { echo "$as_me:$LINENO: error: could not find syslog" >&5
@@ -31758,18 +30147,19 @@
 for ac_header in sql.h sqlext.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -31780,41 +30170,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -31823,24 +30209,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -31848,9 +30232,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -31874,25 +30259,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -31915,15 +30299,15 @@
 	LIBS="$LTHREAD_LIBS"
 
 	if test $ol_with_odbc = auto ; then
-		ol_with_odbc="iodbc unixodbc"
+		ol_with_odbc="iodbc unixodbc odbc32"
 	fi
 
 	for odbc in $ol_with_odbc ; do
 		if test $ol_link_sql = no ; then
 			case $odbc in
 			iodbc)
-				echo "$as_me:$LINENO: checking for SQLDriverConnect in -liodbc" >&5
-echo $ECHO_N "checking for SQLDriverConnect in -liodbc... $ECHO_C" >&6
+				{ echo "$as_me:$LINENO: checking for SQLDriverConnect in -liodbc" >&5
+echo $ECHO_N "checking for SQLDriverConnect in -liodbc... $ECHO_C" >&6; }
 if test "${ac_cv_lib_iodbc_SQLDriverConnect+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -31936,56 +30320,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char SQLDriverConnect ();
 int
 main ()
 {
-SQLDriverConnect ();
+return SQLDriverConnect ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_iodbc_SQLDriverConnect=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_iodbc_SQLDriverConnect=no
+	ac_cv_lib_iodbc_SQLDriverConnect=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_iodbc_SQLDriverConnect" >&5
-echo "${ECHO_T}$ac_cv_lib_iodbc_SQLDriverConnect" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_iodbc_SQLDriverConnect" >&5
+echo "${ECHO_T}$ac_cv_lib_iodbc_SQLDriverConnect" >&6; }
 if test $ac_cv_lib_iodbc_SQLDriverConnect = yes; then
   have_iodbc=yes
 else
@@ -31998,8 +30379,8 @@
 				;;
 
 			unixodbc)
-				echo "$as_me:$LINENO: checking for SQLDriverConnect in -lodbc" >&5
-echo $ECHO_N "checking for SQLDriverConnect in -lodbc... $ECHO_C" >&6
+				{ echo "$as_me:$LINENO: checking for SQLDriverConnect in -lodbc" >&5
+echo $ECHO_N "checking for SQLDriverConnect in -lodbc... $ECHO_C" >&6; }
 if test "${ac_cv_lib_odbc_SQLDriverConnect+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32012,56 +30393,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char SQLDriverConnect ();
 int
 main ()
 {
-SQLDriverConnect ();
+return SQLDriverConnect ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_odbc_SQLDriverConnect=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_odbc_SQLDriverConnect=no
+	ac_cv_lib_odbc_SQLDriverConnect=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_odbc_SQLDriverConnect" >&5
-echo "${ECHO_T}$ac_cv_lib_odbc_SQLDriverConnect" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_odbc_SQLDriverConnect" >&5
+echo "${ECHO_T}$ac_cv_lib_odbc_SQLDriverConnect" >&6; }
 if test $ac_cv_lib_odbc_SQLDriverConnect = yes; then
   have_odbc=yes
 else
@@ -32073,6 +30451,79 @@
 				fi
 				;;
 
+			odbc32)
+				{ echo "$as_me:$LINENO: checking for SQLDriverConnect in -lodbc32" >&5
+echo $ECHO_N "checking for SQLDriverConnect in -lodbc32... $ECHO_C" >&6; }
+if test "${ac_cv_lib_odbc32_SQLDriverConnect+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lodbc32  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char SQLDriverConnect ();
+int
+main ()
+{
+return SQLDriverConnect ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_lib_odbc32_SQLDriverConnect=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_lib_odbc32_SQLDriverConnect=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_odbc32_SQLDriverConnect" >&5
+echo "${ECHO_T}$ac_cv_lib_odbc32_SQLDriverConnect" >&6; }
+if test $ac_cv_lib_odbc32_SQLDriverConnect = yes; then
+  have_odbc32=yes
+else
+  have_odbc32=no
+fi
+
+				if test $have_odbc32 = yes ; then
+					ol_link_sql="-lodbc32"
+				fi
+				;;
+
 			*)
 				{ { echo "$as_me:$LINENO: error: unknown ODBC library" >&5
 echo "$as_me: error: unknown ODBC library" >&2;}
@@ -32094,23 +30545,200 @@
 	fi
 fi
 
+ol_link_ndb=no
+if test $ol_enable_ndb != no ; then
+	# Extract the first word of "mysql_config", so it can be a program name with args.
+set dummy mysql_config; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_prog_MYSQL+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$MYSQL"; then
+  ac_cv_prog_MYSQL="$MYSQL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_MYSQL="yes"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+MYSQL=$ac_cv_prog_MYSQL
+if test -n "$MYSQL"; then
+  { echo "$as_me:$LINENO: result: $MYSQL" >&5
+echo "${ECHO_T}$MYSQL" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+	if test "$MYSQL" != yes ; then
+		{ { echo "$as_me:$LINENO: error: could not locate mysql_config" >&5
+echo "$as_me: error: could not locate mysql_config" >&2;}
+   { (exit 1); exit 1; }; }
+	fi
+
+	SQL_INC=`mysql_config --include`
+	SLAPD_NDB_INCS="$SQL_INC $SQL_INC/storage/ndb $SQL_INC/storage/ndb/ndbapi"
+
+	save_CPPFLAGS="$CPPFLAGS"
+	CPPFLAGS="$SLAPD_NDB_INCS"
+	{ echo "$as_me:$LINENO: checking for NdbApi.hpp" >&5
+echo $ECHO_N "checking for NdbApi.hpp... $ECHO_C" >&6; }
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <NdbApi.hpp>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  { { echo "$as_me:$LINENO: error: could not locate NdbApi headers" >&5
+echo "$as_me: error: could not locate NdbApi headers" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+
+rm -f conftest.err conftest.$ac_ext
+	CPPFLAGS="$save_CPPFLAGS"
+
+	SQL_LIB=`mysql_config --libs_r`
+	SLAPD_NDB_LIBS="$SQL_LIB -lndbclient -lstdc++"
+
+	save_LDFLAGS="$LDFLAGS"
+	save_LIBS="$LIBS"
+	LDFLAGS="$SQL_LIB"
+	{ echo "$as_me:$LINENO: checking for ndb_init in -lndbclient" >&5
+echo $ECHO_N "checking for ndb_init in -lndbclient... $ECHO_C" >&6; }
+if test "${ac_cv_lib_ndbclient_ndb_init+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lndbclient -lstdc++ $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ndb_init ();
+int
+main ()
+{
+return ndb_init ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  ac_cv_lib_ndbclient_ndb_init=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_lib_ndbclient_ndb_init=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ndbclient_ndb_init" >&5
+echo "${ECHO_T}$ac_cv_lib_ndbclient_ndb_init" >&6; }
+if test $ac_cv_lib_ndbclient_ndb_init = yes; then
+  : ok
+else
+
+		{ { echo "$as_me:$LINENO: error: could not locate ndbclient library" >&5
+echo "$as_me: error: could not locate ndbclient library" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+
+	LIBS="$save_LIBS"
+	LDFLAGS="$save_LDFLAGS"
+
+	if test "$ol_enable_ndb" = yes ; then
+		SLAPD_LIBS="$SLAPD_LIBS \$(SLAPD_NDB_LIBS)"
+	fi
+fi
+
 ol_icu=no
 
 for ac_header in unicode/utypes.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -32121,41 +30749,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -32164,24 +30788,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -32189,9 +30811,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -32215,25 +30838,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -32248,8 +30870,8 @@
 if test $ac_cv_header_unicode_utypes_h = yes ; then
 		OL_ICULIBS="-licuuc -licudata"
 
-	echo "$as_me:$LINENO: checking for ICU libraries" >&5
-echo $ECHO_N "checking for ICU libraries... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for ICU libraries" >&5
+echo $ECHO_N "checking for ICU libraries... $ECHO_C" >&6; }
 if test "${ol_cv_lib_icu+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32276,41 +30898,38 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_lib_icu=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_lib_icu=no
+	ol_cv_lib_icu=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 		LIBS="$ol_LIBS"
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_lib_icu" >&5
-echo "${ECHO_T}$ol_cv_lib_icu" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_lib_icu" >&5
+echo "${ECHO_T}$ol_cv_lib_icu" >&6; }
 
 	if test $ol_cv_lib_icu != no ; then
 		ol_icu="$OL_ICULIBS"
@@ -32337,18 +30956,19 @@
 for ac_header in sasl/sasl.h sasl.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -32359,41 +30979,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -32402,24 +31018,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -32427,9 +31041,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -32453,25 +31068,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -32486,8 +31100,8 @@
 
 	if test $ac_cv_header_sasl_sasl_h = yes ||
 	   test $ac_cv_header_sasl_h = yes; then
-		echo "$as_me:$LINENO: checking for sasl_client_init in -lsasl2" >&5
-echo $ECHO_N "checking for sasl_client_init in -lsasl2... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for sasl_client_init in -lsasl2" >&5
+echo $ECHO_N "checking for sasl_client_init in -lsasl2... $ECHO_C" >&6; }
 if test "${ac_cv_lib_sasl2_sasl_client_init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32500,61 +31114,58 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char sasl_client_init ();
 int
 main ()
 {
-sasl_client_init ();
+return sasl_client_init ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_sasl2_sasl_client_init=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_sasl2_sasl_client_init=no
+	ac_cv_lib_sasl2_sasl_client_init=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_sasl2_sasl_client_init" >&5
-echo "${ECHO_T}$ac_cv_lib_sasl2_sasl_client_init" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_sasl2_sasl_client_init" >&5
+echo "${ECHO_T}$ac_cv_lib_sasl2_sasl_client_init" >&6; }
 if test $ac_cv_lib_sasl2_sasl_client_init = yes; then
   ol_link_sasl="-lsasl2"
 else
-  echo "$as_me:$LINENO: checking for sasl_client_init in -lsasl" >&5
-echo $ECHO_N "checking for sasl_client_init in -lsasl... $ECHO_C" >&6
+  { echo "$as_me:$LINENO: checking for sasl_client_init in -lsasl" >&5
+echo $ECHO_N "checking for sasl_client_init in -lsasl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_sasl_sasl_client_init+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32567,56 +31178,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char sasl_client_init ();
 int
 main ()
 {
-sasl_client_init ();
+return sasl_client_init ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_sasl_sasl_client_init=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_sasl_sasl_client_init=no
+	ac_cv_lib_sasl_sasl_client_init=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_sasl_sasl_client_init" >&5
-echo "${ECHO_T}$ac_cv_lib_sasl_sasl_client_init" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_sasl_sasl_client_init" >&5
+echo "${ECHO_T}$ac_cv_lib_sasl_sasl_client_init" >&6; }
 if test $ac_cv_lib_sasl_sasl_client_init = yes; then
   ol_link_sasl="-lsasl"
 fi
@@ -32641,8 +31249,8 @@
 			fi
 		fi
 	else
-		echo "$as_me:$LINENO: checking Cyrus SASL library version" >&5
-echo $ECHO_N "checking Cyrus SASL library version... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking Cyrus SASL library version" >&5
+echo $ECHO_N "checking Cyrus SASL library version... $ECHO_C" >&6; }
 if test "${ol_cv_sasl_compat+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32678,8 +31286,8 @@
 rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ol_cv_sasl_compat" >&5
-echo "${ECHO_T}$ol_cv_sasl_compat" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_sasl_compat" >&5
+echo "${ECHO_T}$ol_cv_sasl_compat" >&6; }
 
 		if test $ol_cv_sasl_compat = no ; then
 			ol_link_sasl=no
@@ -32700,8 +31308,8 @@
 
 		ac_save_LIBS="$LIBS"
 		LIBS="$LIBS $ol_link_sasl"
-		echo "$as_me:$LINENO: checking for sasl_version" >&5
-echo $ECHO_N "checking for sasl_version... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for sasl_version" >&5
+echo $ECHO_N "checking for sasl_version... $ECHO_C" >&6; }
 if test "${ac_cv_func_sasl_version+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32728,68 +31336,59 @@
 
 #undef sasl_version
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char sasl_version ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_sasl_version) || defined (__stub___sasl_version)
+#if defined __stub_sasl_version || defined __stub___sasl_version
 choke me
-#else
-char (*f) () = sasl_version;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != sasl_version;
+return sasl_version ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_sasl_version=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_sasl_version=no
+	ac_cv_func_sasl_version=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_sasl_version" >&5
-echo "${ECHO_T}$ac_cv_func_sasl_version" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_sasl_version" >&5
+echo "${ECHO_T}$ac_cv_func_sasl_version" >&6; }
 if test $ac_cv_func_sasl_version = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -32839,8 +31438,8 @@
 if test $ol_with_fetch != no ; then
 	ol_LIBS=$LIBS
 LIBS="-lfetch -lcom_err $LIBS"
-echo "$as_me:$LINENO: checking fetch(3) library" >&5
-echo $ECHO_N "checking fetch(3) library... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking fetch(3) library" >&5
+echo $ECHO_N "checking fetch(3) library... $ECHO_C" >&6; }
 if test "${ol_cv_lib_fetch+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32852,7 +31451,9 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
+#ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
+#endif
 #include <stdio.h>
 #include <fetch.h>
 int
@@ -32864,39 +31465,36 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_lib_fetch=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_lib_fetch=no
+	ol_cv_lib_fetch=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_lib_fetch" >&5
-echo "${ECHO_T}$ol_cv_lib_fetch" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_lib_fetch" >&5
+echo "${ECHO_T}$ol_cv_lib_fetch" >&6; }
 LIBS=$ol_LIBS
 if test $ol_cv_lib_fetch != no ; then
 	ol_link_fetch="-lfetch -lcom_err"
@@ -32923,8 +31521,8 @@
 	save_LIBS="$LIBS"
 	LIBS="$TLS_LIBS $LIBS"
 
-	echo "$as_me:$LINENO: checking for crypt" >&5
-echo $ECHO_N "checking for crypt... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for crypt" >&5
+echo $ECHO_N "checking for crypt... $ECHO_C" >&6; }
 if test "${ac_cv_func_crypt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -32951,75 +31549,66 @@
 
 #undef crypt
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char crypt ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_crypt) || defined (__stub___crypt)
+#if defined __stub_crypt || defined __stub___crypt
 choke me
-#else
-char (*f) () = crypt;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != crypt;
+return crypt ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_crypt=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_crypt=no
+	ac_cv_func_crypt=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_crypt" >&5
-echo "${ECHO_T}$ac_cv_func_crypt" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_crypt" >&5
+echo "${ECHO_T}$ac_cv_func_crypt" >&6; }
 if test $ac_cv_func_crypt = yes; then
   have_crypt=yes
 else
 
 		LIBS="$save_LIBS"
-		echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
-echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
+echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6; }
 if test "${ac_cv_lib_crypt_crypt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33032,56 +31621,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char crypt ();
 int
 main ()
 {
-crypt ();
+return crypt ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_crypt_crypt=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_crypt_crypt=no
+	ac_cv_lib_crypt_crypt=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
-echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
+echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6; }
 if test $ac_cv_lib_crypt_crypt = yes; then
   LUTIL_LIBS="$LUTIL_LIBS -lcrypt"
 			have_crypt=yes
@@ -33116,8 +31702,8 @@
 fi
 
 if test $ol_enable_proctitle != no ; then
-	echo "$as_me:$LINENO: checking for setproctitle" >&5
-echo $ECHO_N "checking for setproctitle... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for setproctitle" >&5
+echo $ECHO_N "checking for setproctitle... $ECHO_C" >&6; }
 if test "${ac_cv_func_setproctitle+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33144,74 +31730,65 @@
 
 #undef setproctitle
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char setproctitle ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_setproctitle) || defined (__stub___setproctitle)
+#if defined __stub_setproctitle || defined __stub___setproctitle
 choke me
-#else
-char (*f) () = setproctitle;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != setproctitle;
+return setproctitle ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func_setproctitle=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func_setproctitle=no
+	ac_cv_func_setproctitle=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_setproctitle" >&5
-echo "${ECHO_T}$ac_cv_func_setproctitle" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func_setproctitle" >&5
+echo "${ECHO_T}$ac_cv_func_setproctitle" >&6; }
 if test $ac_cv_func_setproctitle = yes; then
   have_setproctitle=yes
 else
 
-		echo "$as_me:$LINENO: checking for setproctitle in -lutil" >&5
-echo $ECHO_N "checking for setproctitle in -lutil... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for setproctitle in -lutil" >&5
+echo $ECHO_N "checking for setproctitle in -lutil... $ECHO_C" >&6; }
 if test "${ac_cv_lib_util_setproctitle+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33224,67 +31801,62 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char setproctitle ();
 int
 main ()
 {
-setproctitle ();
+return setproctitle ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_util_setproctitle=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_util_setproctitle=no
+	ac_cv_lib_util_setproctitle=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_util_setproctitle" >&5
-echo "${ECHO_T}$ac_cv_lib_util_setproctitle" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_util_setproctitle" >&5
+echo "${ECHO_T}$ac_cv_lib_util_setproctitle" >&6; }
 if test $ac_cv_lib_util_setproctitle = yes; then
   have_setproctitle=yes
 			LUTIL_LIBS="$LUTIL_LIBS -lutil"
 else
   have_setproctitle=no
-			case $LIBOBJS in
-    "setproctitle.$ac_objext"   | \
-  *" setproctitle.$ac_objext"   | \
-    "setproctitle.$ac_objext "* | \
+			case " $LIBOBJS " in
   *" setproctitle.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS setproctitle.$ac_objext" ;;
+  *) LIBOBJS="$LIBOBJS setproctitle.$ac_objext"
+ ;;
 esac
 
 			LIBSRCS="$LIBSRCS setproctitle.c"
@@ -33307,18 +31879,19 @@
 for ac_header in slp.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -33329,41 +31902,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -33372,24 +31941,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -33397,9 +31964,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -33423,25 +31991,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -33455,8 +32022,8 @@
 
 
 	if test $ac_cv_header_slp_h = yes ; then
-		echo "$as_me:$LINENO: checking for SLPOpen in -lslp" >&5
-echo $ECHO_N "checking for SLPOpen in -lslp... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for SLPOpen in -lslp" >&5
+echo $ECHO_N "checking for SLPOpen in -lslp... $ECHO_C" >&6; }
 if test "${ac_cv_lib_slp_SLPOpen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33469,56 +32036,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char SLPOpen ();
 int
 main ()
 {
-SLPOpen ();
+return SLPOpen ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_slp_SLPOpen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_slp_SLPOpen=no
+	ac_cv_lib_slp_SLPOpen=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_slp_SLPOpen" >&5
-echo "${ECHO_T}$ac_cv_lib_slp_SLPOpen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_slp_SLPOpen" >&5
+echo "${ECHO_T}$ac_cv_lib_slp_SLPOpen" >&6; }
 if test $ac_cv_lib_slp_SLPOpen = yes; then
   have_slp=yes
 else
@@ -33542,8 +32106,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for mode_t" >&5
-echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for mode_t" >&5
+echo $ECHO_N "checking for mode_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_mode_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33554,50 +32118,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef mode_t ac__type_new_;
 int
 main ()
 {
-if ((mode_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (mode_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_mode_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_mode_t=no
+	ac_cv_type_mode_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5
-echo "${ECHO_T}$ac_cv_type_mode_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_mode_t" >&5
+echo "${ECHO_T}$ac_cv_type_mode_t" >&6; }
 if test $ac_cv_type_mode_t = yes; then
   :
 else
@@ -33608,8 +32169,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for off_t" >&5
-echo $ECHO_N "checking for off_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for off_t" >&5
+echo $ECHO_N "checking for off_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_off_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33620,50 +32181,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef off_t ac__type_new_;
 int
 main ()
 {
-if ((off_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (off_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_off_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_off_t=no
+	ac_cv_type_off_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5
-echo "${ECHO_T}$ac_cv_type_off_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5
+echo "${ECHO_T}$ac_cv_type_off_t" >&6; }
 if test $ac_cv_type_off_t = yes; then
   :
 else
@@ -33674,8 +32232,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for pid_t" >&5
-echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for pid_t" >&5
+echo $ECHO_N "checking for pid_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_pid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33686,50 +32244,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef pid_t ac__type_new_;
 int
 main ()
 {
-if ((pid_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (pid_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_pid_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_pid_t=no
+	ac_cv_type_pid_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
-echo "${ECHO_T}$ac_cv_type_pid_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5
+echo "${ECHO_T}$ac_cv_type_pid_t" >&6; }
 if test $ac_cv_type_pid_t = yes; then
   :
 else
@@ -33740,8 +32295,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for ssize_t" >&5
+echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_ssize_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33752,50 +32307,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef ssize_t ac__type_new_;
 int
 main ()
 {
-if ((ssize_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (ssize_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_ssize_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_ssize_t=no
+	ac_cv_type_ssize_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
-echo "${ECHO_T}$ac_cv_type_ssize_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_ssize_t" >&5
+echo "${ECHO_T}$ac_cv_type_ssize_t" >&6; }
 if test $ac_cv_type_ssize_t = yes; then
   :
 else
@@ -33806,8 +32358,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for caddr_t" >&5
-echo $ECHO_N "checking for caddr_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for caddr_t" >&5
+echo $ECHO_N "checking for caddr_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_caddr_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33818,50 +32370,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef caddr_t ac__type_new_;
 int
 main ()
 {
-if ((caddr_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (caddr_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_caddr_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_caddr_t=no
+	ac_cv_type_caddr_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_caddr_t" >&5
-echo "${ECHO_T}$ac_cv_type_caddr_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_caddr_t" >&5
+echo "${ECHO_T}$ac_cv_type_caddr_t" >&6; }
 if test $ac_cv_type_caddr_t = yes; then
   :
 else
@@ -33872,8 +32421,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for size_t" >&5
+echo $ECHO_N "checking for size_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_size_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33884,50 +32433,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef size_t ac__type_new_;
 int
 main ()
 {
-if ((size_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (size_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_size_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_size_t=no
+	ac_cv_type_size_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
-echo "${ECHO_T}$ac_cv_type_size_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
+echo "${ECHO_T}$ac_cv_type_size_t" >&6; }
 if test $ac_cv_type_size_t = yes; then
   :
 else
@@ -33939,8 +32485,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
 if test "${ac_cv_type_long_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -33951,50 +32497,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef long long ac__type_new_;
 int
 main ()
 {
-if ((long long *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (long long))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_long_long=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_long_long=no
+	ac_cv_type_long_long=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
+echo "${ECHO_T}$ac_cv_type_long_long" >&6; }
 if test $ac_cv_type_long_long = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -34004,8 +32547,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for ptrdiff_t" >&5
-echo $ECHO_N "checking for ptrdiff_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for ptrdiff_t" >&5
+echo $ECHO_N "checking for ptrdiff_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_ptrdiff_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34016,50 +32559,47 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef ptrdiff_t ac__type_new_;
 int
 main ()
 {
-if ((ptrdiff_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (ptrdiff_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_ptrdiff_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_ptrdiff_t=no
+	ac_cv_type_ptrdiff_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_ptrdiff_t" >&5
-echo "${ECHO_T}$ac_cv_type_ptrdiff_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_ptrdiff_t" >&5
+echo "${ECHO_T}$ac_cv_type_ptrdiff_t" >&6; }
 if test $ac_cv_type_ptrdiff_t = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -34071,8 +32611,8 @@
 
 
 
-echo "$as_me:$LINENO: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for socklen_t" >&5
+echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_socklen_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34087,54 +32627,51 @@
 #include <sys/socket.h>
 #endif
 
+typedef socklen_t ac__type_new_;
 int
 main ()
 {
-if ((socklen_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (socklen_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_socklen_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_socklen_t=no
+	ac_cv_type_socklen_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
-echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
+echo "${ECHO_T}$ac_cv_type_socklen_t" >&6; }
 
 
-echo "$as_me:$LINENO: checking the type of arg 3 to accept()" >&5
-echo $ECHO_N "checking the type of arg 3 to accept()... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking the type of arg 3 to accept()" >&5
+echo $ECHO_N "checking the type of arg 3 to accept()... $ECHO_C" >&6; }
 if test "${ol_cv_type_ber_socklen_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34166,39 +32703,36 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_type_ber_socklen_t=$lentype guessing= ; break 2
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 	done ; done
 fi
 
-echo "$as_me:$LINENO: result: $guessing$ol_cv_type_ber_socklen_t *" >&5
-echo "${ECHO_T}$guessing$ol_cv_type_ber_socklen_t *" >&6
+{ echo "$as_me:$LINENO: result: $guessing$ol_cv_type_ber_socklen_t *" >&5
+echo "${ECHO_T}$guessing$ol_cv_type_ber_socklen_t *" >&6; }
 
 cat >>confdefs.h <<_ACEOF
 #define ber_socklen_t $ol_cv_type_ber_socklen_t
@@ -34214,8 +32748,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking return type of signal handlers" >&5
-echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking return type of signal handlers" >&5
+echo $ECHO_N "checking return type of signal handlers... $ECHO_C" >&6; }
 if test "${ac_cv_type_signal+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34227,56 +32761,44 @@
 /* end confdefs.h.  */
 #include <sys/types.h>
 #include <signal.h>
-#ifdef signal
-# undef signal
-#endif
-#ifdef __cplusplus
-extern "C" void (*signal (int, void (*)(int)))(int);
-#else
-void (*signal ()) ();
-#endif
 
 int
 main ()
 {
-int i;
+return *(signal (0, 0)) (0) == 1;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_type_signal=void
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_type_signal=int
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_signal=int
+	ac_cv_type_signal=void
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
-echo "${ECHO_T}$ac_cv_type_signal" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_signal" >&5
+echo "${ECHO_T}$ac_cv_type_signal" >&6; }
 
 cat >>confdefs.h <<_ACEOF
 #define RETSIGTYPE $ac_cv_type_signal
@@ -34284,8 +32806,8 @@
 
 
 
-echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
-echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
+echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_sig_atomic_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34299,50 +32821,47 @@
 #include <signal.h>
 
 
+typedef sig_atomic_t ac__type_new_;
 int
 main ()
 {
-if ((sig_atomic_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (sig_atomic_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_sig_atomic_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_sig_atomic_t=no
+	ac_cv_type_sig_atomic_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
-echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
+echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6; }
 if test $ac_cv_type_sig_atomic_t = yes; then
   :
 else
@@ -34354,8 +32873,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
-echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
+echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6; }
 if test "${ac_cv_type_uid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34377,8 +32896,8 @@
 rm -f conftest*
 
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
-echo "${ECHO_T}$ac_cv_type_uid_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
+echo "${ECHO_T}$ac_cv_type_uid_t" >&6; }
 if test $ac_cv_type_uid_t = no; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -34393,8 +32912,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
 if test "${ac_cv_header_time+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34418,38 +32937,34 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_header_time=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_header_time=no
+	ac_cv_header_time=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6; }
 if test $ac_cv_header_time = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -34458,8 +32973,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
-echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
+echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6; }
 if test "${ac_cv_struct_tm+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34475,44 +32990,42 @@
 int
 main ()
 {
-struct tm *tp; tp->tm_sec;
+struct tm tm;
+				     int *p = &tm.tm_sec;
+ 				     return !p;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_struct_tm=time.h
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_struct_tm=sys/time.h
+	ac_cv_struct_tm=sys/time.h
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
-echo "${ECHO_T}$ac_cv_struct_tm" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
+echo "${ECHO_T}$ac_cv_struct_tm" >&6; }
 if test $ac_cv_struct_tm = sys/time.h; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -34521,8 +33034,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for struct stat.st_blksize" >&5
-echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for struct stat.st_blksize" >&5
+echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34544,33 +33057,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_stat_st_blksize=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -34588,40 +33096,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_stat_st_blksize=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_stat_st_blksize=no
+	ac_cv_member_struct_stat_st_blksize=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_blksize" >&5
-echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_blksize" >&5
+echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6; }
 if test $ac_cv_member_struct_stat_st_blksize = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -34631,8 +33136,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for struct passwd.pw_gecos" >&5
-echo $ECHO_N "checking for struct passwd.pw_gecos... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for struct passwd.pw_gecos" >&5
+echo $ECHO_N "checking for struct passwd.pw_gecos... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_passwd_pw_gecos+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34656,33 +33161,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_passwd_pw_gecos=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -34702,40 +33202,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_passwd_pw_gecos=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_passwd_pw_gecos=no
+	ac_cv_member_struct_passwd_pw_gecos=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_gecos" >&5
-echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_gecos" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_gecos" >&5
+echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_gecos" >&6; }
 if test $ac_cv_member_struct_passwd_pw_gecos = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -34745,8 +33242,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for struct passwd.pw_passwd" >&5
-echo $ECHO_N "checking for struct passwd.pw_passwd... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for struct passwd.pw_passwd" >&5
+echo $ECHO_N "checking for struct passwd.pw_passwd... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_passwd_pw_passwd+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34770,33 +33267,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_passwd_pw_passwd=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -34816,40 +33308,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_passwd_pw_passwd=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_passwd_pw_passwd=no
+	ac_cv_member_struct_passwd_pw_passwd=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_passwd" >&5
-echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_passwd" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_passwd" >&5
+echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_passwd" >&6; }
 if test $ac_cv_member_struct_passwd_pw_passwd = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -34860,8 +33349,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking if toupper() requires islower()" >&5
-echo $ECHO_N "checking if toupper() requires islower()... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if toupper() requires islower()" >&5
+echo $ECHO_N "checking if toupper() requires islower()... $ECHO_C" >&6; }
 if test "${ol_cv_c_upper_lower+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34886,13 +33375,22 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -34905,11 +33403,13 @@
 ( exit $ac_status )
 ol_cv_c_upper_lower=yes
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-echo "$as_me:$LINENO: result: $ol_cv_c_upper_lower" >&5
-echo "${ECHO_T}$ol_cv_c_upper_lower" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_c_upper_lower" >&5
+echo "${ECHO_T}$ol_cv_c_upper_lower" >&6; }
 if test $ol_cv_c_upper_lower != no ; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -34918,8 +33418,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
+echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; }
 if test "${ac_cv_c_const+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -34937,10 +33437,10 @@
 #ifndef __cplusplus
   /* Ultrix mips cc rejects this.  */
   typedef int charset[2];
-  const charset x;
+  const charset cs;
   /* SunOS 4.1.1 cc rejects this.  */
-  char const *const *ccp;
-  char **p;
+  char const *const *pcpcc;
+  char **ppc;
   /* NEC SVR4.0.2 mips cc rejects this.  */
   struct point {int x, y;};
   static struct point const zero = {0,0};
@@ -34949,16 +33449,17 @@
      an arm of an if-expression whose if-part is not a constant
      expression */
   const char *g = "string";
-  ccp = &g + (g ? g-g : 0);
+  pcpcc = &g + (g ? g-g : 0);
   /* HPUX 7.0 cc rejects these. */
-  ++ccp;
-  p = (char**) ccp;
-  ccp = (char const *const *) p;
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
   { /* SCO 3.2v4 cc rejects this.  */
     char *t;
     char const *s = 0 ? (char *) 0 : (char const *) 0;
 
     *t++ = 0;
+    if (s) return 0;
   }
   { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
     int x[] = {25, 17};
@@ -34977,7 +33478,9 @@
   }
   { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
     const int foo = 10;
+    if (!foo) return 0;
   }
+  return !cs[0] && !zero.x;
 #endif
 
   ;
@@ -34985,38 +33488,34 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_c_const=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_c_const=no
+	ac_cv_c_const=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
+echo "${ECHO_T}$ac_cv_c_const" >&6; }
 if test $ac_cv_c_const = no; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -35025,8 +33524,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking if compiler understands volatile" >&5
-echo $ECHO_N "checking if compiler understands volatile... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking if compiler understands volatile" >&5
+echo $ECHO_N "checking if compiler understands volatile... $ECHO_C" >&6; }
 if test "${ol_cv_c_volatile+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -35048,38 +33547,34 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ol_cv_c_volatile=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_c_volatile=no
+	ol_cv_c_volatile=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_c_volatile" >&5
-echo "${ECHO_T}$ol_cv_c_volatile" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_c_volatile" >&5
+echo "${ECHO_T}$ol_cv_c_volatile" >&6; }
   if test $ol_cv_c_volatile = yes; then
     :
   else
@@ -35100,8 +33595,8 @@
 _ACEOF
 
 else
-	echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
+echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; }
 if test "${ac_cv_c_bigendian+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -35118,7 +33613,8 @@
 int
 main ()
 {
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
+#if  ! (defined BYTE_ORDER && defined BIG_ENDIAN && defined LITTLE_ENDIAN \
+	&& BYTE_ORDER && BIG_ENDIAN && LITTLE_ENDIAN)
  bogus endian macros
 #endif
 
@@ -35127,27 +33623,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -35170,40 +33661,36 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_c_bigendian=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_c_bigendian=no
+	ac_cv_c_bigendian=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-# It does not; compile a test program.
+	# It does not; compile a test program.
 if test "$cross_compiling" = yes; then
   # try to guess the endianness by grepping values into an object file
   ac_cv_c_bigendian=unknown
@@ -35213,11 +33700,11 @@
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
-short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
 void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
-short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
-short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
 void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
 int
 main ()
@@ -35228,27 +33715,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
   ac_cv_c_bigendian=yes
 fi
@@ -35264,8 +33746,10 @@
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
+
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -35273,27 +33757,41 @@
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
+$ac_includes_default
 int
 main ()
 {
+
   /* Are we little or big endian?  From Harbison&Steele.  */
   union
   {
-    long l;
-    char c[sizeof (long)];
+    long int l;
+    char c[sizeof (long int)];
   } u;
   u.l = 1;
-  exit (u.c[sizeof (long) - 1] == 1);
+  return u.c[sizeof (long int) - 1] == 1;
+
+  ;
+  return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -35306,13 +33804,16 @@
 ( exit $ac_status )
 ac_cv_c_bigendian=yes
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
-echo "${ECHO_T}$ac_cv_c_bigendian" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
+echo "${ECHO_T}$ac_cv_c_bigendian" >&6; }
 case $ac_cv_c_bigendian in
   yes)
 
@@ -35332,8 +33833,8 @@
 
 fi
 
-echo "$as_me:$LINENO: checking for short" >&5
-echo $ECHO_N "checking for short... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for short" >&5
+echo $ECHO_N "checking for short... $ECHO_C" >&6; }
 if test "${ac_cv_type_short+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -35344,61 +33845,57 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef short ac__type_new_;
 int
 main ()
 {
-if ((short *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (short))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_short=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_short=no
+	ac_cv_type_short=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_short" >&5
-echo "${ECHO_T}$ac_cv_type_short" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_short" >&5
+echo "${ECHO_T}$ac_cv_type_short" >&6; }
 
-echo "$as_me:$LINENO: checking size of short" >&5
-echo $ECHO_N "checking size of short... $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ echo "$as_me:$LINENO: checking size of short" >&5
+echo $ECHO_N "checking size of short... $ECHO_C" >&6; }
 if test "${ac_cv_sizeof_short+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if test "$ac_cv_type_short" = yes; then
-  # The cast to unsigned long works around a bug in the HP C Compiler
-  # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-  # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-  # This bug is HP SR number 8606223364.
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
@@ -35408,10 +33905,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef short ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (short))) >= 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
 test_array [0] = 0
 
   ;
@@ -35419,27 +33917,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -35449,10 +33942,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef short ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (short))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -35460,56 +33954,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr $ac_mid + 1`
-		    if test $ac_lo -le $ac_mid; then
-		      ac_lo= ac_hi=
-		      break
-		    fi
-		    ac_mid=`expr 2 '*' $ac_mid + 1`
+	ac_lo=`expr $ac_mid + 1`
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef short ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (short))) < 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
 test_array [0] = 0
 
   ;
@@ -35517,27 +34008,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -35547,10 +34033,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef short ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (short))) >= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -35558,50 +34045,48 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_hi=`expr '(' $ac_mid ')' - 1`
-		       if test $ac_mid -le $ac_hi; then
-			 ac_lo= ac_hi=
-			 break
-		       fi
-		       ac_mid=`expr 2 '*' $ac_mid`
+	ac_hi=`expr '(' $ac_mid ')' - 1`
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo= ac_hi=
+	ac_lo= ac_hi=
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 # Binary search between lo and hi bounds.
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
@@ -35612,10 +34097,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef short ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (short))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -35623,52 +34109,45 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr '(' $ac_mid ')' + 1`
+	ac_lo=`expr '(' $ac_mid ')' + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 done
 case $ac_lo in
 ?*) ac_cv_sizeof_short=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (short), 77
+'') if test "$ac_cv_type_short" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (short)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (short), 77
+echo "$as_me: error: cannot compute sizeof (short)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; } ;;
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_short=0
+   fi ;;
 esac
 else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -35676,8 +34155,9 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
-long longval () { return (long) (sizeof (short)); }
-unsigned long ulongval () { return (long) (sizeof (short)); }
+   typedef short ac__type_sizeof_;
+static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
+static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
 #include <stdio.h>
 #include <stdlib.h>
 int
@@ -35686,35 +34166,44 @@
 
   FILE *f = fopen ("conftest.val", "w");
   if (! f)
-    exit (1);
-  if (((long) (sizeof (short))) < 0)
+    return 1;
+  if (((long int) (sizeof (ac__type_sizeof_))) < 0)
     {
-      long i = longval ();
-      if (i != ((long) (sizeof (short))))
-	exit (1);
+      long int i = longval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%ld\n", i);
     }
   else
     {
-      unsigned long i = ulongval ();
-      if (i != ((long) (sizeof (short))))
-	exit (1);
+      unsigned long int i = ulongval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%lu\n", i);
     }
-  exit (ferror (f) || fclose (f) != 0);
+  return ferror (f) || fclose (f) != 0;
 
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -35725,29 +34214,32 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (short), 77
+if test "$ac_cv_type_short" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (short)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (short), 77
+echo "$as_me: error: cannot compute sizeof (short)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_short=0
+   fi
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
-fi
 rm -f conftest.val
-else
-  ac_cv_sizeof_short=0
 fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_short" >&5
-echo "${ECHO_T}$ac_cv_sizeof_short" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_short" >&5
+echo "${ECHO_T}$ac_cv_sizeof_short" >&6; }
+
+
+
 cat >>confdefs.h <<_ACEOF
 #define SIZEOF_SHORT $ac_cv_sizeof_short
 _ACEOF
 
 
-echo "$as_me:$LINENO: checking for int" >&5
-echo $ECHO_N "checking for int... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for int" >&5
+echo $ECHO_N "checking for int... $ECHO_C" >&6; }
 if test "${ac_cv_type_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -35758,61 +34250,57 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef int ac__type_new_;
 int
 main ()
 {
-if ((int *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (int))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_int=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_int=no
+	ac_cv_type_int=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int" >&5
-echo "${ECHO_T}$ac_cv_type_int" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_int" >&5
+echo "${ECHO_T}$ac_cv_type_int" >&6; }
 
-echo "$as_me:$LINENO: checking size of int" >&5
-echo $ECHO_N "checking size of int... $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ echo "$as_me:$LINENO: checking size of int" >&5
+echo $ECHO_N "checking size of int... $ECHO_C" >&6; }
 if test "${ac_cv_sizeof_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if test "$ac_cv_type_int" = yes; then
-  # The cast to unsigned long works around a bug in the HP C Compiler
-  # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-  # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-  # This bug is HP SR number 8606223364.
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
@@ -35822,10 +34310,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef int ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (int))) >= 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
 test_array [0] = 0
 
   ;
@@ -35833,27 +34322,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -35863,10 +34347,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef int ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (int))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -35874,56 +34359,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr $ac_mid + 1`
-		    if test $ac_lo -le $ac_mid; then
-		      ac_lo= ac_hi=
-		      break
-		    fi
-		    ac_mid=`expr 2 '*' $ac_mid + 1`
+	ac_lo=`expr $ac_mid + 1`
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef int ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (int))) < 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
 test_array [0] = 0
 
   ;
@@ -35931,27 +34413,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -35961,10 +34438,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef int ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (int))) >= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -35972,50 +34450,48 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_hi=`expr '(' $ac_mid ')' - 1`
-		       if test $ac_mid -le $ac_hi; then
-			 ac_lo= ac_hi=
-			 break
-		       fi
-		       ac_mid=`expr 2 '*' $ac_mid`
+	ac_hi=`expr '(' $ac_mid ')' - 1`
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo= ac_hi=
+	ac_lo= ac_hi=
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 # Binary search between lo and hi bounds.
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
@@ -36026,10 +34502,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef int ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (int))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36037,52 +34514,45 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr '(' $ac_mid ')' + 1`
+	ac_lo=`expr '(' $ac_mid ')' + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 done
 case $ac_lo in
 ?*) ac_cv_sizeof_int=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (int), 77
+'') if test "$ac_cv_type_int" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (int)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (int), 77
+echo "$as_me: error: cannot compute sizeof (int)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; } ;;
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_int=0
+   fi ;;
 esac
 else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -36090,8 +34560,9 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
-long longval () { return (long) (sizeof (int)); }
-unsigned long ulongval () { return (long) (sizeof (int)); }
+   typedef int ac__type_sizeof_;
+static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
+static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
 #include <stdio.h>
 #include <stdlib.h>
 int
@@ -36100,35 +34571,44 @@
 
   FILE *f = fopen ("conftest.val", "w");
   if (! f)
-    exit (1);
-  if (((long) (sizeof (int))) < 0)
+    return 1;
+  if (((long int) (sizeof (ac__type_sizeof_))) < 0)
     {
-      long i = longval ();
-      if (i != ((long) (sizeof (int))))
-	exit (1);
+      long int i = longval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%ld\n", i);
     }
   else
     {
-      unsigned long i = ulongval ();
-      if (i != ((long) (sizeof (int))))
-	exit (1);
+      unsigned long int i = ulongval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%lu\n", i);
     }
-  exit (ferror (f) || fclose (f) != 0);
+  return ferror (f) || fclose (f) != 0;
 
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -36139,29 +34619,32 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (int), 77
+if test "$ac_cv_type_int" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (int)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (int), 77
+echo "$as_me: error: cannot compute sizeof (int)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_int=0
+   fi
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
-fi
 rm -f conftest.val
-else
-  ac_cv_sizeof_int=0
 fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_int" >&5
-echo "${ECHO_T}$ac_cv_sizeof_int" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_int" >&5
+echo "${ECHO_T}$ac_cv_sizeof_int" >&6; }
+
+
+
 cat >>confdefs.h <<_ACEOF
 #define SIZEOF_INT $ac_cv_sizeof_int
 _ACEOF
 
 
-echo "$as_me:$LINENO: checking for long" >&5
-echo $ECHO_N "checking for long... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for long" >&5
+echo $ECHO_N "checking for long... $ECHO_C" >&6; }
 if test "${ac_cv_type_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -36172,61 +34655,57 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef long ac__type_new_;
 int
 main ()
 {
-if ((long *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (long))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_long=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_long=no
+	ac_cv_type_long=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long" >&5
-echo "${ECHO_T}$ac_cv_type_long" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_long" >&5
+echo "${ECHO_T}$ac_cv_type_long" >&6; }
 
-echo "$as_me:$LINENO: checking size of long" >&5
-echo $ECHO_N "checking size of long... $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ echo "$as_me:$LINENO: checking size of long" >&5
+echo $ECHO_N "checking size of long... $ECHO_C" >&6; }
 if test "${ac_cv_sizeof_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if test "$ac_cv_type_long" = yes; then
-  # The cast to unsigned long works around a bug in the HP C Compiler
-  # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-  # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-  # This bug is HP SR number 8606223364.
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
@@ -36236,10 +34715,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long))) >= 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
 test_array [0] = 0
 
   ;
@@ -36247,27 +34727,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -36277,10 +34752,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36288,56 +34764,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr $ac_mid + 1`
-		    if test $ac_lo -le $ac_mid; then
-		      ac_lo= ac_hi=
-		      break
-		    fi
-		    ac_mid=`expr 2 '*' $ac_mid + 1`
+	ac_lo=`expr $ac_mid + 1`
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long))) < 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
 test_array [0] = 0
 
   ;
@@ -36345,27 +34818,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -36375,10 +34843,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long))) >= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36386,50 +34855,48 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_hi=`expr '(' $ac_mid ')' - 1`
-		       if test $ac_mid -le $ac_hi; then
-			 ac_lo= ac_hi=
-			 break
-		       fi
-		       ac_mid=`expr 2 '*' $ac_mid`
+	ac_hi=`expr '(' $ac_mid ')' - 1`
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo= ac_hi=
+	ac_lo= ac_hi=
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 # Binary search between lo and hi bounds.
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
@@ -36440,10 +34907,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36451,52 +34919,45 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr '(' $ac_mid ')' + 1`
+	ac_lo=`expr '(' $ac_mid ')' + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 done
 case $ac_lo in
 ?*) ac_cv_sizeof_long=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (long), 77
+'') if test "$ac_cv_type_long" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (long)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long), 77
+echo "$as_me: error: cannot compute sizeof (long)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; } ;;
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_long=0
+   fi ;;
 esac
 else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -36504,8 +34965,9 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
-long longval () { return (long) (sizeof (long)); }
-unsigned long ulongval () { return (long) (sizeof (long)); }
+   typedef long ac__type_sizeof_;
+static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
+static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
 #include <stdio.h>
 #include <stdlib.h>
 int
@@ -36514,35 +34976,44 @@
 
   FILE *f = fopen ("conftest.val", "w");
   if (! f)
-    exit (1);
-  if (((long) (sizeof (long))) < 0)
+    return 1;
+  if (((long int) (sizeof (ac__type_sizeof_))) < 0)
     {
-      long i = longval ();
-      if (i != ((long) (sizeof (long))))
-	exit (1);
+      long int i = longval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%ld\n", i);
     }
   else
     {
-      unsigned long i = ulongval ();
-      if (i != ((long) (sizeof (long))))
-	exit (1);
+      unsigned long int i = ulongval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%lu\n", i);
     }
-  exit (ferror (f) || fclose (f) != 0);
+  return ferror (f) || fclose (f) != 0;
 
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -36553,29 +35024,32 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (long), 77
+if test "$ac_cv_type_long" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (long)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long), 77
+echo "$as_me: error: cannot compute sizeof (long)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_long=0
+   fi
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
-fi
 rm -f conftest.val
-else
-  ac_cv_sizeof_long=0
 fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_long" >&5
-echo "${ECHO_T}$ac_cv_sizeof_long" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_long" >&5
+echo "${ECHO_T}$ac_cv_sizeof_long" >&6; }
+
+
+
 cat >>confdefs.h <<_ACEOF
 #define SIZEOF_LONG $ac_cv_sizeof_long
 _ACEOF
 
 
-echo "$as_me:$LINENO: checking for long long" >&5
-echo $ECHO_N "checking for long long... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for long long" >&5
+echo $ECHO_N "checking for long long... $ECHO_C" >&6; }
 if test "${ac_cv_type_long_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -36586,61 +35060,57 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef long long ac__type_new_;
 int
 main ()
 {
-if ((long long *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (long long))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_long_long=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_long_long=no
+	ac_cv_type_long_long=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_long_long" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
+echo "${ECHO_T}$ac_cv_type_long_long" >&6; }
 
-echo "$as_me:$LINENO: checking size of long long" >&5
-echo $ECHO_N "checking size of long long... $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ echo "$as_me:$LINENO: checking size of long long" >&5
+echo $ECHO_N "checking size of long long... $ECHO_C" >&6; }
 if test "${ac_cv_sizeof_long_long+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if test "$ac_cv_type_long_long" = yes; then
-  # The cast to unsigned long works around a bug in the HP C Compiler
-  # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-  # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-  # This bug is HP SR number 8606223364.
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
@@ -36650,10 +35120,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long long))) >= 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
 test_array [0] = 0
 
   ;
@@ -36661,27 +35132,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -36691,10 +35157,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long long))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36702,56 +35169,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr $ac_mid + 1`
-		    if test $ac_lo -le $ac_mid; then
-		      ac_lo= ac_hi=
-		      break
-		    fi
-		    ac_mid=`expr 2 '*' $ac_mid + 1`
+	ac_lo=`expr $ac_mid + 1`
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long long))) < 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
 test_array [0] = 0
 
   ;
@@ -36759,27 +35223,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -36789,10 +35248,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long long))) >= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36800,50 +35260,48 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_hi=`expr '(' $ac_mid ')' - 1`
-		       if test $ac_mid -le $ac_hi; then
-			 ac_lo= ac_hi=
-			 break
-		       fi
-		       ac_mid=`expr 2 '*' $ac_mid`
+	ac_hi=`expr '(' $ac_mid ')' - 1`
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo= ac_hi=
+	ac_lo= ac_hi=
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 # Binary search between lo and hi bounds.
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
@@ -36854,10 +35312,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef long long ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (long long))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -36865,52 +35324,45 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr '(' $ac_mid ')' + 1`
+	ac_lo=`expr '(' $ac_mid ')' + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 done
 case $ac_lo in
 ?*) ac_cv_sizeof_long_long=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long), 77
+'') if test "$ac_cv_type_long_long" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long long), 77
+echo "$as_me: error: cannot compute sizeof (long long)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; } ;;
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_long_long=0
+   fi ;;
 esac
 else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -36918,8 +35370,9 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
-long longval () { return (long) (sizeof (long long)); }
-unsigned long ulongval () { return (long) (sizeof (long long)); }
+   typedef long long ac__type_sizeof_;
+static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
+static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
 #include <stdio.h>
 #include <stdlib.h>
 int
@@ -36928,35 +35381,44 @@
 
   FILE *f = fopen ("conftest.val", "w");
   if (! f)
-    exit (1);
-  if (((long) (sizeof (long long))) < 0)
+    return 1;
+  if (((long int) (sizeof (ac__type_sizeof_))) < 0)
     {
-      long i = longval ();
-      if (i != ((long) (sizeof (long long))))
-	exit (1);
+      long int i = longval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%ld\n", i);
     }
   else
     {
-      unsigned long i = ulongval ();
-      if (i != ((long) (sizeof (long long))))
-	exit (1);
+      unsigned long int i = ulongval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%lu\n", i);
     }
-  exit (ferror (f) || fclose (f) != 0);
+  return ferror (f) || fclose (f) != 0;
 
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -36967,29 +35429,32 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (long long), 77
+if test "$ac_cv_type_long_long" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long long), 77
+echo "$as_me: error: cannot compute sizeof (long long)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_long_long=0
+   fi
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
-fi
 rm -f conftest.val
-else
-  ac_cv_sizeof_long_long=0
 fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_long" >&5
-echo "${ECHO_T}$ac_cv_sizeof_long_long" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_long" >&5
+echo "${ECHO_T}$ac_cv_sizeof_long_long" >&6; }
+
+
+
 cat >>confdefs.h <<_ACEOF
 #define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long
 _ACEOF
 
 
-echo "$as_me:$LINENO: checking for wchar_t" >&5
-echo $ECHO_N "checking for wchar_t... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for wchar_t" >&5
+echo $ECHO_N "checking for wchar_t... $ECHO_C" >&6; }
 if test "${ac_cv_type_wchar_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -37000,61 +35465,57 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+typedef wchar_t ac__type_new_;
 int
 main ()
 {
-if ((wchar_t *) 0)
+if ((ac__type_new_ *) 0)
   return 0;
-if (sizeof (wchar_t))
+if (sizeof (ac__type_new_))
   return 0;
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_type_wchar_t=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_type_wchar_t=no
+	ac_cv_type_wchar_t=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_type_wchar_t" >&5
-echo "${ECHO_T}$ac_cv_type_wchar_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_type_wchar_t" >&5
+echo "${ECHO_T}$ac_cv_type_wchar_t" >&6; }
 
-echo "$as_me:$LINENO: checking size of wchar_t" >&5
-echo $ECHO_N "checking size of wchar_t... $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ echo "$as_me:$LINENO: checking size of wchar_t" >&5
+echo $ECHO_N "checking size of wchar_t... $ECHO_C" >&6; }
 if test "${ac_cv_sizeof_wchar_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
-  if test "$ac_cv_type_wchar_t" = yes; then
-  # The cast to unsigned long works around a bug in the HP C Compiler
-  # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-  # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-  # This bug is HP SR number 8606223364.
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
@@ -37064,10 +35525,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef wchar_t ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) >= 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
 test_array [0] = 0
 
   ;
@@ -37075,27 +35537,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -37105,10 +35562,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef wchar_t ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -37116,56 +35574,53 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr $ac_mid + 1`
-		    if test $ac_lo -le $ac_mid; then
-		      ac_lo= ac_hi=
-		      break
-		    fi
-		    ac_mid=`expr 2 '*' $ac_mid + 1`
+	ac_lo=`expr $ac_mid + 1`
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef wchar_t ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) < 0)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
 test_array [0] = 0
 
   ;
@@ -37173,27 +35628,22 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
@@ -37203,10 +35653,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef wchar_t ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) >= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -37214,50 +35665,48 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_lo=$ac_mid; break
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_hi=`expr '(' $ac_mid ')' - 1`
-		       if test $ac_mid -le $ac_hi; then
-			 ac_lo= ac_hi=
-			 break
-		       fi
-		       ac_mid=`expr 2 '*' $ac_mid`
+	ac_hi=`expr '(' $ac_mid ')' - 1`
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			ac_mid=`expr 2 '*' $ac_mid`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
   done
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo= ac_hi=
+	ac_lo= ac_hi=
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 # Binary search between lo and hi bounds.
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
@@ -37268,10 +35717,11 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
+   typedef wchar_t ac__type_sizeof_;
 int
 main ()
 {
-static int test_array [1 - 2 * !(((long) (sizeof (wchar_t))) <= $ac_mid)];
+static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
 test_array [0] = 0
 
   ;
@@ -37279,52 +35729,45 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_hi=$ac_mid
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_lo=`expr '(' $ac_mid ')' + 1`
+	ac_lo=`expr '(' $ac_mid ')' + 1`
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 done
 case $ac_lo in
 ?*) ac_cv_sizeof_wchar_t=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (wchar_t), 77
+'') if test "$ac_cv_type_wchar_t" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (wchar_t)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (wchar_t), 77
+echo "$as_me: error: cannot compute sizeof (wchar_t)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; } ;;
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_wchar_t=0
+   fi ;;
 esac
 else
-  if test "$cross_compiling" = yes; then
-  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
-else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37332,8 +35775,9 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 $ac_includes_default
-long longval () { return (long) (sizeof (wchar_t)); }
-unsigned long ulongval () { return (long) (sizeof (wchar_t)); }
+   typedef wchar_t ac__type_sizeof_;
+static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
+static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
 #include <stdio.h>
 #include <stdlib.h>
 int
@@ -37342,35 +35786,44 @@
 
   FILE *f = fopen ("conftest.val", "w");
   if (! f)
-    exit (1);
-  if (((long) (sizeof (wchar_t))) < 0)
+    return 1;
+  if (((long int) (sizeof (ac__type_sizeof_))) < 0)
     {
-      long i = longval ();
-      if (i != ((long) (sizeof (wchar_t))))
-	exit (1);
+      long int i = longval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%ld\n", i);
     }
   else
     {
-      unsigned long i = ulongval ();
-      if (i != ((long) (sizeof (wchar_t))))
-	exit (1);
+      unsigned long int i = ulongval ();
+      if (i != ((long int) (sizeof (ac__type_sizeof_))))
+	return 1;
       fprintf (f, "%lu\n", i);
     }
-  exit (ferror (f) || fclose (f) != 0);
+  return ferror (f) || fclose (f) != 0;
 
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -37381,22 +35834,25 @@
 sed 's/^/| /' conftest.$ac_ext >&5
 
 ( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (wchar_t), 77
+if test "$ac_cv_type_wchar_t" = yes; then
+     { { echo "$as_me:$LINENO: error: cannot compute sizeof (wchar_t)
 See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (wchar_t), 77
+echo "$as_me: error: cannot compute sizeof (wchar_t)
 See \`config.log' for more details." >&2;}
-   { (exit 1); exit 1; }; }
+   { (exit 77); exit 77; }; }
+   else
+     ac_cv_sizeof_wchar_t=0
+   fi
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
-fi
 rm -f conftest.val
-else
-  ac_cv_sizeof_wchar_t=0
 fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_wchar_t" >&5
-echo "${ECHO_T}$ac_cv_sizeof_wchar_t" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_wchar_t" >&5
+echo "${ECHO_T}$ac_cv_sizeof_wchar_t" >&6; }
+
+
+
 cat >>confdefs.h <<_ACEOF
 #define SIZEOF_WCHAR_T $ac_cv_sizeof_wchar_t
 _ACEOF
@@ -37469,18 +35925,19 @@
 for ac_header in openssl/bn.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37491,41 +35948,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37534,24 +35987,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -37559,9 +36010,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -37585,25 +36037,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -37619,18 +36070,19 @@
 for ac_header in openssl/crypto.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37641,41 +36093,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37684,24 +36132,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -37709,9 +36155,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -37735,25 +36182,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -37785,18 +36231,19 @@
 for ac_header in gmp.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37807,41 +36254,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -37850,24 +36293,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -37875,9 +36316,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -37901,25 +36343,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -37932,8 +36373,8 @@
 done
 
 
-echo "$as_me:$LINENO: checking for __gmpz_add_ui in -lgmp" >&5
-echo $ECHO_N "checking for __gmpz_add_ui in -lgmp... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for __gmpz_add_ui in -lgmp" >&5
+echo $ECHO_N "checking for __gmpz_add_ui in -lgmp... $ECHO_C" >&6; }
 if test "${ac_cv_lib_gmp___gmpz_add_ui+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -37946,56 +36387,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char __gmpz_add_ui ();
 int
 main ()
 {
-__gmpz_add_ui ();
+return __gmpz_add_ui ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_gmp___gmpz_add_ui=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_gmp___gmpz_add_ui=no
+	ac_cv_lib_gmp___gmpz_add_ui=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_gmp___gmpz_add_ui" >&5
-echo "${ECHO_T}$ac_cv_lib_gmp___gmpz_add_ui" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_gmp___gmpz_add_ui" >&5
+echo "${ECHO_T}$ac_cv_lib_gmp___gmpz_add_ui" >&6; }
 if test $ac_cv_lib_gmp___gmpz_add_ui = yes; then
   cat >>confdefs.h <<_ACEOF
 #define HAVE_LIBGMP 1
@@ -38022,8 +36460,8 @@
 	ol_with_mp=no
 fi
 
-echo "$as_me:$LINENO: checking for working memcmp" >&5
-echo $ECHO_N "checking for working memcmp... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for working memcmp" >&5
+echo $ECHO_N "checking for working memcmp... $ECHO_C" >&6; }
 if test "${ac_cv_func_memcmp_working+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -38042,9 +36480,9 @@
 {
 
   /* Some versions of memcmp are not 8-bit clean.  */
-  char c0 = 0x40, c1 = 0x80, c2 = 0x81;
+  char c0 = '\100', c1 = '\200', c2 = '\201';
   if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0)
-    exit (1);
+    return 1;
 
   /* The Next x86 OpenStep bug shows up only when comparing 16 bytes
      or more and with at least one buffer not starting on a 4-byte boundary.
@@ -38060,9 +36498,9 @@
 	strcpy (a, "--------01111111");
 	strcpy (b, "--------10000000");
 	if (memcmp (a, b, 16) >= 0)
-	  exit (1);
+	  return 1;
       }
-    exit (0);
+    return 0;
   }
 
   ;
@@ -38070,13 +36508,22 @@
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
@@ -38089,17 +36536,17 @@
 ( exit $ac_status )
 ac_cv_func_memcmp_working=no
 fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+
+
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func_memcmp_working" >&5
-echo "${ECHO_T}$ac_cv_func_memcmp_working" >&6
-test $ac_cv_func_memcmp_working = no && case $LIBOBJS in
-    "memcmp.$ac_objext"   | \
-  *" memcmp.$ac_objext"   | \
-    "memcmp.$ac_objext "* | \
+{ echo "$as_me:$LINENO: result: $ac_cv_func_memcmp_working" >&5
+echo "${ECHO_T}$ac_cv_func_memcmp_working" >&6; }
+test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in
   *" memcmp.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" ;;
+  *) LIBOBJS="$LIBOBJS memcmp.$ac_objext"
+ ;;
 esac
 
 
@@ -38116,9 +36563,9 @@
 for ac_func in strftime
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -38144,68 +36591,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -38213,8 +36652,8 @@
 
 else
   # strftime is in -lintl on SCO UNIX.
-echo "$as_me:$LINENO: checking for strftime in -lintl" >&5
-echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for strftime in -lintl" >&5
+echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_intl_strftime+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -38227,56 +36666,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char strftime ();
 int
 main ()
 {
-strftime ();
+return strftime ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_intl_strftime=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_intl_strftime=no
+	ac_cv_lib_intl_strftime=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5
-echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5
+echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6; }
 if test $ac_cv_lib_intl_strftime = yes; then
   cat >>confdefs.h <<\_ACEOF
 #define HAVE_STRFTIME 1
@@ -38289,8 +36725,8 @@
 done
 
 
-echo "$as_me:$LINENO: checking for inet_aton()" >&5
-echo $ECHO_N "checking for inet_aton()... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for inet_aton()" >&5
+echo $ECHO_N "checking for inet_aton()... $ECHO_C" >&6; }
 if test "${ol_cv_func_inet_aton+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -38325,39 +36761,36 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ol_cv_func_inet_aton=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ol_cv_func_inet_aton=no
+	ol_cv_func_inet_aton=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ol_cv_func_inet_aton" >&5
-echo "${ECHO_T}$ol_cv_func_inet_aton" >&6
+{ echo "$as_me:$LINENO: result: $ol_cv_func_inet_aton" >&5
+echo "${ECHO_T}$ol_cv_func_inet_aton" >&6; }
   if test $ol_cv_func_inet_aton != no; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -38367,8 +36800,8 @@
   fi
 
 
-echo "$as_me:$LINENO: checking for _spawnlp" >&5
-echo $ECHO_N "checking for _spawnlp... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for _spawnlp" >&5
+echo $ECHO_N "checking for _spawnlp... $ECHO_C" >&6; }
 if test "${ac_cv_func__spawnlp+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -38395,68 +36828,59 @@
 
 #undef _spawnlp
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char _spawnlp ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub__spawnlp) || defined (__stub____spawnlp)
+#if defined __stub__spawnlp || defined __stub____spawnlp
 choke me
-#else
-char (*f) () = _spawnlp;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != _spawnlp;
+return _spawnlp ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func__spawnlp=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func__spawnlp=no
+	ac_cv_func__spawnlp=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func__spawnlp" >&5
-echo "${ECHO_T}$ac_cv_func__spawnlp" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func__spawnlp" >&5
+echo "${ECHO_T}$ac_cv_func__spawnlp" >&6; }
 if test $ac_cv_func__spawnlp = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -38466,8 +36890,8 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for _snprintf" >&5
-echo $ECHO_N "checking for _snprintf... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for _snprintf" >&5
+echo $ECHO_N "checking for _snprintf... $ECHO_C" >&6; }
 if test "${ac_cv_func__snprintf+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -38494,68 +36918,59 @@
 
 #undef _snprintf
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char _snprintf ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub__snprintf) || defined (__stub____snprintf)
+#if defined __stub__snprintf || defined __stub____snprintf
 choke me
-#else
-char (*f) () = _snprintf;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != _snprintf;
+return _snprintf ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func__snprintf=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func__snprintf=no
+	ac_cv_func__snprintf=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func__snprintf" >&5
-echo "${ECHO_T}$ac_cv_func__snprintf" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func__snprintf" >&5
+echo "${ECHO_T}$ac_cv_func__snprintf" >&6; }
 if test $ac_cv_func__snprintf = yes; then
   ac_cv_func_snprintf=yes
 
@@ -38567,9 +36982,14 @@
 fi
 
 
-echo "$as_me:$LINENO: checking for _vsnprintf" >&5
-echo $ECHO_N "checking for _vsnprintf... $ECHO_C" >&6
-if test "${ac_cv_func__vsnprintf+set}" = set; then
+
+
+for ac_func in vsnprintf _vsnprintf
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -38578,12 +36998,12 @@
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-/* Define _vsnprintf to an innocuous variant, in case <limits.h> declares _vsnprintf.
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
    For example, HP-UX 11i <limits.h> declares gettimeofday.  */
-#define _vsnprintf innocuous__vsnprintf
+#define $ac_func innocuous_$ac_func
 
 /* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char _vsnprintf (); below.
+    which can conflict with char $ac_func (); below.
     Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
     <limits.h> exists even on freestanding compilers.  */
 
@@ -38593,88 +37013,87 @@
 # include <assert.h>
 #endif
 
-#undef _vsnprintf
+#undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char _vsnprintf ();
+char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub__vsnprintf) || defined (__stub____vsnprintf)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = _vsnprintf;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != _vsnprintf;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_func__vsnprintf=yes
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
+  eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func__vsnprintf=no
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func__vsnprintf" >&5
-echo "${ECHO_T}$ac_cv_func__vsnprintf" >&6
-if test $ac_cv_func__vsnprintf = yes; then
-  ac_cv_func_vsnprintf=yes
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
 
+fi
+done
+
+
+if test $ac_cv_func_vsnprintf = no -a $ac_cv_func__vsnprintf = yes ; then
+	ac_cv_func_vsnprintf=yes
+
 cat >>confdefs.h <<\_ACEOF
 #define vsnprintf _vsnprintf
 _ACEOF
 
-
 fi
 
 
-
 for ac_func in vprintf
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -38700,75 +37119,67 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
-echo "$as_me:$LINENO: checking for _doprnt" >&5
-echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for _doprnt" >&5
+echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6; }
 if test "${ac_cv_func__doprnt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -38795,68 +37206,59 @@
 
 #undef _doprnt
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char _doprnt ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub__doprnt) || defined (__stub____doprnt)
+#if defined __stub__doprnt || defined __stub____doprnt
 choke me
-#else
-char (*f) () = _doprnt;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != _doprnt;
+return _doprnt ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_func__doprnt=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_func__doprnt=no
+	ac_cv_func__doprnt=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5
-echo "${ECHO_T}$ac_cv_func__doprnt" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5
+echo "${ECHO_T}$ac_cv_func__doprnt" >&6; }
 if test $ac_cv_func__doprnt = yes; then
 
 cat >>confdefs.h <<\_ACEOF
@@ -38876,9 +37278,9 @@
 for ac_func in snprintf vsnprintf
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -38904,68 +37306,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -39031,6 +37425,7 @@
 
 
 
+
 for ac_func in \
 	bcopy			\
 	closesocket		\
@@ -39041,6 +37436,7 @@
 	flock			\
 	fstat			\
 	getdtablesize		\
+	geteuid			\
 	getgrgid		\
 	gethostname		\
 	getpass			\
@@ -39090,9 +37486,9 @@
 
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -39118,68 +37514,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -39194,9 +37582,9 @@
 for ac_func in getopt getpeereid
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -39222,80 +37610,70 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 else
-  case $LIBOBJS in
-    "$ac_func.$ac_objext"   | \
-  *" $ac_func.$ac_objext"   | \
-    "$ac_func.$ac_objext "* | \
+  case " $LIBOBJS " in
   *" $ac_func.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext" ;;
+  *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
+ ;;
 esac
 
 fi
@@ -39312,9 +37690,9 @@
 for ac_func in getpeerucred
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
@@ -39340,68 +37718,60 @@
 
 #undef $ac_func
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
-{
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char $ac_func ();
 /* The GNU C library defines this for functions which it implements
     to always fail with ENOSYS.  Some functions are actually named
     something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+#if defined __stub_$ac_func || defined __stub___$ac_func
 choke me
-#else
-char (*f) () = $ac_func;
 #endif
-#ifdef __cplusplus
-}
-#endif
 
 int
 main ()
 {
-return f != $ac_func;
+return $ac_func ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   eval "$as_ac_var=yes"
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-eval "$as_ac_var=no"
+	eval "$as_ac_var=no"
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+ac_res=`eval echo '${'$as_ac_var'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<_ACEOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
@@ -39411,8 +37781,8 @@
 done
 
 	if test "$ac_cv_func_getpeerucred" != yes ; then
-		echo "$as_me:$LINENO: checking for struct msghdr.msg_accrightslen" >&5
-echo $ECHO_N "checking for struct msghdr.msg_accrightslen... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for struct msghdr.msg_accrightslen" >&5
+echo $ECHO_N "checking for struct msghdr.msg_accrightslen... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_msghdr_msg_accrightslen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -39438,33 +37808,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_msghdr_msg_accrightslen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -39486,40 +37851,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_msghdr_msg_accrightslen=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_msghdr_msg_accrightslen=no
+	ac_cv_member_struct_msghdr_msg_accrightslen=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_msghdr_msg_accrightslen" >&5
-echo "${ECHO_T}$ac_cv_member_struct_msghdr_msg_accrightslen" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_msghdr_msg_accrightslen" >&5
+echo "${ECHO_T}$ac_cv_member_struct_msghdr_msg_accrightslen" >&6; }
 if test $ac_cv_member_struct_msghdr_msg_accrightslen = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -39530,8 +37892,8 @@
 fi
 
 		if test "$ac_cv_member_struct_msghdr_msg_accrightslen" != yes; then
-			echo "$as_me:$LINENO: checking for struct msghdr.msg_control" >&5
-echo $ECHO_N "checking for struct msghdr.msg_control... $ECHO_C" >&6
+			{ echo "$as_me:$LINENO: checking for struct msghdr.msg_control" >&5
+echo $ECHO_N "checking for struct msghdr.msg_control... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_msghdr_msg_control+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -39557,33 +37919,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_msghdr_msg_control=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -39605,40 +37962,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_msghdr_msg_control=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_msghdr_msg_control=no
+	ac_cv_member_struct_msghdr_msg_control=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_msghdr_msg_control" >&5
-echo "${ECHO_T}$ac_cv_member_struct_msghdr_msg_control" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_msghdr_msg_control" >&5
+echo "${ECHO_T}$ac_cv_member_struct_msghdr_msg_control" >&6; }
 if test $ac_cv_member_struct_msghdr_msg_control = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -39649,8 +38003,8 @@
 fi
 
 		fi
-		echo "$as_me:$LINENO: checking for struct stat.st_fstype" >&5
-echo $ECHO_N "checking for struct stat.st_fstype... $ECHO_C" >&6
+		{ echo "$as_me:$LINENO: checking for struct stat.st_fstype" >&5
+echo $ECHO_N "checking for struct stat.st_fstype... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_stat_st_fstype+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -39672,33 +38026,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_stat_st_fstype=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -39716,40 +38065,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_stat_st_fstype=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_stat_st_fstype=no
+	ac_cv_member_struct_stat_st_fstype=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_fstype" >&5
-echo "${ECHO_T}$ac_cv_member_struct_stat_st_fstype" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_fstype" >&5
+echo "${ECHO_T}$ac_cv_member_struct_stat_st_fstype" >&6; }
 if test $ac_cv_member_struct_stat_st_fstype = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -39758,8 +38104,8 @@
 
 
 fi
-echo "$as_me:$LINENO: checking for struct stat.st_vfstype" >&5
-echo $ECHO_N "checking for struct stat.st_vfstype... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking for struct stat.st_vfstype" >&5
+echo $ECHO_N "checking for struct stat.st_vfstype... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_stat_st_vfstype+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -39781,33 +38127,28 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_stat_st_vfstype=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-cat >conftest.$ac_ext <<_ACEOF
+	cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
@@ -39825,40 +38166,37 @@
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_cv_member_struct_stat_st_vfstype=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_member_struct_stat_st_vfstype=no
+	ac_cv_member_struct_stat_st_vfstype=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_vfstype" >&5
-echo "${ECHO_T}$ac_cv_member_struct_stat_st_vfstype" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_vfstype" >&5
+echo "${ECHO_T}$ac_cv_member_struct_stat_st_vfstype" >&6; }
 if test $ac_cv_member_struct_stat_st_vfstype = yes; then
 
 cat >>confdefs.h <<_ACEOF
@@ -39873,27 +38211,22 @@
 struct stat st; char *ptr=st.st_fstype;
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
 
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_STRUCT_STAT_ST_FSTYPE_CHAR 1
@@ -39909,7 +38242,8 @@
 _ACEOF
 
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 		fi
 	fi
 	LIBSRCS="$LIBSRCS getpeereid.c"
@@ -39939,18 +38273,19 @@
 for ac_header in ltdl.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
-  echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 else
   # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -39961,41 +38296,37 @@
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
   ac_header_compiler=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_header_compiler=no
+	ac_header_compiler=no
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
 
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
 # Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -40004,24 +38335,22 @@
 /* end confdefs.h.  */
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
-  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } >/dev/null; then
-  if test -s conftest.err; then
-    ac_cpp_err=$ac_c_preproc_warn_flag
-    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
-  else
-    ac_cpp_err=
-  fi
-else
-  ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
   ac_header_preproc=yes
 else
   echo "$as_me: failed program was:" >&5
@@ -40029,9 +38358,10 @@
 
   ac_header_preproc=no
 fi
+
 rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
 
 # So?  What about this header?
 case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
@@ -40055,25 +38385,24 @@
 echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
     { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-    (
-      cat <<\_ASBOX
+    ( cat <<\_ASBOX
 ## --------------------------------------------- ##
 ## Report this to <http://www.openldap.org/its/> ##
 ## --------------------------------------------- ##
 _ASBOX
-    ) |
-      sed "s/^/$as_me: WARNING:     /" >&2
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   eval "$as_ac_Header=\$ac_header_preproc"
 fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
 
 fi
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
@@ -40091,8 +38420,8 @@
 echo "$as_me: error: could not locate <ltdl.h>" >&2;}
    { (exit 1); exit 1; }; }
 	fi
-	echo "$as_me:$LINENO: checking for lt_dlinit in -lltdl" >&5
-echo $ECHO_N "checking for lt_dlinit in -lltdl... $ECHO_C" >&6
+	{ echo "$as_me:$LINENO: checking for lt_dlinit in -lltdl" >&5
+echo $ECHO_N "checking for lt_dlinit in -lltdl... $ECHO_C" >&6; }
 if test "${ac_cv_lib_ltdl_lt_dlinit+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
@@ -40105,56 +38434,53 @@
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 
-/* Override any gcc2 internal prototype to avoid an error.  */
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
 #ifdef __cplusplus
 extern "C"
 #endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
 char lt_dlinit ();
 int
 main ()
 {
-lt_dlinit ();
+return lt_dlinit ();
   ;
   return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
-  (eval $ac_link) 2>conftest.er1
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_link") 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-	 { ac_try='test -z "$ac_c_werror_flag"
-			 || test ! -s conftest.err'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext &&
+       $as_test_x conftest$ac_exeext; then
   ac_cv_lib_ltdl_lt_dlinit=yes
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_lib_ltdl_lt_dlinit=no
+	ac_cv_lib_ltdl_lt_dlinit=no
 fi
-rm -f conftest.err conftest.$ac_objext \
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ltdl_lt_dlinit" >&5
-echo "${ECHO_T}$ac_cv_lib_ltdl_lt_dlinit" >&6
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ltdl_lt_dlinit" >&5
+echo "${ECHO_T}$ac_cv_lib_ltdl_lt_dlinit" >&6; }
 if test $ac_cv_lib_ltdl_lt_dlinit = yes; then
 
 		SLAPI_LIBS=-lltdl
@@ -40412,6 +38738,23 @@
 
 fi
 
+if test "$ol_enable_ndb" != no ; then
+	BUILD_SLAPD=yes
+	BUILD_NDB=$ol_enable_ndb
+	if test "$ol_enable_ndb" = mod ; then
+		SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ndb"
+		MFLAG=SLAPD_MOD_DYNAMIC
+	else
+		SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ndb"
+		MFLAG=SLAPD_MOD_STATIC
+	fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_NDB $MFLAG
+_ACEOF
+
+fi
+
 if test "$ol_enable_null" != no ; then
 	BUILD_SLAPD=yes
 	BUILD_NULL=$ol_enable_null
@@ -40567,6 +38910,22 @@
 
 fi
 
+if test "$ol_enable_collect" != no ; then
+        BUILD_COLLECT=$ol_enable_collect
+        if test "$ol_enable_collect" = mod ; then
+                MFLAG=SLAPD_MOD_DYNAMIC
+                SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS collect.la"
+        else
+                MFLAG=SLAPD_MOD_STATIC
+                SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS collect.o"
+        fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_COLLECT $MFLAG
+_ACEOF
+
+fi
+
 if test "$ol_enable_constraint" != no ; then
 	BUILD_CONSTRAINT=$ol_enable_constraint
 	if test "$ol_enable_constraint" = mod ; then
@@ -40599,6 +38958,22 @@
 
 fi
 
+if test "$ol_enable_deref" != no ; then
+	BUILD_DDS=$ol_enable_deref
+	if test "$ol_enable_deref" = mod ; then
+		MFLAG=SLAPD_MOD_DYNAMIC
+		SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS deref.la"
+	else
+		MFLAG=SLAPD_MOD_STATIC
+		SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS deref.o"
+	fi
+
+cat >>confdefs.h <<_ACEOF
+#define SLAPD_OVER_DEREF $MFLAG
+_ACEOF
+
+fi
+
 if test "$ol_enable_dyngroup" != no ; then
 	BUILD_DYNGROUP=$ol_enable_dyngroup
 	if test "$ol_enable_dyngroup" = mod ; then
@@ -40829,7 +39204,7 @@
 
 
 
-if test "$ac_cv_mingw32" = yes ; then
+if test "$ac_cv_mingw32" = yes -o $ol_cv_msvc = yes ; then
 	PLAT=NT
 	SLAPD_MODULES_LDFLAGS=
 else
@@ -40920,17 +39295,22 @@
 
 
 
-# Check whether --with-xxinstall or --without-xxinstall was given.
+
+
+
+
+
+# Check whether --with-xxinstall was given.
 if test "${with_xxinstall+set}" = set; then
-  withval="$with_xxinstall"
+  withval=$with_xxinstall;
+fi
 
-fi;
 
 
-                                                                                                                                                                                                                                                                                                                                                                                                      ac_config_files="$ac_config_files Makefile:build/top.mk:Makefile.in:build/dir.mk doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk include/Makefile:build/top.mk:include/Makefile.in libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk tests/run tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk"
+ac_config_files="$ac_config_files Makefile:build/top.mk:Makefile.in:build/dir.mk doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk include/Makefile:build/top.mk:include/Makefile.in libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk servers/slapd/back-ndb/Makefile:build/top.mk:servers/slapd/back-ndb/Makefile.in:build/mod.mk servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk tests/run tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk"
 
 
-          ac_config_commands="$ac_config_commands default"
+ac_config_commands="$ac_config_commands default"
 
 
 
@@ -40938,32 +39318,18 @@
 # Let make expand exec_prefix.
 test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
 
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
-  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
-s/:*\$(srcdir):*/:/;
-s/:*\${srcdir}:*/:/;
-s/:*@srcdir@:*/:/;
-s/^\([^=]*=[	 ]*\):*/\1/;
-s/:*$//;
-s/^[^=]*=[	 ]*$//;
-}'
-fi
-
 DEFS=-DHAVE_CONFIG_H
 
 ac_libobjs=
 ac_ltlibobjs=
 for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
   # 1. Remove the extension, and $U if already installed.
-  ac_i=`echo "$ac_i" |
-	 sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
-  # 2. Add them.
-  ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
-  ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
 done
 LIBOBJS=$ac_libobjs
 
@@ -41015,18 +39381,46 @@
 ## M4sh Initialization.  ##
 ## --------------------- ##
 
-# Be Bourne compatible
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
   emulate sh
   NULLCMD=:
   # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
   # is contrary to our usage.  Disable this feature.
   alias -g '${1+"$@"}'='"$@"'
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
-  set -o posix
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
 fi
-DUALCASE=1; export DUALCASE # for MKS sh
 
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
 # Support unset when possible.
 if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
   as_unset=unset
@@ -41035,8 +39429,43 @@
 fi
 
 
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+as_nl='
+'
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
 # Work around bugs in pre-3.0 UWIN ksh.
-$as_unset ENV MAIL MAILPATH
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
 PS1='$ '
 PS2='> '
 PS4='+ '
@@ -41050,18 +39479,19 @@
   if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
     eval $as_var=C; export $as_var
   else
-    $as_unset $as_var
+    ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
   fi
 done
 
 # Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1; then
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
   as_expr=expr
 else
   as_expr=false
 fi
 
-if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
   as_basename=basename
 else
   as_basename=false
@@ -41069,159 +39499,120 @@
 
 
 # Name of the executable.
-as_me=`$as_basename "$0" ||
+as_me=`$as_basename -- "$0" ||
 $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
 	 X"$0" : 'X\(//\)$' \| \
-	 X"$0" : 'X\(/\)$' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
 echo X/"$0" |
-    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
-  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\/\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
 
+# CDPATH.
+$as_unset CDPATH
 
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
 
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
-  echo "#! /bin/sh" >conf$$.sh
-  echo  "exit 0"   >>conf$$.sh
-  chmod +x conf$$.sh
-  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
-    PATH_SEPARATOR=';'
-  else
-    PATH_SEPARATOR=:
-  fi
-  rm -f conf$$.sh
-fi
 
-
   as_lineno_1=$LINENO
   as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
   test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
-  # Find who we are.  Look in the path if we contain no path at all
-  # relative or not.
-  case $0 in
-    *[\\/]* ) as_myself=$0 ;;
-    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
 
-       ;;
-  esac
-  # We did not find ourselves, most probably we were run as `sh COMMAND'
-  # in which case we are not to be found in the path.
-  if test "x$as_myself" = x; then
-    as_myself=$0
-  fi
-  if test ! -f "$as_myself"; then
-    { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
-echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
-   { (exit 1); exit 1; }; }
-  fi
-  case $CONFIG_SHELL in
-  '')
-    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for as_base in sh bash ksh sh5; do
-	 case $as_dir in
-	 /*)
-	   if ("$as_dir/$as_base" -c '
-  as_lineno_1=$LINENO
-  as_lineno_2=$LINENO
-  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
-  test "x$as_lineno_1" != "x$as_lineno_2" &&
-  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
-	     $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
-	     $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
-	     CONFIG_SHELL=$as_dir/$as_base
-	     export CONFIG_SHELL
-	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
-	   fi;;
-	 esac
-       done
-done
-;;
-  esac
-
   # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
   # uniformly replaced by the line number.  The first 'sed' inserts a
-  # line-number line before each line; the second 'sed' does the real
-  # work.  The second script uses 'N' to pair each line-number line
-  # with the numbered line, and appends trailing '-' during
-  # substitution so that $LINENO is not a special case at line end.
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
   # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
-  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
-  sed '=' <$as_myself |
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
     sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
       N
-      s,$,-,
-      : loop
-      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
       t loop
-      s,-$,,
-      s,^['$as_cr_digits']*\n,,
+      s/-\n.*//
     ' >$as_me.lineno &&
-  chmod +x $as_me.lineno ||
-    { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
+  chmod +x "$as_me.lineno" ||
+    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
    { (exit 1); exit 1; }; }
 
   # Don't try to exec as it changes $[0], causing all sort of problems
   # (the dirname of $[0] is not the place where we might find the
-  # original and so on.  Autoconf is especially sensible to this).
-  . ./$as_me.lineno
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
   # Exit status is that of the last command.
   exit
 }
 
 
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
-  *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T='	' ;;
-  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
-  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
 esac
 
-if expr a : '\(a\)' >/dev/null 2>&1; then
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
   as_expr=expr
 else
   as_expr=false
 fi
 
 rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir
+fi
 echo >conf$$.file
 if ln -s conf$$.file conf$$ 2>/dev/null; then
-  # We could just check for DJGPP; but this test a) works b) is more generic
-  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
-  if test -f conf$$.exe; then
-    # Don't use ln at all; we don't have any links
+  as_ln_s='ln -s'
+  # ... but there are two gotchas:
+  # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+  # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+  # In both cases, we have to default to `cp -p'.
+  ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
     as_ln_s='cp -p'
-  else
-    as_ln_s='ln -s'
-  fi
 elif ln conf$$.file conf$$ 2>/dev/null; then
   as_ln_s=ln
 else
   as_ln_s='cp -p'
 fi
-rm -f conf$$ conf$$.exe conf$$.file
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
 
 if mkdir -p . 2>/dev/null; then
   as_mkdir_p=:
@@ -41230,7 +39621,28 @@
   as_mkdir_p=false
 fi
 
-as_executable_p="test -f"
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+        test -d "$1/.";
+      else
+	case $1 in
+        -*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
 
 # Sed expression to map a string onto a valid CPP name.
 as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -41239,31 +39651,14 @@
 as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
 
 
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" 	$as_nl"
-
-# CDPATH.
-$as_unset CDPATH
-
 exec 6>&1
 
-# Open the log real soon, to keep \$[0] and so on meaningful, and to
+# Save the log message, to keep $[0] and so on meaningful, and to
 # report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.  Logging --version etc. is OK.
-exec 5>>config.log
-{
-  echo
-  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
-} >&5
-cat >&5 <<_CSEOF
-
+# values after options handling.
+ac_log="
 This file was extended by $as_me, which was
-generated by GNU Autoconf 2.59.  Invocation command line was
+generated by GNU Autoconf 2.61.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
   CONFIG_HEADERS  = $CONFIG_HEADERS
@@ -41271,30 +39666,20 @@
   CONFIG_COMMANDS = $CONFIG_COMMANDS
   $ $0 $@
 
-_CSEOF
-echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-echo >&5
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
 _ACEOF
 
+cat >>$CONFIG_STATUS <<_ACEOF
 # Files that config.status was made for.
-if test -n "$ac_config_files"; then
-  echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
-fi
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
 
-if test -n "$ac_config_headers"; then
-  echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
-fi
+_ACEOF
 
-if test -n "$ac_config_links"; then
-  echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_commands"; then
-  echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
-fi
-
 cat >>$CONFIG_STATUS <<\_ACEOF
-
 ac_cs_usage="\
 \`$as_me' instantiates files from templates according to the
 current configuration.
@@ -41302,7 +39687,7 @@
 Usage: $0 [OPTIONS] [FILE]...
 
   -h, --help       print this help, then exit
-  -V, --version    print version number, then exit
+  -V, --version    print version number and configuration settings, then exit
   -q, --quiet      do not print progress messages
   -d, --debug      don't remove temporary files
       --recheck    update $as_me by reconfiguring in the same conditions
@@ -41321,19 +39706,21 @@
 $config_commands
 
 Report bugs to <bug-autoconf at gnu.org>."
-_ACEOF
 
+_ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
 config.status
-configured by $0, generated by GNU Autoconf 2.59,
-  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
+configured by $0, generated by GNU Autoconf 2.61,
+  with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
 
-Copyright (C) 2003 Free Software Foundation, Inc.
+Copyright (C) 2006 Free Software Foundation, Inc.
 This config.status script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it."
-srcdir=$srcdir
-INSTALL="$INSTALL"
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
 _ACEOF
 
 cat >>$CONFIG_STATUS <<\_ACEOF
@@ -41344,39 +39731,24 @@
 do
   case $1 in
   --*=*)
-    ac_option=`expr "x$1" : 'x\([^=]*\)='`
-    ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
     ac_shift=:
     ;;
-  -*)
+  *)
     ac_option=$1
     ac_optarg=$2
     ac_shift=shift
     ;;
-  *) # This is not an option, so the user has probably given explicit
-     # arguments.
-     ac_option=$1
-     ac_need_defaults=false;;
   esac
 
   case $ac_option in
   # Handling of the options.
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
   -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
     ac_cs_recheck=: ;;
-  --version | --vers* | -V )
-    echo "$ac_cs_version"; exit 0 ;;
-  --he | --h)
-    # Conflict between --help and --header
-    { { echo "$as_me:$LINENO: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
-   { (exit 1); exit 1; }; };;
-  --help | --hel | -h )
-    echo "$ac_cs_usage"; exit 0 ;;
-  --debug | --d* | -d )
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
     debug=: ;;
   --file | --fil | --fi | --f )
     $ac_shift
@@ -41386,18 +39758,24 @@
     $ac_shift
     CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
     ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    echo "$ac_cs_usage"; exit ;;
   -q | -quiet | --quiet | --quie | --qui | --qu | --q \
   | -silent | --silent | --silen | --sile | --sil | --si | --s)
     ac_cs_silent=: ;;
 
   # This is an error.
-  -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
+  -*) { echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
    { (exit 1); exit 1; }; } ;;
 
-  *) ac_config_targets="$ac_config_targets $1" ;;
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
 
   esac
   shift
@@ -41413,17 +39791,28 @@
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 if \$ac_cs_recheck; then
-  echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
-  exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
+  CONFIG_SHELL=$SHELL
+  export CONFIG_SHELL
+  exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
 fi
 
 _ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  echo "$ac_log"
+} >&5
 
+_ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 #
-# INIT-COMMANDS section.
+# INIT-COMMANDS
 #
-
 AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
 
 STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS"
@@ -41432,63 +39821,65 @@
 
 _ACEOF
 
-
-
 cat >>$CONFIG_STATUS <<\_ACEOF
+
+# Handling of arguments.
 for ac_config_target in $ac_config_targets
 do
-  case "$ac_config_target" in
-  # Handling of arguments.
-  "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile:build/top.mk:Makefile.in:build/dir.mk" ;;
-  "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk" ;;
-  "doc/man/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk" ;;
-  "doc/man/man1/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk" ;;
-  "doc/man/man3/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk" ;;
-  "doc/man/man5/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk" ;;
-  "doc/man/man8/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk" ;;
-  "clients/Makefile" ) CONFIG_FILES="$CONFIG_FILES clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk" ;;
-  "clients/tools/Makefile" ) CONFIG_FILES="$CONFIG_FILES clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk" ;;
-  "include/Makefile" ) CONFIG_FILES="$CONFIG_FILES include/Makefile:build/top.mk:include/Makefile.in" ;;
-  "libraries/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk" ;;
-  "libraries/liblber/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
-  "libraries/libldap/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
-  "libraries/libldap_r/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
-  "libraries/liblunicode/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
-  "libraries/liblutil/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
-  "libraries/librewrite/Makefile" ) CONFIG_FILES="$CONFIG_FILES libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
-  "servers/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk" ;;
-  "servers/slapd/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk" ;;
-  "servers/slapd/back-bdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-dnssrv/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-hdb/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-ldap/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-ldif/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-meta/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-monitor/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-null/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-passwd/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-perl/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-relay/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-shell/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-sock/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/back-sql/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk" ;;
-  "servers/slapd/shell-backends/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk" ;;
-  "servers/slapd/slapi/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
-  "servers/slapd/overlays/Makefile" ) CONFIG_FILES="$CONFIG_FILES servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk" ;;
-  "tests/Makefile" ) CONFIG_FILES="$CONFIG_FILES tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk" ;;
-  "tests/run" ) CONFIG_FILES="$CONFIG_FILES tests/run" ;;
-  "tests/progs/Makefile" ) CONFIG_FILES="$CONFIG_FILES tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk" ;;
-  "depfiles" ) CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
-  "default" ) CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;;
-  "include/portable.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/portable.h:include/portable.hin" ;;
-  "include/ldap_features.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/ldap_features.h:include/ldap_features.hin" ;;
-  "include/lber_types.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/lber_types.h:include/lber_types.hin" ;;
+  case $ac_config_target in
+    "include/portable.h") CONFIG_HEADERS="$CONFIG_HEADERS include/portable.h:include/portable.hin" ;;
+    "include/ldap_features.h") CONFIG_HEADERS="$CONFIG_HEADERS include/ldap_features.h:include/ldap_features.hin" ;;
+    "include/lber_types.h") CONFIG_HEADERS="$CONFIG_HEADERS include/lber_types.h:include/lber_types.hin" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile:build/top.mk:Makefile.in:build/dir.mk" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile:build/top.mk:doc/Makefile.in:build/dir.mk" ;;
+    "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile:build/top.mk:doc/man/Makefile.in:build/dir.mk" ;;
+    "doc/man/man1/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man1/Makefile:build/top.mk:doc/man/man1/Makefile.in:build/man.mk" ;;
+    "doc/man/man3/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man3/Makefile:build/top.mk:doc/man/man3/Makefile.in:build/man.mk" ;;
+    "doc/man/man5/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man5/Makefile:build/top.mk:doc/man/man5/Makefile.in:build/man.mk" ;;
+    "doc/man/man8/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man8/Makefile:build/top.mk:doc/man/man8/Makefile.in:build/man.mk" ;;
+    "clients/Makefile") CONFIG_FILES="$CONFIG_FILES clients/Makefile:build/top.mk:clients/Makefile.in:build/dir.mk" ;;
+    "clients/tools/Makefile") CONFIG_FILES="$CONFIG_FILES clients/tools/Makefile:build/top.mk:clients/tools/Makefile.in:build/rules.mk" ;;
+    "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile:build/top.mk:include/Makefile.in" ;;
+    "libraries/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/Makefile:build/top.mk:libraries/Makefile.in:build/dir.mk" ;;
+    "libraries/liblber/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/liblber/Makefile:build/top.mk:libraries/liblber/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+    "libraries/libldap/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/libldap/Makefile:build/top.mk:libraries/libldap/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+    "libraries/libldap_r/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/libldap_r/Makefile:build/top.mk:libraries/libldap_r/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+    "libraries/liblunicode/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/liblunicode/Makefile:build/top.mk:libraries/liblunicode/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
+    "libraries/liblutil/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/liblutil/Makefile:build/top.mk:libraries/liblutil/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
+    "libraries/librewrite/Makefile") CONFIG_FILES="$CONFIG_FILES libraries/librewrite/Makefile:build/top.mk:libraries/librewrite/Makefile.in:build/lib.mk:build/lib-static.mk" ;;
+    "servers/Makefile") CONFIG_FILES="$CONFIG_FILES servers/Makefile:build/top.mk:servers/Makefile.in:build/dir.mk" ;;
+    "servers/slapd/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/Makefile:build/top.mk:servers/slapd/Makefile.in:build/srv.mk" ;;
+    "servers/slapd/back-bdb/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-bdb/Makefile:build/top.mk:servers/slapd/back-bdb/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-dnssrv/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-dnssrv/Makefile:build/top.mk:servers/slapd/back-dnssrv/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-hdb/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-hdb/Makefile:build/top.mk:servers/slapd/back-hdb/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-ldap/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldap/Makefile:build/top.mk:servers/slapd/back-ldap/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-ldif/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-meta/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-monitor/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-ndb/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-ndb/Makefile:build/top.mk:servers/slapd/back-ndb/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-null/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-passwd/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-perl/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-relay/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-relay/Makefile:build/top.mk:servers/slapd/back-relay/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-shell/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-shell/Makefile:build/top.mk:servers/slapd/back-shell/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-sock/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-sock/Makefile:build/top.mk:servers/slapd/back-sock/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/back-sql/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/back-sql/Makefile:build/top.mk:servers/slapd/back-sql/Makefile.in:build/mod.mk" ;;
+    "servers/slapd/shell-backends/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk" ;;
+    "servers/slapd/slapi/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk" ;;
+    "servers/slapd/overlays/Makefile") CONFIG_FILES="$CONFIG_FILES servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk" ;;
+    "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile:build/top.mk:tests/Makefile.in:build/dir.mk" ;;
+    "tests/run") CONFIG_FILES="$CONFIG_FILES tests/run" ;;
+    "tests/progs/Makefile") CONFIG_FILES="$CONFIG_FILES tests/progs/Makefile:build/top.mk:tests/progs/Makefile.in:build/rules.mk" ;;
+    "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;;
+
   *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
 echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
    { (exit 1); exit 1; }; };;
   esac
 done
 
+
 # If the user did not use the arguments to specify the items to instantiate,
 # then the envvar interface is used.  Set only those that are not.
 # We use the long form for the default assignment because of an extremely
@@ -41500,683 +39891,674 @@
 fi
 
 # Have a temporary directory for convenience.  Make it in the build tree
-# simply because there is no reason to put it here, and in addition,
+# simply because there is no reason against having it here, and in addition,
 # creating and moving files from /tmp can sometimes cause problems.
-# Create a temporary directory, and hook for its removal unless debugging.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
 $debug ||
 {
-  trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
   trap '{ (exit 1); exit 1; }' 1 2 13 15
 }
-
 # Create a (secure) tmp directory for tmp files.
 
 {
-  tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
   test -n "$tmp" && test -d "$tmp"
 }  ||
 {
-  tmp=./confstat$$-$RANDOM
-  (umask 077 && mkdir $tmp)
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
 } ||
 {
    echo "$me: cannot create a temporary directory in ." >&2
    { (exit 1); exit 1; }
 }
 
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-
 #
-# CONFIG_FILES section.
+# Set up the sed scripts for CONFIG_FILES section.
 #
 
 # No need to generate the scripts if there are no CONFIG_FILES.
 # This happens for instance when ./config.status config.h
-if test -n "\$CONFIG_FILES"; then
-  # Protect against being on the right side of a sed subst in config.status.
-  sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
-   s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
-s, at SHELL@,$SHELL,;t t
-s, at PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
-s, at PACKAGE_NAME@,$PACKAGE_NAME,;t t
-s, at PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-s, at PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-s, at PACKAGE_STRING@,$PACKAGE_STRING,;t t
-s, at PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
-s, at exec_prefix@,$exec_prefix,;t t
-s, at prefix@,$prefix,;t t
-s, at program_transform_name@,$program_transform_name,;t t
-s, at bindir@,$bindir,;t t
-s, at sbindir@,$sbindir,;t t
-s, at libexecdir@,$libexecdir,;t t
-s, at datadir@,$datadir,;t t
-s, at sysconfdir@,$sysconfdir,;t t
-s, at sharedstatedir@,$sharedstatedir,;t t
-s, at localstatedir@,$localstatedir,;t t
-s, at libdir@,$libdir,;t t
-s, at includedir@,$includedir,;t t
-s, at oldincludedir@,$oldincludedir,;t t
-s, at infodir@,$infodir,;t t
-s, at mandir@,$mandir,;t t
-s, at build_alias@,$build_alias,;t t
-s, at host_alias@,$host_alias,;t t
-s, at target_alias@,$target_alias,;t t
-s, at DEFS@,$DEFS,;t t
-s, at ECHO_C@,$ECHO_C,;t t
-s, at ECHO_N@,$ECHO_N,;t t
-s, at ECHO_T@,$ECHO_T,;t t
-s, at LIBS@,$LIBS,;t t
-s, at build@,$build,;t t
-s, at build_cpu@,$build_cpu,;t t
-s, at build_vendor@,$build_vendor,;t t
-s, at build_os@,$build_os,;t t
-s, at host@,$host,;t t
-s, at host_cpu@,$host_cpu,;t t
-s, at host_vendor@,$host_vendor,;t t
-s, at host_os@,$host_os,;t t
-s, at target@,$target,;t t
-s, at target_cpu@,$target_cpu,;t t
-s, at target_vendor@,$target_vendor,;t t
-s, at target_os@,$target_os,;t t
-s, at INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
-s, at INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
-s, at INSTALL_DATA@,$INSTALL_DATA,;t t
-s, at CYGPATH_W@,$CYGPATH_W,;t t
-s, at PACKAGE@,$PACKAGE,;t t
-s, at VERSION@,$VERSION,;t t
-s, at ACLOCAL@,$ACLOCAL,;t t
-s, at AUTOCONF@,$AUTOCONF,;t t
-s, at AUTOMAKE@,$AUTOMAKE,;t t
-s, at AUTOHEADER@,$AUTOHEADER,;t t
-s, at MAKEINFO@,$MAKEINFO,;t t
-s, at install_sh@,$install_sh,;t t
-s, at STRIP@,$STRIP,;t t
-s, at ac_ct_STRIP@,$ac_ct_STRIP,;t t
-s, at INSTALL_STRIP_PROGRAM@,$INSTALL_STRIP_PROGRAM,;t t
-s, at mkdir_p@,$mkdir_p,;t t
-s, at AWK@,$AWK,;t t
-s, at SET_MAKE@,$SET_MAKE,;t t
-s, at am__leading_dot@,$am__leading_dot,;t t
-s, at AMTAR@,$AMTAR,;t t
-s, at am__tar@,$am__tar,;t t
-s, at am__untar@,$am__untar,;t t
-s, at OPENLDAP_LIBRELEASE@,$OPENLDAP_LIBRELEASE,;t t
-s, at OPENLDAP_LIBVERSION@,$OPENLDAP_LIBVERSION,;t t
-s, at OPENLDAP_RELEASE_DATE@,$OPENLDAP_RELEASE_DATE,;t t
-s, at top_builddir@,$top_builddir,;t t
-s, at ldap_subdir@,$ldap_subdir,;t t
-s, at CC@,$CC,;t t
-s, at AR@,$AR,;t t
-s, at CFLAGS@,$CFLAGS,;t t
-s, at LDFLAGS@,$LDFLAGS,;t t
-s, at CPPFLAGS@,$CPPFLAGS,;t t
-s, at ac_ct_CC@,$ac_ct_CC,;t t
-s, at EXEEXT@,$EXEEXT,;t t
-s, at OBJEXT@,$OBJEXT,;t t
-s, at DEPDIR@,$DEPDIR,;t t
-s, at am__include@,$am__include,;t t
-s, at am__quote@,$am__quote,;t t
-s, at AMDEP_TRUE@,$AMDEP_TRUE,;t t
-s, at AMDEP_FALSE@,$AMDEP_FALSE,;t t
-s, at AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t
-s, at CCDEPMODE@,$CCDEPMODE,;t t
-s, at am__fastdepCC_TRUE@,$am__fastdepCC_TRUE,;t t
-s, at am__fastdepCC_FALSE@,$am__fastdepCC_FALSE,;t t
-s, at EGREP@,$EGREP,;t t
-s, at LN_S@,$LN_S,;t t
-s, at ECHO@,$ECHO,;t t
-s, at ac_ct_AR@,$ac_ct_AR,;t t
-s, at RANLIB@,$RANLIB,;t t
-s, at ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
-s, at DLLTOOL@,$DLLTOOL,;t t
-s, at ac_ct_DLLTOOL@,$ac_ct_DLLTOOL,;t t
-s, at AS@,$AS,;t t
-s, at ac_ct_AS@,$ac_ct_AS,;t t
-s, at OBJDUMP@,$OBJDUMP,;t t
-s, at ac_ct_OBJDUMP@,$ac_ct_OBJDUMP,;t t
-s, at CPP@,$CPP,;t t
-s, at LIBTOOL@,$LIBTOOL,;t t
-s, at PERLBIN@,$PERLBIN,;t t
-s, at OL_MKDEP@,$OL_MKDEP,;t t
-s, at OL_MKDEP_FLAGS@,$OL_MKDEP_FLAGS,;t t
-s, at LTSTATIC@,$LTSTATIC,;t t
-s, at LIBOBJS@,$LIBOBJS,;t t
-s, at LIBSRCS@,$LIBSRCS,;t t
-s, at PLAT@,$PLAT,;t t
-s, at WITH_SASL@,$WITH_SASL,;t t
-s, at WITH_TLS@,$WITH_TLS,;t t
-s, at WITH_MODULES_ENABLED@,$WITH_MODULES_ENABLED,;t t
-s, at WITH_ACI_ENABLED@,$WITH_ACI_ENABLED,;t t
-s, at BUILD_THREAD@,$BUILD_THREAD,;t t
-s, at BUILD_LIBS_DYNAMIC@,$BUILD_LIBS_DYNAMIC,;t t
-s, at BUILD_SLAPD@,$BUILD_SLAPD,;t t
-s, at BUILD_SLAPI@,$BUILD_SLAPI,;t t
-s, at SLAPD_SLAPI_DEPEND@,$SLAPD_SLAPI_DEPEND,;t t
-s, at BUILD_BDB@,$BUILD_BDB,;t t
-s, at BUILD_DNSSRV@,$BUILD_DNSSRV,;t t
-s, at BUILD_HDB@,$BUILD_HDB,;t t
-s, at BUILD_LDAP@,$BUILD_LDAP,;t t
-s, at BUILD_META@,$BUILD_META,;t t
-s, at BUILD_MONITOR@,$BUILD_MONITOR,;t t
-s, at BUILD_NULL@,$BUILD_NULL,;t t
-s, at BUILD_PASSWD@,$BUILD_PASSWD,;t t
-s, at BUILD_RELAY@,$BUILD_RELAY,;t t
-s, at BUILD_PERL@,$BUILD_PERL,;t t
-s, at BUILD_SHELL@,$BUILD_SHELL,;t t
-s, at BUILD_SOCK@,$BUILD_SOCK,;t t
-s, at BUILD_SQL@,$BUILD_SQL,;t t
-s, at BUILD_ACCESSLOG@,$BUILD_ACCESSLOG,;t t
-s, at BUILD_AUDITLOG@,$BUILD_AUDITLOG,;t t
-s, at BUILD_CONSTRAINT@,$BUILD_CONSTRAINT,;t t
-s, at BUILD_DDS@,$BUILD_DDS,;t t
-s, at BUILD_DENYOP@,$BUILD_DENYOP,;t t
-s, at BUILD_DYNGROUP@,$BUILD_DYNGROUP,;t t
-s, at BUILD_DYNLIST@,$BUILD_DYNLIST,;t t
-s, at BUILD_LASTMOD@,$BUILD_LASTMOD,;t t
-s, at BUILD_MEMBEROF@,$BUILD_MEMBEROF,;t t
-s, at BUILD_PPOLICY@,$BUILD_PPOLICY,;t t
-s, at BUILD_PROXYCACHE@,$BUILD_PROXYCACHE,;t t
-s, at BUILD_REFINT@,$BUILD_REFINT,;t t
-s, at BUILD_RETCODE@,$BUILD_RETCODE,;t t
-s, at BUILD_RWM@,$BUILD_RWM,;t t
-s, at BUILD_SEQMOD@,$BUILD_SEQMOD,;t t
-s, at BUILD_SYNCPROV@,$BUILD_SYNCPROV,;t t
-s, at BUILD_TRANSLUCENT@,$BUILD_TRANSLUCENT,;t t
-s, at BUILD_UNIQUE@,$BUILD_UNIQUE,;t t
-s, at BUILD_VALSORT@,$BUILD_VALSORT,;t t
-s, at LDAP_LIBS@,$LDAP_LIBS,;t t
-s, at SLAPD_LIBS@,$SLAPD_LIBS,;t t
-s, at BDB_LIBS@,$BDB_LIBS,;t t
-s, at LTHREAD_LIBS@,$LTHREAD_LIBS,;t t
-s, at LUTIL_LIBS@,$LUTIL_LIBS,;t t
-s, at WRAP_LIBS@,$WRAP_LIBS,;t t
-s, at SLAPD_MODULES_CPPFLAGS@,$SLAPD_MODULES_CPPFLAGS,;t t
-s, at SLAPD_MODULES_LDFLAGS@,$SLAPD_MODULES_LDFLAGS,;t t
-s, at SLAPD_NO_STATIC@,$SLAPD_NO_STATIC,;t t
-s, at SLAPD_STATIC_BACKENDS@,$SLAPD_STATIC_BACKENDS,;t t
-s, at SLAPD_DYNAMIC_BACKENDS@,$SLAPD_DYNAMIC_BACKENDS,;t t
-s, at SLAPD_STATIC_OVERLAYS@,$SLAPD_STATIC_OVERLAYS,;t t
-s, at SLAPD_DYNAMIC_OVERLAYS@,$SLAPD_DYNAMIC_OVERLAYS,;t t
-s, at PERL_CPPFLAGS@,$PERL_CPPFLAGS,;t t
-s, at SLAPD_PERL_LDFLAGS@,$SLAPD_PERL_LDFLAGS,;t t
-s, at MOD_PERL_LDFLAGS@,$MOD_PERL_LDFLAGS,;t t
-s, at KRB4_LIBS@,$KRB4_LIBS,;t t
-s, at KRB5_LIBS@,$KRB5_LIBS,;t t
-s, at SASL_LIBS@,$SASL_LIBS,;t t
-s, at TLS_LIBS@,$TLS_LIBS,;t t
-s, at MODULES_LIBS@,$MODULES_LIBS,;t t
-s, at SLAPI_LIBS@,$SLAPI_LIBS,;t t
-s, at LIBSLAPI@,$LIBSLAPI,;t t
-s, at LIBSLAPITOOLS@,$LIBSLAPITOOLS,;t t
-s, at AUTH_LIBS@,$AUTH_LIBS,;t t
-s, at ICU_LIBS@,$ICU_LIBS,;t t
-s, at SLAPD_SLP_LIBS@,$SLAPD_SLP_LIBS,;t t
-s, at SLAPD_GMP_LIBS@,$SLAPD_GMP_LIBS,;t t
-s, at SLAPD_SQL_LDFLAGS@,$SLAPD_SQL_LDFLAGS,;t t
-s, at SLAPD_SQL_LIBS@,$SLAPD_SQL_LIBS,;t t
-s, at SLAPD_SQL_INCLUDES@,$SLAPD_SQL_INCLUDES,;t t
-s, at LTLIBOBJS@,$LTLIBOBJS,;t t
-CEOF
+if test -n "$CONFIG_FILES"; then
 
 _ACEOF
 
-  cat >>$CONFIG_STATUS <<\_ACEOF
-  # Split the substitutions into bite-sized pieces for seds with
-  # small command number limits, like on Digital OSF/1 and HP-UX.
-  ac_max_sed_lines=48
-  ac_sed_frag=1 # Number of current file.
-  ac_beg=1 # First line for current file.
-  ac_end=$ac_max_sed_lines # Line after last line for current file.
-  ac_more_lines=:
-  ac_sed_cmds=
-  while $ac_more_lines; do
-    if test $ac_beg -gt 1; then
-      sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    else
-      sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
-    fi
-    if test ! -s $tmp/subs.frag; then
-      ac_more_lines=false
-    else
-      # The purpose of the label and of the branching condition is to
-      # speed up the sed processing (if there are no `@' at all, there
-      # is no need to browse any of the substitutions).
-      # These are the two extra sed commands mentioned above.
-      (echo ':t
-  /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
-      if test -z "$ac_sed_cmds"; then
-	ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
-      else
-	ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
-      fi
-      ac_sed_frag=`expr $ac_sed_frag + 1`
-      ac_beg=$ac_end
-      ac_end=`expr $ac_end + $ac_max_sed_lines`
-    fi
-  done
-  if test -z "$ac_sed_cmds"; then
-    ac_sed_cmds=cat
+
+
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  cat >conf$$subs.sed <<_ACEOF
+SHELL!$SHELL$ac_delim
+PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim
+PACKAGE_NAME!$PACKAGE_NAME$ac_delim
+PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim
+PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim
+PACKAGE_STRING!$PACKAGE_STRING$ac_delim
+PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim
+exec_prefix!$exec_prefix$ac_delim
+prefix!$prefix$ac_delim
+program_transform_name!$program_transform_name$ac_delim
+bindir!$bindir$ac_delim
+sbindir!$sbindir$ac_delim
+libexecdir!$libexecdir$ac_delim
+datarootdir!$datarootdir$ac_delim
+datadir!$datadir$ac_delim
+sysconfdir!$sysconfdir$ac_delim
+sharedstatedir!$sharedstatedir$ac_delim
+localstatedir!$localstatedir$ac_delim
+includedir!$includedir$ac_delim
+oldincludedir!$oldincludedir$ac_delim
+docdir!$docdir$ac_delim
+infodir!$infodir$ac_delim
+htmldir!$htmldir$ac_delim
+dvidir!$dvidir$ac_delim
+pdfdir!$pdfdir$ac_delim
+psdir!$psdir$ac_delim
+libdir!$libdir$ac_delim
+localedir!$localedir$ac_delim
+mandir!$mandir$ac_delim
+DEFS!$DEFS$ac_delim
+ECHO_C!$ECHO_C$ac_delim
+ECHO_N!$ECHO_N$ac_delim
+ECHO_T!$ECHO_T$ac_delim
+LIBS!$LIBS$ac_delim
+build_alias!$build_alias$ac_delim
+host_alias!$host_alias$ac_delim
+target_alias!$target_alias$ac_delim
+build!$build$ac_delim
+build_cpu!$build_cpu$ac_delim
+build_vendor!$build_vendor$ac_delim
+build_os!$build_os$ac_delim
+host!$host$ac_delim
+host_cpu!$host_cpu$ac_delim
+host_vendor!$host_vendor$ac_delim
+host_os!$host_os$ac_delim
+target!$target$ac_delim
+target_cpu!$target_cpu$ac_delim
+target_vendor!$target_vendor$ac_delim
+target_os!$target_os$ac_delim
+INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim
+INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim
+INSTALL_DATA!$INSTALL_DATA$ac_delim
+CYGPATH_W!$CYGPATH_W$ac_delim
+PACKAGE!$PACKAGE$ac_delim
+VERSION!$VERSION$ac_delim
+ACLOCAL!$ACLOCAL$ac_delim
+AUTOCONF!$AUTOCONF$ac_delim
+AUTOMAKE!$AUTOMAKE$ac_delim
+AUTOHEADER!$AUTOHEADER$ac_delim
+MAKEINFO!$MAKEINFO$ac_delim
+install_sh!$install_sh$ac_delim
+STRIP!$STRIP$ac_delim
+INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim
+mkdir_p!$mkdir_p$ac_delim
+AWK!$AWK$ac_delim
+SET_MAKE!$SET_MAKE$ac_delim
+am__leading_dot!$am__leading_dot$ac_delim
+AMTAR!$AMTAR$ac_delim
+am__tar!$am__tar$ac_delim
+am__untar!$am__untar$ac_delim
+OPENLDAP_LIBRELEASE!$OPENLDAP_LIBRELEASE$ac_delim
+OPENLDAP_LIBVERSION!$OPENLDAP_LIBVERSION$ac_delim
+OPENLDAP_RELEASE_DATE!$OPENLDAP_RELEASE_DATE$ac_delim
+top_builddir!$top_builddir$ac_delim
+ldap_subdir!$ldap_subdir$ac_delim
+CC!$CC$ac_delim
+AR!$AR$ac_delim
+CFLAGS!$CFLAGS$ac_delim
+LDFLAGS!$LDFLAGS$ac_delim
+CPPFLAGS!$CPPFLAGS$ac_delim
+ac_ct_CC!$ac_ct_CC$ac_delim
+EXEEXT!$EXEEXT$ac_delim
+OBJEXT!$OBJEXT$ac_delim
+DEPDIR!$DEPDIR$ac_delim
+am__include!$am__include$ac_delim
+am__quote!$am__quote$ac_delim
+AMDEP_TRUE!$AMDEP_TRUE$ac_delim
+AMDEP_FALSE!$AMDEP_FALSE$ac_delim
+AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim
+CCDEPMODE!$CCDEPMODE$ac_delim
+am__fastdepCC_TRUE!$am__fastdepCC_TRUE$ac_delim
+am__fastdepCC_FALSE!$am__fastdepCC_FALSE$ac_delim
+GREP!$GREP$ac_delim
+EGREP!$EGREP$ac_delim
+LN_S!$LN_S$ac_delim
+ECHO!$ECHO$ac_delim
+RANLIB!$RANLIB$ac_delim
+_ACEOF
+
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
+    break
+  elif $ac_last_try; then
+    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
   fi
-fi # test -n "$CONFIG_FILES"
+done
 
+ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
+if test -n "$ac_eof"; then
+  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
+  ac_eof=`expr $ac_eof + 1`
+fi
+
+cat >>$CONFIG_STATUS <<_ACEOF
+cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
 _ACEOF
+sed '
+s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+s/^/s,@/; s/!/@,|#_!!_#|/
+:n
+t n
+s/'"$ac_delim"'$/,g/; t
+s/$/\\/; p
+N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
+' >>$CONFIG_STATUS <conf$$subs.sed
+rm -f conf$$subs.sed
+cat >>$CONFIG_STATUS <<_ACEOF
+CEOF$ac_eof
+_ACEOF
+
+
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  cat >conf$$subs.sed <<_ACEOF
+DLLTOOL!$DLLTOOL$ac_delim
+AS!$AS$ac_delim
+OBJDUMP!$OBJDUMP$ac_delim
+CPP!$CPP$ac_delim
+LIBTOOL!$LIBTOOL$ac_delim
+PERLBIN!$PERLBIN$ac_delim
+OL_MKDEP!$OL_MKDEP$ac_delim
+OL_MKDEP_FLAGS!$OL_MKDEP_FLAGS$ac_delim
+LTSTATIC!$LTSTATIC$ac_delim
+MYSQL!$MYSQL$ac_delim
+LIBOBJS!$LIBOBJS$ac_delim
+LIBSRCS!$LIBSRCS$ac_delim
+PLAT!$PLAT$ac_delim
+WITH_SASL!$WITH_SASL$ac_delim
+WITH_TLS!$WITH_TLS$ac_delim
+WITH_MODULES_ENABLED!$WITH_MODULES_ENABLED$ac_delim
+WITH_ACI_ENABLED!$WITH_ACI_ENABLED$ac_delim
+BUILD_THREAD!$BUILD_THREAD$ac_delim
+BUILD_LIBS_DYNAMIC!$BUILD_LIBS_DYNAMIC$ac_delim
+BUILD_SLAPD!$BUILD_SLAPD$ac_delim
+BUILD_SLAPI!$BUILD_SLAPI$ac_delim
+SLAPD_SLAPI_DEPEND!$SLAPD_SLAPI_DEPEND$ac_delim
+BUILD_BDB!$BUILD_BDB$ac_delim
+BUILD_DNSSRV!$BUILD_DNSSRV$ac_delim
+BUILD_HDB!$BUILD_HDB$ac_delim
+BUILD_LDAP!$BUILD_LDAP$ac_delim
+BUILD_META!$BUILD_META$ac_delim
+BUILD_MONITOR!$BUILD_MONITOR$ac_delim
+BUILD_NDB!$BUILD_NDB$ac_delim
+BUILD_NULL!$BUILD_NULL$ac_delim
+BUILD_PASSWD!$BUILD_PASSWD$ac_delim
+BUILD_RELAY!$BUILD_RELAY$ac_delim
+BUILD_PERL!$BUILD_PERL$ac_delim
+BUILD_SHELL!$BUILD_SHELL$ac_delim
+BUILD_SOCK!$BUILD_SOCK$ac_delim
+BUILD_SQL!$BUILD_SQL$ac_delim
+BUILD_ACCESSLOG!$BUILD_ACCESSLOG$ac_delim
+BUILD_AUDITLOG!$BUILD_AUDITLOG$ac_delim
+BUILD_COLLECT!$BUILD_COLLECT$ac_delim
+BUILD_CONSTRAINT!$BUILD_CONSTRAINT$ac_delim
+BUILD_DDS!$BUILD_DDS$ac_delim
+BUILD_DENYOP!$BUILD_DENYOP$ac_delim
+BUILD_DYNGROUP!$BUILD_DYNGROUP$ac_delim
+BUILD_DYNLIST!$BUILD_DYNLIST$ac_delim
+BUILD_LASTMOD!$BUILD_LASTMOD$ac_delim
+BUILD_MEMBEROF!$BUILD_MEMBEROF$ac_delim
+BUILD_PPOLICY!$BUILD_PPOLICY$ac_delim
+BUILD_PROXYCACHE!$BUILD_PROXYCACHE$ac_delim
+BUILD_REFINT!$BUILD_REFINT$ac_delim
+BUILD_RETCODE!$BUILD_RETCODE$ac_delim
+BUILD_RWM!$BUILD_RWM$ac_delim
+BUILD_SEQMOD!$BUILD_SEQMOD$ac_delim
+BUILD_SYNCPROV!$BUILD_SYNCPROV$ac_delim
+BUILD_TRANSLUCENT!$BUILD_TRANSLUCENT$ac_delim
+BUILD_UNIQUE!$BUILD_UNIQUE$ac_delim
+BUILD_VALSORT!$BUILD_VALSORT$ac_delim
+LDAP_LIBS!$LDAP_LIBS$ac_delim
+SLAPD_LIBS!$SLAPD_LIBS$ac_delim
+BDB_LIBS!$BDB_LIBS$ac_delim
+SLAPD_NDB_LIBS!$SLAPD_NDB_LIBS$ac_delim
+SLAPD_NDB_INCS!$SLAPD_NDB_INCS$ac_delim
+LTHREAD_LIBS!$LTHREAD_LIBS$ac_delim
+LUTIL_LIBS!$LUTIL_LIBS$ac_delim
+WRAP_LIBS!$WRAP_LIBS$ac_delim
+SLAPD_MODULES_CPPFLAGS!$SLAPD_MODULES_CPPFLAGS$ac_delim
+SLAPD_MODULES_LDFLAGS!$SLAPD_MODULES_LDFLAGS$ac_delim
+SLAPD_NO_STATIC!$SLAPD_NO_STATIC$ac_delim
+SLAPD_STATIC_BACKENDS!$SLAPD_STATIC_BACKENDS$ac_delim
+SLAPD_DYNAMIC_BACKENDS!$SLAPD_DYNAMIC_BACKENDS$ac_delim
+SLAPD_STATIC_OVERLAYS!$SLAPD_STATIC_OVERLAYS$ac_delim
+SLAPD_DYNAMIC_OVERLAYS!$SLAPD_DYNAMIC_OVERLAYS$ac_delim
+PERL_CPPFLAGS!$PERL_CPPFLAGS$ac_delim
+SLAPD_PERL_LDFLAGS!$SLAPD_PERL_LDFLAGS$ac_delim
+MOD_PERL_LDFLAGS!$MOD_PERL_LDFLAGS$ac_delim
+KRB4_LIBS!$KRB4_LIBS$ac_delim
+KRB5_LIBS!$KRB5_LIBS$ac_delim
+SASL_LIBS!$SASL_LIBS$ac_delim
+GSSAPI_LIBS!$GSSAPI_LIBS$ac_delim
+TLS_LIBS!$TLS_LIBS$ac_delim
+MODULES_LIBS!$MODULES_LIBS$ac_delim
+SLAPI_LIBS!$SLAPI_LIBS$ac_delim
+LIBSLAPI!$LIBSLAPI$ac_delim
+LIBSLAPITOOLS!$LIBSLAPITOOLS$ac_delim
+AUTH_LIBS!$AUTH_LIBS$ac_delim
+ICU_LIBS!$ICU_LIBS$ac_delim
+SLAPD_SLP_LIBS!$SLAPD_SLP_LIBS$ac_delim
+SLAPD_GMP_LIBS!$SLAPD_GMP_LIBS$ac_delim
+SLAPD_SQL_LDFLAGS!$SLAPD_SQL_LDFLAGS$ac_delim
+SLAPD_SQL_LIBS!$SLAPD_SQL_LIBS$ac_delim
+SLAPD_SQL_INCLUDES!$SLAPD_SQL_INCLUDES$ac_delim
+LTLIBOBJS!$LTLIBOBJS$ac_delim
+_ACEOF
+
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 91; then
+    break
+  elif $ac_last_try; then
+    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
+if test -n "$ac_eof"; then
+  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
+  ac_eof=`expr $ac_eof + 1`
+fi
+
+cat >>$CONFIG_STATUS <<_ACEOF
+cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
+_ACEOF
+sed '
+s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+s/^/s,@/; s/!/@,|#_!!_#|/
+:n
+t n
+s/'"$ac_delim"'$/,g/; t
+s/$/\\/; p
+N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
+' >>$CONFIG_STATUS <conf$$subs.sed
+rm -f conf$$subs.sed
+cat >>$CONFIG_STATUS <<_ACEOF
+:end
+s/|#_!!_#|//g
+CEOF$ac_eof
+_ACEOF
+
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
 cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
-  case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-	cat >$tmp/stdin
-	ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
+fi # test -n "$CONFIG_FILES"
+
+
+for ac_tag in  :F $CONFIG_FILES  :H $CONFIG_HEADERS    :C $CONFIG_COMMANDS
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
   esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5
+echo "$as_me: error: Invalid tag $ac_tag." >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
 
-  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
-  ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      ac_file_inputs="$ac_file_inputs $ac_f"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input="Generated from "`IFS=:
+	  echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure."
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+    fi
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin";;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
 $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X"$ac_file" : 'X\(//\)[^/]' \| \
 	 X"$ac_file" : 'X\(//\)$' \| \
-	 X"$ac_file" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
 echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  { if $as_mkdir_p; then
-    mkdir -p "$ac_dir"
-  else
-    as_dir="$ac_dir"
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
     as_dirs=
-    while test ! -d "$as_dir"; do
-      as_dirs="$as_dir $as_dirs"
-      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
 $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X"$as_dir" : 'X\(//\)[^/]' \| \
 	 X"$as_dir" : 'X\(//\)$' \| \
-	 X"$as_dir" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
 echo X"$as_dir" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
     done
-    test ! -n "$as_dirs" || mkdir $as_dirs
-  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+echo "$as_me: error: cannot create directory $as_dir" >&2;}
    { (exit 1); exit 1; }; }; }
-
   ac_builddir=.
 
-if test "$ac_dir" != .; then
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
   ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
 
 case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
+  .)  # We are building in place.
     ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
     ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
 esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
 
-# Do not use `cd foo && pwd` to compute absolute paths, because
-# the directories may not exist.
-case `pwd` in
-.) ac_abs_builddir="$ac_dir";;
-*)
-  case "$ac_dir" in
-  .) ac_abs_builddir=`pwd`;;
-  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
-  *) ac_abs_builddir=`pwd`/"$ac_dir";;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_builddir=${ac_top_builddir}.;;
-*)
-  case ${ac_top_builddir}. in
-  .) ac_abs_top_builddir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
-  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_srcdir=$ac_srcdir;;
-*)
-  case $ac_srcdir in
-  .) ac_abs_srcdir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
-  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_srcdir=$ac_top_srcdir;;
-*)
-  case $ac_top_srcdir in
-  .) ac_abs_top_srcdir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
-  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
-  esac;;
-esac
 
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
 
   case $INSTALL in
   [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
-  *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
   esac
+_ACEOF
 
-  if test x"$ac_file" != x-; then
-    { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-    rm -f "$ac_file"
-  fi
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    configure_input=
-  else
-    configure_input="$ac_file.  "
-  fi
-  configure_input=$configure_input"Generated from `echo $ac_file_in |
-				     sed 's,.*/,,'` by configure."
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
 
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-	 # Absolute (can't be DOS-style, as IFS=:)
-	 test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-	 echo "$f";;
-      *) # Relative
-	 if test -f "$f"; then
-	   # Build tree
-	   echo "$f"
-	 elif test -f "$srcdir/$f"; then
-	   # Source tree
-	   echo "$srcdir/$f"
-	 else
-	   # /dev/null tree
-	   { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-	 fi;;
-      esac
-    done` || { (exit 1); exit 1; }
+case `sed -n '/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+' $ac_file_inputs` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF
   sed "$ac_vpsub
 $extrasub
 _ACEOF
 cat >>$CONFIG_STATUS <<\_ACEOF
 :t
 /@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s, at configure_input@,$configure_input,;t t
-s, at srcdir@,$ac_srcdir,;t t
-s, at abs_srcdir@,$ac_abs_srcdir,;t t
-s, at top_srcdir@,$ac_top_srcdir,;t t
-s, at abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-s, at builddir@,$ac_builddir,;t t
-s, at abs_builddir@,$ac_abs_builddir,;t t
-s, at top_builddir@,$ac_top_builddir,;t t
-s, at abs_top_builddir@,$ac_abs_top_builddir,;t t
-s, at INSTALL@,$ac_INSTALL,;t t
-" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
-  rm -f $tmp/stdin
-  if test x"$ac_file" != x-; then
-    mv $tmp/out $ac_file
-  else
-    cat $tmp/out
-    rm -f $tmp/out
-  fi
+s&@configure_input@&$configure_input&;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out
 
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
 
-#
-# CONFIG_HEADER section.
-#
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s,^\([	 ]*\)#\([	 ]*define[	 ][	 ]*\)'
-ac_dB='[	 ].*$,\1#\2'
-ac_dC=' '
-ac_dD=',;t'
-# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_uA='s,^\([	 ]*\)#\([	 ]*\)undef\([	 ][	 ]*\)'
-ac_uB='$,\1#\2define\3'
-ac_uC=' '
-ac_uD=',;t'
-
-for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
-  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  rm -f "$tmp/stdin"
   case $ac_file in
-  - | *:- | *:-:* ) # input from stdin
-	cat >$tmp/stdin
-	ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
-	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
-  * )   ac_file_in=$ac_file.in ;;
+  -) cat "$tmp/out"; rm -f "$tmp/out";;
+  *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;;
   esac
-
-  test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-
-  # First look for the input files in the build tree, otherwise in the
-  # src tree.
-  ac_file_inputs=`IFS=:
-    for f in $ac_file_in; do
-      case $f in
-      -) echo $tmp/stdin ;;
-      [\\/$]*)
-	 # Absolute (can't be DOS-style, as IFS=:)
-	 test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-	 # Do quote $f, to prevent DOS paths from being IFS'd.
-	 echo "$f";;
-      *) # Relative
-	 if test -f "$f"; then
-	   # Build tree
-	   echo "$f"
-	 elif test -f "$srcdir/$f"; then
-	   # Source tree
-	   echo "$srcdir/$f"
-	 else
-	   # /dev/null tree
-	   { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
-   { (exit 1); exit 1; }; }
-	 fi;;
-      esac
-    done` || { (exit 1); exit 1; }
-  # Remove the trailing spaces.
-  sed 's/[	 ]*$//' $ac_file_inputs >$tmp/in
-
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
 _ACEOF
 
-# Transform confdefs.h into two sed scripts, `conftest.defines' and
-# `conftest.undefs', that substitutes the proper values into
-# config.h.in to produce config.h.  The first handles `#define'
-# templates, and the second `#undef' templates.
-# And first: Protect against being on the right side of a sed subst in
-# config.status.  Protect against being in an unquoted here document
-# in config.status.
-rm -f conftest.defines conftest.undefs
-# Using a here document instead of a string reduces the quoting nightmare.
-# Putting comments in sed scripts is not portable.
-#
-# `end' is used to avoid that the second main sed command (meant for
-# 0-ary CPP macros) applies to n-ary macro definitions.
-# See the Autoconf documentation for `clear'.
-cat >confdef2sed.sed <<\_ACEOF
-s/[\\&,]/\\&/g
-s,[\\$`],\\&,g
-t clear
-: clear
-s,^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 (][^	 (]*\)\(([^)]*)\)[	 ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
-t end
-s,^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 ][^	 ]*\)[	 ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
-: end
-_ACEOF
-# If some macros were called several times there might be several times
-# the same #defines, which is useless.  Nevertheless, we may not want to
-# sort them, since we want the *last* AC-DEFINE to be honored.
-uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
-sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
-rm -f confdef2sed.sed
+# Transform confdefs.h into a sed script `conftest.defines', that
+# substitutes the proper values into config.h.in to produce config.h.
+rm -f conftest.defines conftest.tail
+# First, append a space to every undef/define line, to ease matching.
+echo 's/$/ /' >conftest.defines
+# Then, protect against being on the right side of a sed subst, or in
+# an unquoted here document, in config.status.  If some macros were
+# called several times there might be several #defines for the same
+# symbol, which is useless.  But do not sort them, since the last
+# AC_DEFINE must be honored.
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where
+# NAME is the cpp macro being defined, VALUE is the value it is being given.
+# PARAMS is the parameter list in the macro definition--in most cases, it's
+# just an empty string.
+ac_dA='s,^\\([	 #]*\\)[^	 ]*\\([	 ]*'
+ac_dB='\\)[	 (].*,\\1define\\2'
+ac_dC=' '
+ac_dD=' ,'
 
-# This sed command replaces #undef with comments.  This is necessary, for
+uniq confdefs.h |
+  sed -n '
+	t rset
+	:rset
+	s/^[	 ]*#[	 ]*define[	 ][	 ]*//
+	t ok
+	d
+	:ok
+	s/[\\&,]/\\&/g
+	s/^\('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p
+	s/^\('"$ac_word_re"'\)[	 ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p
+  ' >>conftest.defines
+
+# Remove the space that was appended to ease matching.
+# Then replace #undef with comments.  This is necessary, for
 # example, in the case of _POSIX_SOURCE, which is predefined and required
 # on some systems where configure will not decide to define it.
-cat >>conftest.undefs <<\_ACEOF
-s,^[	 ]*#[	 ]*undef[	 ][	 ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-_ACEOF
+# (The regexp can be short, since the line contains either #define or #undef.)
+echo 's/ $//
+s,^[	 #]*u.*,/* & */,' >>conftest.defines
 
-# Break up conftest.defines because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo '  # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
-echo '  if grep "^[	 ]*#[	 ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
-echo '  # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
-echo '  :' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.defines >/dev/null
+# Break up conftest.defines:
+ac_max_sed_lines=50
+
+# First sed command is:	 sed -f defines.sed $ac_file_inputs >"$tmp/out1"
+# Second one is:	 sed -f defines.sed "$tmp/out1" >"$tmp/out2"
+# Third one will be:	 sed -f defines.sed "$tmp/out2" >"$tmp/out1"
+# et cetera.
+ac_in='$ac_file_inputs'
+ac_out='"$tmp/out1"'
+ac_nxt='"$tmp/out2"'
+
+while :
 do
-  # Write a limited-size here document to $tmp/defines.sed.
-  echo '  cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
-  # Speed up: don't consider the non `#define' lines.
-  echo '/^[	 ]*#[	 ]*define/!b' >>$CONFIG_STATUS
-  # Work around the forget-to-reset-the-flag bug.
-  echo 't clr' >>$CONFIG_STATUS
-  echo ': clr' >>$CONFIG_STATUS
-  sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
+  # Write a here document:
+    cat >>$CONFIG_STATUS <<_ACEOF
+    # First, check the format of the line:
+    cat >"\$tmp/defines.sed" <<\\CEOF
+/^[	 ]*#[	 ]*undef[	 ][	 ]*$ac_word_re[	 ]*\$/b def
+/^[	 ]*#[	 ]*define[	 ][	 ]*$ac_word_re[(	 ]/b def
+b
+:def
+_ACEOF
+  sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS
   echo 'CEOF
-  sed -f $tmp/defines.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
-  sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
+    sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS
+  ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in
+  sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail
+  grep . conftest.tail >/dev/null || break
   rm -f conftest.defines
   mv conftest.tail conftest.defines
 done
-rm -f conftest.defines
-echo '  fi # grep' >>$CONFIG_STATUS
-echo >>$CONFIG_STATUS
+rm -f conftest.defines conftest.tail
 
-# Break up conftest.undefs because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo '  # Handle all the #undef templates' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.undefs >/dev/null
-do
-  # Write a limited-size here document to $tmp/undefs.sed.
-  echo '  cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
-  # Speed up: don't consider the non `#undef'
-  echo '/^[	 ]*#[	 ]*undef/!b' >>$CONFIG_STATUS
-  # Work around the forget-to-reset-the-flag bug.
-  echo 't clr' >>$CONFIG_STATUS
-  echo ': clr' >>$CONFIG_STATUS
-  sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
-  echo 'CEOF
-  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
-  rm -f $tmp/in
-  mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
-  sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
-  rm -f conftest.undefs
-  mv conftest.tail conftest.undefs
-done
-rm -f conftest.undefs
-
+echo "ac_result=$ac_in" >>$CONFIG_STATUS
 cat >>$CONFIG_STATUS <<\_ACEOF
-  # Let's still pretend it is `configure' which instantiates (i.e., don't
-  # use $as_me), people would be surprised to read:
-  #    /* config.h.  Generated by config.status.  */
-  if test x"$ac_file" = x-; then
-    echo "/* Generated by configure.  */" >$tmp/config.h
-  else
-    echo "/* $ac_file.  Generated by configure.  */" >$tmp/config.h
-  fi
-  cat $tmp/in >>$tmp/config.h
-  rm -f $tmp/in
   if test x"$ac_file" != x-; then
-    if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
+    echo "/* $configure_input  */" >"$tmp/config.h"
+    cat "$ac_result" >>"$tmp/config.h"
+    if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then
       { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
 echo "$as_me: $ac_file is unchanged" >&6;}
     else
-      ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$ac_file" : 'X\(//\)[^/]' \| \
-	 X"$ac_file" : 'X\(//\)$' \| \
-	 X"$ac_file" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-      { if $as_mkdir_p; then
-    mkdir -p "$ac_dir"
-  else
-    as_dir="$ac_dir"
-    as_dirs=
-    while test ! -d "$as_dir"; do
-      as_dirs="$as_dir $as_dirs"
-      as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$as_dir" : 'X\(//\)[^/]' \| \
-	 X"$as_dir" : 'X\(//\)$' \| \
-	 X"$as_dir" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-    done
-    test ! -n "$as_dirs" || mkdir $as_dirs
-  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }; }
-
       rm -f $ac_file
-      mv $tmp/config.h $ac_file
+      mv "$tmp/config.h" $ac_file
     fi
   else
-    cat $tmp/config.h
-    rm -f $tmp/config.h
+    echo "/* $configure_input  */"
+    cat "$ac_result"
   fi
+  rm -f "$tmp/out12"
 # Compute $ac_file's index in $config_headers.
 _am_stamp_count=1
 for _am_header in $config_headers :; do
@@ -42187,135 +40569,39 @@
       _am_stamp_count=`expr $_am_stamp_count + 1` ;;
   esac
 done
-echo "timestamp for $ac_file" >`(dirname $ac_file) 2>/dev/null ||
+echo "timestamp for $ac_file" >`$as_dirname -- $ac_file ||
 $as_expr X$ac_file : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X$ac_file : 'X\(//\)[^/]' \| \
 	 X$ac_file : 'X\(//\)$' \| \
-	 X$ac_file : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X$ac_file : 'X\(/\)' \| . 2>/dev/null ||
 echo X$ac_file |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`/stamp-h$_am_stamp_count
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
 
-#
-# CONFIG_COMMANDS section.
-#
-for ac_file in : $CONFIG_COMMANDS; do test "x$ac_file" = x: && continue
-  ac_dest=`echo "$ac_file" | sed 's,:.*,,'`
-  ac_source=`echo "$ac_file" | sed 's,[^:]*:,,'`
-  ac_dir=`(dirname "$ac_dest") 2>/dev/null ||
-$as_expr X"$ac_dest" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$ac_dest" : 'X\(//\)[^/]' \| \
-	 X"$ac_dest" : 'X\(//\)$' \| \
-	 X"$ac_dest" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X"$ac_dest" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-  { if $as_mkdir_p; then
-    mkdir -p "$ac_dir"
-  else
-    as_dir="$ac_dir"
-    as_dirs=
-    while test ! -d "$as_dir"; do
-      as_dirs="$as_dir $as_dirs"
-      as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	 X"$as_dir" : 'X\(//\)[^/]' \| \
-	 X"$as_dir" : 'X\(//\)$' \| \
-	 X"$as_dir" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-    done
-    test ! -n "$as_dirs" || mkdir $as_dirs
-  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
-   { (exit 1); exit 1; }; }; }
+  :C)  { echo "$as_me:$LINENO: executing $ac_file commands" >&5
+echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
 
-  ac_builddir=.
 
-if test "$ac_dir" != .; then
-  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
-  # A "../" for each directory in $ac_dir_suffix.
-  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
-  ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
-  .)  # No --srcdir option.  We are building in place.
-    ac_srcdir=.
-    if test -z "$ac_top_builddir"; then
-       ac_top_srcdir=.
-    else
-       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
-    fi ;;
-  [\\/]* | ?:[\\/]* )  # Absolute path.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir ;;
-  *) # Relative path.
-    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-
-# Do not use `cd foo && pwd` to compute absolute paths, because
-# the directories may not exist.
-case `pwd` in
-.) ac_abs_builddir="$ac_dir";;
-*)
-  case "$ac_dir" in
-  .) ac_abs_builddir=`pwd`;;
-  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
-  *) ac_abs_builddir=`pwd`/"$ac_dir";;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_builddir=${ac_top_builddir}.;;
-*)
-  case ${ac_top_builddir}. in
-  .) ac_abs_top_builddir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
-  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_srcdir=$ac_srcdir;;
-*)
-  case $ac_srcdir in
-  .) ac_abs_srcdir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
-  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
-  esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_srcdir=$ac_top_srcdir;;
-*)
-  case $ac_top_srcdir in
-  .) ac_abs_top_srcdir=$ac_abs_builddir;;
-  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
-  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
-  esac;;
-esac
-
-
-  { echo "$as_me:$LINENO: executing $ac_dest commands" >&5
-echo "$as_me: executing $ac_dest commands" >&6;}
-  case $ac_dest in
-    depfiles ) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do
   # Strip MF so we end up with the name of the file.
   mf=`echo "$mf" | sed -e 's/:.*$//'`
   # Check whether this is an Automake generated Makefile or not.
@@ -42325,18 +40611,29 @@
   # each Makefile.in and add a new line on top of each file to say so.
   # So let's grep whole file.
   if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then
-    dirpart=`(dirname "$mf") 2>/dev/null ||
+    dirpart=`$as_dirname -- "$mf" ||
 $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X"$mf" : 'X\(//\)[^/]' \| \
 	 X"$mf" : 'X\(//\)$' \| \
-	 X"$mf" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
 echo X"$mf" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
   else
     continue
   fi
@@ -42358,49 +40655,76 @@
        sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
     # Make sure the directory exists.
     test -f "$dirpart/$file" && continue
-    fdir=`(dirname "$file") 2>/dev/null ||
+    fdir=`$as_dirname -- "$file" ||
 $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X"$file" : 'X\(//\)[^/]' \| \
 	 X"$file" : 'X\(//\)$' \| \
-	 X"$file" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
 echo X"$file" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
-    { if $as_mkdir_p; then
-    mkdir -p $dirpart/$fdir
-  else
-    as_dir=$dirpart/$fdir
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
     as_dirs=
-    while test ! -d "$as_dir"; do
-      as_dirs="$as_dir $as_dirs"
-      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
 $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	 X"$as_dir" : 'X\(//\)[^/]' \| \
 	 X"$as_dir" : 'X\(//\)$' \| \
-	 X"$as_dir" : 'X\(/\)' \| \
-	 .     : '\(.\)' 2>/dev/null ||
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
 echo X"$as_dir" |
-    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
-  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
-  	  /^X\(\/\/\)$/{ s//\1/; q; }
-  	  /^X\(\/\).*/{ s//\1/; q; }
-  	  s/.*/./; q'`
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
     done
-    test ! -n "$as_dirs" || mkdir $as_dirs
-  fi || { { echo "$as_me:$LINENO: error: cannot create directory $dirpart/$fdir" >&5
-echo "$as_me: error: cannot create directory $dirpart/$fdir" >&2;}
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+echo "$as_me: error: cannot create directory $as_dir" >&2;}
    { (exit 1); exit 1; }; }; }
-
     # echo "creating $dirpart/$file"
     echo '# dummy' > "$dirpart/$file"
   done
 done
  ;;
-    default )
+    "default":C)
 chmod +x tests/run
 date > stamp-h
 BACKENDSC="servers/slapd/backends.c"
@@ -42409,7 +40733,7 @@
 cat > $BACKENDSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42460,7 +40784,7 @@
 cat > $OVERLAYSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42514,11 +40838,10 @@
 	echo 'Please run "make depend" to build dependencies'
 fi
  ;;
+
   esac
-done
-_ACEOF
+done # for ac_tag
 
-cat >>$CONFIG_STATUS <<\_ACEOF
 
 { (exit 0); exit 0; }
 _ACEOF

Modified: openldap/vendor/openldap-release/configure.in
===================================================================
--- openldap/vendor/openldap-release/configure.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/configure.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-dnl $OpenLDAP: pkg/ldap/configure.in,v 1.631.2.9 2008/02/11 23:26:37 kurt Exp $
+dnl $OpenLDAP: pkg/ldap/configure.in,v 1.631.2.22 2009/01/26 21:54:23 quanah Exp $
 dnl This work is part of OpenLDAP Software <http://www.openldap.org/>.
 dnl
-dnl Copyright 1998-2008 The OpenLDAP Foundation.
+dnl Copyright 1998-2009 The OpenLDAP Foundation.
 dnl All rights reserved.
 dnl
 dnl Redistribution and use in source and binary forms, with or without
@@ -23,9 +23,9 @@
 define([AC_LIBTOOL_LANG_GCJ_CONFIG], [:])dnl
 dnl ================================================================
 dnl Configure.in for OpenLDAP
-AC_COPYRIGHT([[Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved.
+AC_COPYRIGHT([[Copyright 1998-2009 The OpenLDAP Foundation. All rights reserved.
 Restrictions apply, see COPYRIGHT and LICENSE files.]])
-AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.631.2.9 2008/02/11 23:26:37 kurt Exp $])
+AC_REVISION([$OpenLDAP: pkg/ldap/configure.in,v 1.631.2.22 2009/01/26 21:54:23 quanah Exp $])
 AC_INIT([OpenLDAP],,[http://www.openldap.org/its/])
 m4_define([AC_PACKAGE_BUGREPORT],[<http://www.openldap.org/its/>])
 AC_CONFIG_SRCDIR(build/version.sh)dnl
@@ -96,7 +96,7 @@
 /* begin of portable.h.pre */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation
+ * Copyright 1998-2009 The OpenLDAP Foundation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -242,6 +242,8 @@
 	auto, [auto yes no] )
 OL_ARG_WITH(fetch,[  --with-fetch		  with fetch(3) URL support],
 	auto, [auto yes no] )
+OL_ARG_WITH(gssapi,[  --with-gssapi		  with GSSAPI support],
+	auto, [auto yes no] )
 OL_ARG_WITH(threads,[  --with-threads	  with threads],
 	auto, [auto nt posix mach pth lwp yes no manual] )
 OL_ARG_WITH(tls,[  --with-tls		  with TLS/SSL support auto|openssl|gnutls],
@@ -253,8 +255,8 @@
 	[  --with-mp               with multiple precision statistics auto|longlong|long|bignum|gmp],
 	auto, [auto longlong long bignum gmp yes no])
 OL_ARG_WITH(odbc,
-	[  --with-odbc             with specific ODBC support iodbc|unixodbc|auto],
-	auto, [auto iodbc unixodbc] )
+	[  --with-odbc             with specific ODBC support iodbc|unixodbc|odbc32|auto],
+	auto, [auto iodbc unixodbc odbc32] )
 
 dnl ----------------------------------------------------------------
 dnl Server options
@@ -286,6 +288,7 @@
 	ldap \
 	meta \
 	monitor \
+	ndb \
 	null \
 	passwd \
 	perl \
@@ -311,6 +314,8 @@
 	no, [no yes mod], ol_enable_backends)dnl
 OL_ARG_ENABLE(monitor,[    --enable-monitor	  enable monitor backend],
 	yes, [no yes mod], ol_enable_backends)dnl
+OL_ARG_ENABLE(ndb,[    --enable-ndb	  enable MySQL NDB Cluster backend],
+	no, [no yes mod], ol_enable_backends)dnl
 OL_ARG_ENABLE(null,[    --enable-null	  enable null backend],
 	no, [no yes mod], ol_enable_backends)dnl
 OL_ARG_ENABLE(passwd,[    --enable-passwd	  enable passwd backend],
@@ -330,8 +335,10 @@
 dnl SLAPD Overlay Options
 Overlays="accesslog \
 	auditlog \
+	collect \
 	constraint \
 	dds \
+	deref \
 	dyngroup \
 	dynlist \
 	memberof \
@@ -355,10 +362,14 @@
 	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(auditlog,[    --enable-auditlog	  Audit Logging overlay],
 	no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(collect,[    --enable-collect	  Collect overlay],
+	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(constraint,[    --enable-constraint	  Attribute Constraint overlay],
 	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(dds,[    --enable-dds  	  Dynamic Directory Services overlay],
 	no, [no yes mod], ol_enable_overlays)
+OL_ARG_ENABLE(deref,[    --enable-deref	  Dereference overlay],
+	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(dyngroup,[    --enable-dyngroup	  Dynamic Group overlay],
 	no, [no yes mod], ol_enable_overlays)
 OL_ARG_ENABLE(dynlist,[    --enable-dynlist	  Dynamic List overlay],
@@ -460,6 +471,7 @@
 	test $ol_enable_ldap = no &&
 	test $ol_enable_meta = no &&
 	test $ol_enable_monitor = no &&
+	test $ol_enable_ndb = no &&
 	test $ol_enable_null = no &&
 	test $ol_enable_passwd = no &&
 	test $ol_enable_perl = no &&
@@ -500,6 +512,8 @@
 dnl Initialize vars
 LDAP_LIBS=
 BDB_LIBS=
+SLAPD_NDB_LIBS=
+SLAPD_NDB_INCS=
 LTHREAD_LIBS=
 LUTIL_LIBS=
 
@@ -518,6 +532,7 @@
 BUILD_LDAP=no
 BUILD_META=no
 BUILD_MONITOR=no
+BUILD_NDB=no
 BUILD_NULL=no
 BUILD_PASSWD=no
 BUILD_PERL=no
@@ -566,6 +581,7 @@
 KRB4_LIBS=
 KRB5_LIBS=
 SASL_LIBS=
+GSSAPI_LIBS=
 TLS_LIBS=
 MODULES_LIBS=
 SLAPI_LIBS=
@@ -675,12 +691,14 @@
 fi
 
 AC_PROG_CPP
+OL_MSVC
 
 dnl ----------------------------------------------------------------
 dnl Checks for Windows NT
 case $host_os in
   *mingw32* ) ac_cv_mingw32=yes ;;
   *cygwin* ) ac_cv_cygwin=yes ;;
+  *interix* ) ac_cv_interix=yes ;;
 esac
 
 dnl ----------------------------------------------------------------
@@ -826,7 +844,10 @@
 )
 
 dnl Only check Winsock on MinGW
-if test "$ac_cv_mingw32" = yes ; then
+if test "$ac_cv_mingw32" = yes \
+	-o "$ac_cv_interix" = yes \
+	-o "$ol_cv_msvc" = yes
+then
 	AC_CHECK_HEADERS( winsock.h winsock2.h )
 fi
 
@@ -858,37 +879,48 @@
 	AC_CHECK_LIB(V3, sigset)
 fi
 
+if test $ol_cv_msvc ; then
+   ol_cv_winsock=yes
+fi
+
 dnl The following is INTENTIONALLY scripted out because shell does not
 dnl support variable names with the '@' character, which is what
 dnl autoconf would try to generate if one merely used AC_SEARCH_LIBS
 if test "$ac_cv_header_winsock_h" = yes; then
-AC_CACHE_CHECK([for winsock], [ol_cv_winsock],
-save_LIBS="$LIBS"
-for curlib in ws2_32 wsock32; do
-	LIBS="$LIBS -l$curlib"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <winsock.h>
+	AC_CACHE_CHECK([for winsock], [ol_cv_winsock],[
+	save_LIBS="$LIBS"
+	for curlib in none ws2_32 wsock32; do
+		if test curlib != none ; then
+	    	LIBS="$save_LIBS -l$curlib"
+		fi
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <winsock.h>
 			]], [[
 			socket(0,0,0);
 			select(0,NULL,NULL,NULL,NULL);
 			closesocket(0);
 			gethostname(NULL,0);
-			]])],[ol_cv_winsock=yes],[ol_cv_winsock=no])
+			]])],[ol_cv_winsock=$curlib],[ol_cv_winsock=no])
 
-	if test $ol_cv_winsock = yes; then
-		AC_DEFINE(HAVE_WINSOCK, 1, [define if you have winsock])
-		ac_cv_func_socket=yes
-		ac_cv_func_select=yes
-		ac_cv_func_closesocket=yes
-		ac_cv_func_gethostname=yes
-		if test $curlib = ws2_32; then
-			ol_cv_winsock=winsock2
-			AC_DEFINE(HAVE_WINSOCK2, 1,
-				  [define if you have winsock2])
+		test "$ol_cv_winsock" != no && break
+	done
+	LIBS="$save_LIBS"
+	])
+
+	if test $ol_cv_winsock != no ; then
+    	AC_DEFINE(HAVE_WINSOCK, 1, [define if you have winsock])
+    	ac_cv_func_socket=yes
+    	ac_cv_func_select=yes
+    	ac_cv_func_closesocket=yes
+    	ac_cv_func_gethostname=yes
+
+		if test $ol_cv_winsock != none -a $ol_cv_winsock != yes ; then
+        	LIBS="$LIBS -l$ol_cv_winsock"
 		fi
-		break
+
+    	if test $ol_cv_winsock = ws2_32 -o $ol_cv_winsock = yes ; then
+			AC_DEFINE(HAVE_WINSOCK2, 1, [define if you have winsock2])
+    	fi
 	fi
-	LIBS="$save_LIBS"
-done)
 fi
 
 dnl Find socket()
@@ -953,7 +985,6 @@
 fi
 
 dnl ----------------------------------------------------------------
-# strerror checks
 OL_STRERROR
 
 dnl ----------------------------------------------------------------
@@ -981,12 +1012,14 @@
 
 have_uuid=no
 AC_CHECK_HEADERS(sys/uuid.h)
+dnl The HAVE_UUID_TO_STR code path also needs uuid_create
 if test $ac_cv_header_sys_uuid_h = yes ; then
 	save_LIBS="$LIBS"
 	AC_SEARCH_LIBS([uuid_to_str], [uuid], [have_uuid=yes], :)
+	AC_SEARCH_LIBS([uuid_create], [uuid], :, [have_uuid=no])
 	LIBS="$save_LIBS"
 
-	if test have_uuid = yes ; then
+	if test $have_uuid = yes ; then
 		AC_DEFINE(HAVE_UUID_TO_STR,1,
 			[define if you have uuid_to_str()])
 
@@ -996,14 +1029,16 @@
 fi
 
 dnl Look for uuid_generate
+dnl The HAVE_UUID_GENERATE code path also needs uuid_unparse_lower
 if test $have_uuid = no ; then
 	AC_CHECK_HEADERS(uuid/uuid.h)
 	if test $ac_cv_header_uuid_uuid_h = yes ; then
 		save_LIBS="$LIBS"
 		AC_SEARCH_LIBS([uuid_generate], [uuid], [have_uuid=yes], :)
+		AC_SEARCH_LIBS([uuid_unparse_lower], [uuid], :, [have_uuid=no])
 		LIBS="$save_LIBS"
 
-		if test have_uuid = yes ; then
+		if test $have_uuid = yes ; then
 			AC_DEFINE(HAVE_UUID_GENERATE,1,
 				[define if you have uuid_generate()])
 
@@ -1111,6 +1146,63 @@
 fi
 
 dnl ----------------------------------------------------------------
+dnl GSSAPI
+ol_link_gssapi=no
+
+case $ol_with_gssapi in yes | auto)
+
+	ol_header_gssapi=no
+	AC_CHECK_HEADERS(gssapi/gssapi.h)
+	if test $ac_cv_header_gssapi_gssapi_h = yes ; then
+		ol_header_gssapi=yes
+	else
+		AC_CHECK_HEADERS(gssapi.h)
+		if test $ac_cv_header_gssapi_h = yes ; then
+			ol_header_gssapi=yes
+		fi
+
+		dnl## not every gssapi has gss_oid_to_str()
+		dnl## as it's not defined in the GSSAPI V2 API
+		dnl## anymore
+		saveLIBS="$LIBS"
+		LIBS="$LIBS $GSSAPI_LIBS"
+		AC_CHECK_FUNCS(gss_oid_to_str)
+		LIBS="$saveLIBS"
+	fi
+
+	if test $ol_header_gssapi = yes ; then
+		dnl## we check for gss_wrap
+		dnl## as it's new to the GSSAPI V2 API
+		AC_CHECK_LIB(gssapi, gss_wrap,
+		             [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi"],
+		             [ol_link_gssapi=no])
+		if test $ol_link_gssapi != yes ; then
+			AC_CHECK_LIB(gssapi_krb5, gss_wrap,
+			             [ol_link_gssapi=yes;GSSAPI_LIBS="-lgssapi_krb5"],
+			             [ol_link_gssapi=no])
+		fi
+		if test $ol_link_gssapi != yes ; then
+			AC_CHECK_LIB(gss, gss_wrap,
+			             [ol_link_gssapi=yes;GSSAPI_LIBS="-lgss"],
+			             [ol_link_gssapi=no])
+		fi
+	fi
+
+	;;
+esac
+
+WITH_GSSAPI=no
+if test $ol_link_gssapi = yes; then
+	AC_DEFINE(HAVE_GSSAPI, 1, [define if you have GSSAPI])
+	WITH_GSSAPI=yes
+elif test $ol_with_gssapi = auto ; then
+	AC_MSG_WARN([Could not locate GSSAPI package])
+	AC_MSG_WARN([GSSAPI authentication not supported!])
+elif test $ol_with_gssapi = yes ; then
+	AC_MSG_ERROR([GSSAPI detection failed])
+fi
+
+dnl ----------------------------------------------------------------
 dnl TLS/SSL
 	
 if test $ol_with_tls = yes ; then
@@ -1840,12 +1932,6 @@
 		BDB_LIBS="$BDB_LIBS $ol_cv_lib_db"
 	fi
 
-	OL_BDB_COMPAT
-
-	if test $ol_cv_bdb_compat != yes ; then
-		AC_MSG_ERROR([BDB/HDB: BerkeleyDB version incompatible])
-	fi
-
 	SLAPD_LIBS="$SLAPD_LIBS \$(BDB_LIBS)"
 
 	ol_link_bdb=yes 
@@ -1929,7 +2015,7 @@
 	LIBS="$LTHREAD_LIBS"
 
 	if test $ol_with_odbc = auto ; then
-		ol_with_odbc="iodbc unixodbc"
+		ol_with_odbc="iodbc unixodbc odbc32"
 	fi
 
 	for odbc in $ol_with_odbc ; do
@@ -1949,6 +2035,13 @@
 				fi
 				;;
 
+			odbc32)
+				AC_CHECK_LIB(odbc32, SQLDriverConnect, [have_odbc32=yes], [have_odbc32=no])
+				if test $have_odbc32 = yes ; then
+					ol_link_sql="-lodbc32"
+				fi
+				;;
+
 			*)
 				AC_MSG_ERROR([unknown ODBC library])
 				;;
@@ -1967,6 +2060,47 @@
 fi
 
 dnl ----------------------------------------------------------------
+dnl MySQL NDBapi
+dnl Note: uses C++, but we don't want to add C++ test overhead to
+dnl the rest of the libtool machinery.
+ol_link_ndb=no
+if test $ol_enable_ndb != no ; then
+	AC_CHECK_PROG(MYSQL,mysql_config,yes)
+	if test "$MYSQL" != yes ; then
+		AC_MSG_ERROR([could not locate mysql_config])
+	fi
+
+	SQL_INC=`mysql_config --include`
+	SLAPD_NDB_INCS="$SQL_INC $SQL_INC/storage/ndb $SQL_INC/storage/ndb/ndbapi"
+
+	save_CPPFLAGS="$CPPFLAGS"
+	CPPFLAGS="$SLAPD_NDB_INCS"
+	AC_MSG_CHECKING(for NdbApi.hpp)
+	AC_PREPROC_IFELSE(
+		[AC_LANG_SOURCE([[#include <NdbApi.hpp>]])],
+			AC_MSG_RESULT(yes),
+			AC_MSG_ERROR([could not locate NdbApi headers])
+	)
+	CPPFLAGS="$save_CPPFLAGS"
+
+	SQL_LIB=`mysql_config --libs_r`
+	SLAPD_NDB_LIBS="$SQL_LIB -lndbclient -lstdc++"
+
+	save_LDFLAGS="$LDFLAGS"
+	save_LIBS="$LIBS"
+	LDFLAGS="$SQL_LIB"
+	AC_CHECK_LIB(ndbclient,ndb_init,[: ok],[
+		AC_MSG_ERROR([could not locate ndbclient library])
+	],[-lstdc++])
+	LIBS="$save_LIBS"
+	LDFLAGS="$save_LDFLAGS"
+
+	if test "$ol_enable_ndb" = yes ; then
+		SLAPD_LIBS="$SLAPD_LIBS \$(SLAPD_NDB_LIBS)"
+	fi
+fi
+
+dnl ----------------------------------------------------------------
 dnl International Components for Unicode
 OL_ICU
 if test "$ol_icu" = no ; then
@@ -2292,9 +2426,12 @@
 	AC_DEFINE(snprintf, _snprintf, [define to snprintf routine])
 ])
 
-AC_CHECK_FUNC(_vsnprintf, [ac_cv_func_vsnprintf=yes
+AC_CHECK_FUNCS(vsnprintf _vsnprintf)
+
+if test $ac_cv_func_vsnprintf = no -a $ac_cv_func__vsnprintf = yes ; then
+	ac_cv_func_vsnprintf=yes
 	AC_DEFINE(vsnprintf, _vsnprintf, [define to vsnprintf routine])
-])
+fi
 
 AC_FUNC_VPRINTF
 
@@ -2313,6 +2450,7 @@
 	flock			\
 	fstat			\
 	getdtablesize		\
+	geteuid			\
 	getgrgid		\
 	gethostname		\
 	getpass			\
@@ -2572,6 +2710,19 @@
 	AC_DEFINE_UNQUOTED(SLAPD_META,$MFLAG,[define to support LDAP Metadirectory backend])
 fi
 
+if test "$ol_enable_ndb" != no ; then
+	BUILD_SLAPD=yes
+	BUILD_NDB=$ol_enable_ndb
+	if test "$ol_enable_ndb" = mod ; then
+		SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-ndb"
+		MFLAG=SLAPD_MOD_DYNAMIC
+	else
+		SLAPD_STATIC_BACKENDS="$SLAPD_STATIC_BACKENDS back-ndb"
+		MFLAG=SLAPD_MOD_STATIC
+	fi
+	AC_DEFINE_UNQUOTED(SLAPD_NDB,$MFLAG,[define to support NDB backend])
+fi
+
 if test "$ol_enable_null" != no ; then
 	BUILD_SLAPD=yes
 	BUILD_NULL=$ol_enable_null
@@ -2690,6 +2841,18 @@
 	AC_DEFINE_UNQUOTED(SLAPD_OVER_AUDITLOG,$MFLAG,[define for Audit Logging overlay])
 fi
 
+if test "$ol_enable_collect" != no ; then
+        BUILD_COLLECT=$ol_enable_collect
+        if test "$ol_enable_collect" = mod ; then
+                MFLAG=SLAPD_MOD_DYNAMIC
+                SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS collect.la"
+        else
+                MFLAG=SLAPD_MOD_STATIC
+                SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS collect.o"
+        fi
+        AC_DEFINE_UNQUOTED(SLAPD_OVER_COLLECT,$MFLAG,[define for Collect overlay])
+fi
+
 if test "$ol_enable_constraint" != no ; then
 	BUILD_CONSTRAINT=$ol_enable_constraint
 	if test "$ol_enable_constraint" = mod ; then
@@ -2714,6 +2877,18 @@
 	AC_DEFINE_UNQUOTED(SLAPD_OVER_DDS,$MFLAG,[define for Dynamic Directory Services overlay])
 fi
 
+if test "$ol_enable_deref" != no ; then
+	BUILD_DDS=$ol_enable_deref
+	if test "$ol_enable_deref" = mod ; then
+		MFLAG=SLAPD_MOD_DYNAMIC
+		SLAPD_DYNAMIC_OVERLAYS="$SLAPD_DYNAMIC_OVERLAYS deref.la"
+	else
+		MFLAG=SLAPD_MOD_STATIC
+		SLAPD_STATIC_OVERLAYS="$SLAPD_STATIC_OVERLAYS deref.o"
+	fi
+	AC_DEFINE_UNQUOTED(SLAPD_OVER_DEREF,$MFLAG,[define for Dynamic Directory Services overlay])
+fi
+
 if test "$ol_enable_dyngroup" != no ; then
 	BUILD_DYNGROUP=$ol_enable_dyngroup
 	if test "$ol_enable_dyngroup" = mod ; then
@@ -2889,7 +3064,7 @@
 dnl They hurt more than they help.
 dnl
 
-if test "$ac_cv_mingw32" = yes ; then
+if test "$ac_cv_mingw32" = yes -o $ol_cv_msvc = yes ; then
 	PLAT=NT
 	SLAPD_MODULES_LDFLAGS=
 else
@@ -2916,6 +3091,7 @@
   AC_SUBST(BUILD_LDAP)
   AC_SUBST(BUILD_META)
   AC_SUBST(BUILD_MONITOR)
+  AC_SUBST(BUILD_NDB)
   AC_SUBST(BUILD_NULL)
   AC_SUBST(BUILD_PASSWD)
   AC_SUBST(BUILD_RELAY)
@@ -2926,6 +3102,7 @@
 dnl overlays
   AC_SUBST(BUILD_ACCESSLOG)
   AC_SUBST(BUILD_AUDITLOG)
+  AC_SUBST(BUILD_COLLECT)
   AC_SUBST(BUILD_CONSTRAINT)
   AC_SUBST(BUILD_DDS)
   AC_SUBST(BUILD_DENYOP)
@@ -2947,6 +3124,8 @@
 AC_SUBST(LDAP_LIBS)
 AC_SUBST(SLAPD_LIBS)
 AC_SUBST(BDB_LIBS)
+AC_SUBST(SLAPD_NDB_LIBS)
+AC_SUBST(SLAPD_NDB_INCS)
 AC_SUBST(LTHREAD_LIBS)
 AC_SUBST(LUTIL_LIBS)
 AC_SUBST(WRAP_LIBS)
@@ -2967,6 +3146,7 @@
 AC_SUBST(KRB4_LIBS)
 AC_SUBST(KRB5_LIBS)
 AC_SUBST(SASL_LIBS)
+AC_SUBST(GSSAPI_LIBS)
 AC_SUBST(TLS_LIBS)
 AC_SUBST(MODULES_LIBS)
 AC_SUBST(SLAPI_LIBS)
@@ -3017,6 +3197,7 @@
 [servers/slapd/back-ldif/Makefile:build/top.mk:servers/slapd/back-ldif/Makefile.in:build/mod.mk]
 [servers/slapd/back-meta/Makefile:build/top.mk:servers/slapd/back-meta/Makefile.in:build/mod.mk]
 [servers/slapd/back-monitor/Makefile:build/top.mk:servers/slapd/back-monitor/Makefile.in:build/mod.mk]
+[servers/slapd/back-ndb/Makefile:build/top.mk:servers/slapd/back-ndb/Makefile.in:build/mod.mk]
 [servers/slapd/back-null/Makefile:build/top.mk:servers/slapd/back-null/Makefile.in:build/mod.mk]
 [servers/slapd/back-passwd/Makefile:build/top.mk:servers/slapd/back-passwd/Makefile.in:build/mod.mk]
 [servers/slapd/back-perl/Makefile:build/top.mk:servers/slapd/back-perl/Makefile.in:build/mod.mk]
@@ -3040,7 +3221,7 @@
 cat > $BACKENDSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -3091,7 +3272,7 @@
 cat > $OVERLAYSC << ENDX
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/ConfigOIDs
===================================================================
--- openldap/vendor/openldap-release/contrib/ConfigOIDs	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ConfigOIDs	2009-02-17 16:18:54 UTC (rev 1195)
@@ -3,3 +3,4 @@
 OLcfgCt{Oc|At}:1	smbk5pwd
 OLcfgCt{Oc|At}:2	autogroup
 OLcfgCt{Oc|At}:3	nssov
+OLcfgCt{Oc|At}:4	cloak

Modified: openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/COPYRIGHT	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 1998-2008 The OpenLDAP Foundation
+Copyright 1998-2009 The OpenLDAP Foundation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/ldapc++/configure
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/configure	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/configure	2009-02-17 16:18:54 UTC (rev 1195)
@@ -5,7 +5,7 @@
 #
 # Report bugs to <http://www.openldap.org/its/ >.
 #
-# Copyright 2000-2008 The OpenLDAP Foundation. All rights reserved.
+# Copyright 2000-2009 The OpenLDAP Foundation. All rights reserved.
 # Restrictions apply, see COPYRIGHT and LICENSE files.
 #
 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1581,7 +1581,7 @@
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 
-Copyright 2000-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2000-2009 The OpenLDAP Foundation. All rights reserved.
 Restrictions apply, see COPYRIGHT and LICENSE files.
 _ACEOF
   exit

Modified: openldap/vendor/openldap-release/contrib/ldapc++/configure.in
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/configure.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/configure.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,13 +1,13 @@
-dnl $OpenLDAP: pkg/ldap/contrib/ldapc++/configure.in,v 1.8.2.7 2008/07/09 21:59:44 quanah Exp $
+dnl $OpenLDAP: pkg/ldap/contrib/ldapc++/configure.in,v 1.8.2.8 2009/01/22 00:00:44 kurt Exp $
 
 dnl Copyright 2000-2008, OpenLDAP Foundation, All Rights Reserved.
 dnl COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 
 dnl Process this file with autoconf to produce a configure script.
 
-AC_COPYRIGHT([[Copyright 2000-2008 The OpenLDAP Foundation. All rights reserved.
+AC_COPYRIGHT([[Copyright 2000-2009 The OpenLDAP Foundation. All rights reserved.
 Restrictions apply, see COPYRIGHT and LICENSE files.]])
-AC_REVISION([$OpenLDAP: pkg/ldap/contrib/ldapc++/configure.in,v 1.8.2.7 2008/07/09 21:59:44 quanah Exp $])
+AC_REVISION([$OpenLDAP: pkg/ldap/contrib/ldapc++/configure.in,v 1.8.2.8 2009/01/22 00:00:44 kurt Exp $])
 AC_INIT(ldapcpplib, [] , [http://www.openldap.org/its/] )
 AC_CONFIG_SRCDIR(src/LDAPConnection.h)
 AM_INIT_AUTOMAKE(foreign)

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.cpp
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.cpp	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPAttrType.cpp,v 1.3.4.3 2008/05/01 21:28:42 quanah Exp $
+// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPAttrType.cpp,v 1.3.4.4 2008/09/02 23:58:15 quanah Exp $
 /*
  * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -19,7 +19,7 @@
     usage = 0;
 }
 
-LDAPAttrType::LDAPAttrType (string at_item) { 
+LDAPAttrType::LDAPAttrType (string at_item, int flags ) { 
 
     DEBUG(LDAP_DEBUG_CONSTRUCT,
             "LDAPAttrType::LDAPAttrType( )" << endl);
@@ -27,7 +27,7 @@
     LDAPAttributeType *a;
     int ret;
     const char *errp;
-    a = ldap_str2attributetype (at_item.c_str(), &ret, &errp,SCHEMA_PARSE_FLAG);
+    a = ldap_str2attributetype (at_item.c_str(), &ret, &errp, flags);
 
     if (a) {
 	this->setNames( a->at_names );

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.h
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPAttrType.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPAttrType.h,v 1.3.4.3 2008/05/01 21:28:42 quanah Exp $
+// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPAttrType.h,v 1.3.4.4 2008/09/02 23:58:15 quanah Exp $
 /*
  * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -12,9 +12,6 @@
 
 #include "StringList.h"
 
-#define SCHEMA_PARSE_FLAG    0x03
-
-
 using namespace std;
 
 /**
@@ -43,7 +40,8 @@
 	 * "( SuSE.YaST.Attr:19 NAME ( 'skelDir' ) DESC ''
 	 *    EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
          */   
-        LDAPAttrType (string at_item);
+        LDAPAttrType (string at_item, int flags = LDAP_SCHEMA_ALLOW_NO_OID | 
+                      LDAP_SCHEMA_ALLOW_QUOTED );
 
         /**
          * Destructor

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.cpp
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.cpp	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPControl.cpp,v 1.4.10.1 2008/04/14 23:09:26 quanah Exp $
+// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPControl.cpp,v 1.4.10.2 2008/09/03 18:03:43 quanah Exp $
 /*
  * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -10,13 +10,6 @@
 
 using namespace std;
 
-LDAPCtrl::LDAPCtrl(const LDAPCtrl& c){
-    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl(&)" << endl);
-    m_oid=c.m_oid;
-    m_data=c.m_data;
-    m_isCritical=c.m_isCritical;
-}
-
 LDAPCtrl::LDAPCtrl(const char *oid, bool critical, const char* data,
         int length){
     DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
@@ -28,10 +21,10 @@
         m_data.assign(data,length);
     }else{
         m_data=string();
+        m_noData=true;
     }
 }
 
-
 LDAPCtrl::LDAPCtrl(const string& oid, bool critical, const string& data){
     DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
     DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
@@ -39,6 +32,7 @@
     m_oid=oid;
     m_isCritical=critical;
     m_data=data;
+    m_noData=false;
 }
 
 LDAPCtrl::LDAPCtrl(const LDAPControl* ctrl){
@@ -62,6 +56,10 @@
     return m_isCritical;
 }
 
+bool LDAPCtrl::hasData() const{
+    return !m_noData;
+}
+ 
 string LDAPCtrl::getData() const {
     DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getData()" << endl);
     return m_data;
@@ -73,9 +71,14 @@
     ret->ldctl_oid= new char[m_oid.size() + 1];
     m_oid.copy(ret->ldctl_oid,string::npos);
     ret->ldctl_oid[m_oid.size()]=0;
-    ret->ldctl_value.bv_len=m_data.size();
-    ret->ldctl_value.bv_val= new char[m_data.size()];
-    m_data.copy(ret->ldctl_value.bv_val,string::npos);
+    if ( m_noData ) {
+        ret->ldctl_value.bv_len = 0;
+        ret->ldctl_value.bv_val = NULL;
+    } else {
+        ret->ldctl_value.bv_len=m_data.size();
+        ret->ldctl_value.bv_val= new char[m_data.size()];
+        m_data.copy(ret->ldctl_value.bv_val,string::npos);
+    }
     ret->ldctl_iscritical = ( m_isCritical ? 1:0);
     return ret;
 }

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.h
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPControl.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPControl.h,v 1.5.10.1 2008/04/14 23:09:26 quanah Exp $
+// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPControl.h,v 1.5.10.2 2008/09/03 18:03:43 quanah Exp $
 /*
  * Copyright 2000, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -17,11 +17,6 @@
 class LDAPCtrl{
     public :
         /**
-         * Copy-constructor
-         */
-        LDAPCtrl(const LDAPCtrl& c);
-
-        /**
          * Constructor.
          * @param oid:  The Object Identifier of the Control
          * @param critical: "true" if the Control should be handled
@@ -29,7 +24,7 @@
          * @param data: If there is data for the control, put it here.
          * @param length: The length of the data field
          */
-        LDAPCtrl(const char *oid, bool critical, const char *data=0, 
+        LDAPCtrl(const char *oid, bool critical=false, const char *data=0, 
                 int length=0);
 
         /**
@@ -39,8 +34,8 @@
          *                  critical by the server.
          * @param data: If there is data for the control, put it here.
          */
-        LDAPCtrl(const std::string& oid, bool critical=false,
-                const std::string& data=std::string());
+        LDAPCtrl(const std::string& oid, bool critical,
+                 const std::string& data);
 
         /**
          * Creates a copy of the Control that "ctrl is pointing to
@@ -58,8 +53,14 @@
         std::string getOID() const;
 
         /**
-         * @return The Data of the control as a std::string-Objekt
+         * @return true if there is no "Control Value" (there is a
+         * difference between no and an empty control value)
          */
+        bool hasData() const;
+
+        /**
+         * @return The Data of the control as a std::string-Object
+         */
         std::string getData() const;
 
         /**
@@ -80,6 +81,7 @@
         std::string m_oid;
         std::string m_data;
         bool m_isCritical;
+        bool m_noData;
 };
 
 #endif //LDAP_CONTROL_H

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.cpp
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.cpp	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPObjClass.cpp,v 1.3.6.2 2008/05/01 21:28:42 quanah Exp $
+// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPObjClass.cpp,v 1.3.6.3 2008/09/02 23:58:15 quanah Exp $
 /*
  * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -33,7 +33,7 @@
     sup = oc.sup;
 }
 
-LDAPObjClass::LDAPObjClass (string oc_item) { 
+LDAPObjClass::LDAPObjClass (string oc_item, int flags ) { 
 
     DEBUG(LDAP_DEBUG_CONSTRUCT,
             "LDAPObjClass::LDAPObjClass( )" << endl);
@@ -41,7 +41,7 @@
     LDAPObjectClass *o;
     int ret;
     const char *errp;
-    o = ldap_str2objectclass ( oc_item.c_str(), &ret, &errp, SCHEMA_PARSE_FLAG);
+    o = ldap_str2objectclass ( oc_item.c_str(), &ret, &errp, flags );
 
     if (o) {
         this->setNames (o->oc_names);

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.h
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/LDAPObjClass.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPObjClass.h,v 1.3.6.2 2008/05/01 21:28:42 quanah Exp $
+// $OpenLDAP: pkg/ldap/contrib/ldapc++/src/LDAPObjClass.h,v 1.3.6.3 2008/09/02 23:58:15 quanah Exp $
 /*
  * Copyright 2003, OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -12,9 +12,6 @@
 
 #include "StringList.h"
 
-#define SCHEMA_PARSE_FLAG    0x03
-
-
 using namespace std;
 
 /**
@@ -36,7 +33,7 @@
         /**
          * Copy constructor
 	 */   
-	LDAPObjClass (const LDAPObjClass& oc);
+	LDAPObjClass( const LDAPObjClass& oc );
 
         /**
 	 * Constructs new object and fills the data structure by parsing the
@@ -46,7 +43,8 @@
 	 * "( SuSE.YaST.OC:5 NAME 'userTemplate' SUP objectTemplate STRUCTURAL
 	 *    DESC 'User object template' MUST ( cn ) MAY ( secondaryGroup ))"
          */   
-        LDAPObjClass (string oc_item);
+        LDAPObjClass (string oc_item, int flags = LDAP_SCHEMA_ALLOW_NO_OID |
+                      LDAP_SCHEMA_ALLOW_QUOTED);
 
         /**
          * Destructor

Modified: openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h
===================================================================
--- openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/ldapc++/src/ac/time.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 /* Generic time.h */
-/* $OpenLDAP: pkg/ldap/contrib/ldapc++/src/ac/time.h,v 1.7.2.4 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/ldapc++/src/ac/time.h,v 1.7.2.5 2009/01/22 00:00:44 kurt Exp $ */
 /*
- * Copyright 1998-2008 The OpenLDAP Foundation, Redwood City, California, USA
+ * Copyright 1998-2009 The OpenLDAP Foundation, Redwood City, California, USA
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms are permitted only

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2008-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP
@@ -20,6 +20,9 @@
 autogroup (overlay)
 	Automated updates of group memberships.
 
+cloak (overlay)
+	Hide specific attributes unless explicitely requested
+
 comp_match (plugin)
 	Component Matching rules (RFC 3687).
 
@@ -52,4 +55,4 @@
 trace (overlay)
 	Trace overlay invocation.
 
-$OpenLDAP: pkg/ldap/contrib/slapd-modules/README,v 1.3.2.1 2008/07/09 00:33:24 quanah Exp $
+$OpenLDAP: pkg/ldap/contrib/slapd-modules/README,v 1.3.2.3 2009/01/22 00:00:44 kurt Exp $

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/acl/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/acl/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/acl/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2005-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2005-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/acl/posixgroup.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/acl/posixgroup.c,v 1.3.2.4 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/acl/posixgroup.c,v 1.3.2.5 2009/01/22 00:00:45 kurt Exp $ */
 /*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/Makefile	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
-OPENLDAP_SRC=/usr/local/src/openldap-2.4.6
-CPPFLAGS+=-I${OPENLDAP_SRC}/include -I${OPENLDAP_SRC}/servers/slapd
-LDFLAGS+=-L/usr/local/openldap-2.4.6
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/addpartial/Makefile,v 1.1.2.4 2009/01/21 00:18:19 quanah Exp $
+OPENLDAP_SRC=../../..
+OPENLDAP_BLD=../../..
+CPPFLAGS+=-I${OPENLDAP_SRC}/include -I${OPENLDAP_SRC}/servers/slapd -I${OPENLDAP_BLD}/include
 CC=gcc
 
 all: addpartial-overlay.so

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/addpartial-overlay.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/addpartial-overlay.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/addpartial/addpartial-overlay.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -16,8 +16,8 @@
  *
  * Author:  David H. Hawes, Jr.
  * Email:   dhawes at vt.edu
- * Version: $Revision: 6588 $
- * Updated: $Date: 2007-11-07 13:29:25 -0500 (Wed, 07 Nov 2007) $
+ * Version: $Revision: 8385 $
+ * Updated: $Date: 2008-11-04 12:19:52 -0500 (Tue, 04 Nov 2008) $
  * 
  * addpartial-overlay
  *
@@ -33,7 +33,6 @@
 #include "portable.h" 
 #include "slap.h"
 
-static int addpartial_search_cb( Operation *op, SlapReply *rs);
 static int collect_error_msg_cb( Operation *op, SlapReply *rs);
 
 static slap_overinst addpartial;
@@ -46,10 +45,8 @@
 {
     Operation nop = *op;
     SlapReply nrs = { REP_RESULT };
-    Filter *filter = NULL;
     Entry *toAdd = NULL;
-    struct berval fstr = BER_BVNULL;
-    slap_callback cb = { NULL, addpartial_search_cb, NULL, NULL };
+    Entry *found = NULL;
     slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
     int rc;
 
@@ -64,61 +61,20 @@
     {
         return SLAP_CB_CONTINUE;
     }
-    
-    rs->sr_text = NULL;
 
-    nop.o_callback = &cb;
-    op->o_bd->bd_info = (BackendInfo *) on->on_info;
-    nop.o_tag = LDAP_REQ_SEARCH;
-    nop.o_ctrls = NULL;
-    
-    filter = str2filter("(objectclass=*)");
-    filter2bv(filter, &fstr);
+    rc = overlay_entry_get_ov(&nop, &nop.o_req_ndn, NULL, NULL, 0, &found, on);
 
-    nop.ors_scope = LDAP_SCOPE_BASE;
-    nop.ors_deref = LDAP_DEREF_NEVER;
-    nop.ors_slimit = -1;//SLAP_NO_LIMIT;
-    nop.ors_tlimit = -1;//SLAP_NO_LIMIT;
-    nop.ors_attrsonly = 0;
-    nop.ors_attrs = slap_anlist_no_attrs;
-    nop.ors_filter = filter;
-    nop.ors_filterstr = fstr;
-
-    memset(&nrs, 0, sizeof(nrs));
-    nrs.sr_type = REP_RESULT;
-    nrs.sr_err = LDAP_SUCCESS;
-    nrs.sr_entry = NULL;
-    nrs.sr_flags |= REP_ENTRY_MUSTBEFREED;
-    nrs.sr_text = NULL;
-
-    Debug(LDAP_DEBUG_TRACE, "%s: performing search\n", addpartial.on_bi.bi_type,
-          0,0);
-
-    if(nop.o_bd->be_search)
+    if(rc != LDAP_SUCCESS)
     {
-        rc = nop.o_bd->be_search(&nop, &nrs);
-        Debug(LDAP_DEBUG_TRACE, "%s: search performed\n",
-              addpartial.on_bi.bi_type,0,0);
+        Debug(LDAP_DEBUG_TRACE,
+              "%s: no entry found, falling through to normal add\n",
+              addpartial.on_bi.bi_type, 0, 0);
+        return SLAP_CB_CONTINUE;
     }
     else
-    {
-        Debug(LDAP_DEBUG_TRACE, "%s: backend missing search function\n",
-              addpartial.on_bi.bi_type,0,0);
-    }
-
-    if(filter)
-        filter_free(filter);
-    if(fstr.bv_val)
-        ch_free(fstr.bv_val);
-
-    if(rc != LDAP_SUCCESS)
-        return SLAP_CB_CONTINUE;
-    else
     { 
-        Entry *found = NULL;
         Debug(LDAP_DEBUG_TRACE, "%s: found the dn\n", addpartial.on_bi.bi_type,
               0,0);
-        found = (Entry *) cb.sc_private;
 
         if(found)
         {
@@ -150,8 +106,7 @@
                     mod->sml_op &= LDAP_MOD_OP;
                     mod->sml_next = NULL;
                     mod->sml_desc = attr->a_desc;
-                    mod->sml_type.bv_val = attr->a_desc->ad_cname.bv_val;
-                    mod->sml_type.bv_len = strlen(mod->sml_type.bv_val);
+                    mod->sml_type = attr->a_desc->ad_cname;
                     mod->sml_values = attr->a_vals;
                     mod->sml_nvalues = attr->a_nvals;
                     mod->sml_numvals = attr->a_numvals;
@@ -190,8 +145,7 @@
                         mod->sml_op &= LDAP_MOD_OP;
                         mod->sml_next = NULL;
                         mod->sml_desc = attr->a_desc;
-                        mod->sml_type.bv_val = attr->a_desc->ad_cname.bv_val;
-                        mod->sml_type.bv_len = strlen(mod->sml_type.bv_val);
+                        mod->sml_type = attr->a_desc->ad_cname;
                         mod->sml_values = attr->a_vals;
                         mod->sml_nvalues = attr->a_nvals;
                         mod->sml_numvals = attr->a_numvals;
@@ -245,9 +199,7 @@
                             mod->sml_op &= LDAP_MOD_OP;
                             mod->sml_next = NULL;
                             mod->sml_desc = attr->a_desc;
-                            mod->sml_type.bv_val = 
-                                                  attr->a_desc->ad_cname.bv_val;
-                            mod->sml_type.bv_len = strlen(mod->sml_type.bv_val);
+                            mod->sml_type = attr->a_desc->ad_cname;
                             mod->sml_values = attr->a_vals;
                             mod->sml_nvalues = attr->a_nvals;
                             mod->sml_numvals = attr->a_numvals;
@@ -278,9 +230,7 @@
                     mod->sml_op = LDAP_MOD_REPLACE;
                     mod->sml_next = NULL;
                     mod->sml_desc = attr->a_desc;
-                    mod->sml_type.bv_val = 
-                                          attr->a_desc->ad_cname.bv_val;
-                    mod->sml_type.bv_len = strlen(mod->sml_type.bv_val);
+                    mod->sml_type = attr->a_desc->ad_cname;
                     mod->sml_values = NULL;
                     mod->sml_nvalues = NULL;
                     mod->sml_numvals = 0;
@@ -296,71 +246,69 @@
                 }
             }
 
+            overlay_entry_release_ov(&nop, found, 0, on);
+
             if(mods)
             {
+                Modifications *m = NULL;
+                Modifications *toDel;
+                int modcount;
+                slap_callback nullcb = { NULL, collect_error_msg_cb, 
+                                         NULL, NULL };
+
                 Debug(LDAP_DEBUG_TRACE, "%s: mods to do...\n",
                       addpartial.on_bi.bi_type, 0, 0);
-                if(nop.o_bd->be_modify)
-                {
-                    Modifications *m = NULL;
-                    int modcount;
-                    slap_callback nullcb = { NULL, collect_error_msg_cb, 
-                                             NULL, NULL };
-                    char textbuf[SLAP_TEXT_BUFLEN];
-                    size_t textlen = sizeof textbuf;
 
-                    memset(&nrs, 0, sizeof(nrs));
-                    nrs.sr_type = REP_RESULT;
-                    nrs.sr_err = LDAP_SUCCESS;
-                    nrs.sr_entry = NULL;
-                    nrs.sr_text = NULL;
+                memset(&nrs, 0, sizeof(nrs));
+                nrs.sr_type = REP_RESULT;
+                nrs.sr_err = LDAP_SUCCESS;
+                nrs.sr_entry = NULL;
+                nrs.sr_text = NULL;
 
-                    nop.o_tag = LDAP_REQ_MODIFY;
-                    nop.orm_modlist = mods;
-                    nop.o_callback = &nullcb;
-                    nop.o_bd->bd_info = (BackendInfo *) on->on_info;
+                nop.o_tag = LDAP_REQ_MODIFY;
+                nop.orm_modlist = mods;
+                nop.orm_no_opattrs = 0;
+                nop.o_callback = &nullcb;
+                nop.o_bd->bd_info = (BackendInfo *) on->on_info;
 
-                    for(m = mods, modcount = 0; m; m = m->sml_next, 
-                        modcount++)
-                    {
-                        /* count number of mods */
-                    }
+                for(m = mods, modcount = 0; m; m = m->sml_next, 
+                    modcount++)
+                {
+                    /* count number of mods */
+                }
 
-                    Debug(LDAP_DEBUG_TRACE, "%s: number of mods: %d\n",
-                          addpartial.on_bi.bi_type, modcount, 0);
+                Debug(LDAP_DEBUG_TRACE, "%s: number of mods: %d\n",
+                      addpartial.on_bi.bi_type, modcount, 0);
 
+                if(nop.o_bd->be_modify)
+                {
                     rc = (nop.o_bd->be_modify)(&nop, &nrs);
+                }
 
-                    if(rc == LDAP_SUCCESS)
+                if(rc == LDAP_SUCCESS)
+                {
+                    Debug(LDAP_DEBUG_TRACE,
+                          "%s: modify successful\n",
+                          addpartial.on_bi.bi_type, 0, 0);
+                }
+                else
+                {
+                    Debug(LDAP_DEBUG_TRACE, "%s: modify unsuccessful: %d\n",
+                          addpartial.on_bi.bi_type, rc, 0);
+                    rs->sr_err = rc;
+                    if(nullcb.sc_private)
                     {
-                        Debug(LDAP_DEBUG_TRACE,
-                              "%s: modify successful\n",
-                              addpartial.on_bi.bi_type, 0, 0);
+                        rs->sr_text = nullcb.sc_private;
                     }
-                    else
-                    {
-                        Debug(LDAP_DEBUG_TRACE, "%s: modify unsuccessful: %d\n",
-                              addpartial.on_bi.bi_type, rc, 0);
-                        rs->sr_err = rc;
-                        if(nrs.sr_text)
-                        {
-                            rs->sr_text = nullcb.sc_private;
-                        }
-                    }
+                }
 
-                    Debug(LDAP_DEBUG_TRACE, "%s: freeing mods...\n",
-                          addpartial.on_bi.bi_type, 0, 0);
+                Debug(LDAP_DEBUG_TRACE, "%s: freeing mods...\n",
+                      addpartial.on_bi.bi_type, 0, 0);
 
-                    if(mods != NULL)
-                    {
-                        Modifications *toDel;
-
-                        for(toDel = mods; toDel; toDel = mods)
-                        {
-                            mods = mods->sml_next;
-                            ch_free(toDel);
-                        }
-                    }
+                for(toDel = mods; toDel; toDel = mods)
+                {
+                    mods = mods->sml_next;
+                    ch_free(toDel);
                 }
             }
             else
@@ -368,9 +316,6 @@
                 Debug(LDAP_DEBUG_TRACE, "%s: no mods to process\n",
                       addpartial.on_bi.bi_type, 0, 0);
             }
-
-            if(found != NULL)
-                entry_free(found);
         }
         else
         {
@@ -387,26 +332,6 @@
     }
 }
 
-static int addpartial_search_cb( Operation *op, SlapReply *rs)
-{
-    Entry *entry = NULL;
-
-    if(rs->sr_type != REP_SEARCH) return 0;
-        
-    Debug(LDAP_DEBUG_TRACE, "%s: addpartial_search_cb\n",
-          addpartial.on_bi.bi_type, 0, 0);
-
-    if(rs->sr_entry)
-    {
-        Debug(LDAP_DEBUG_TRACE, "%s: dn found: %s\n",
-              addpartial.on_bi.bi_type, rs->sr_entry->e_nname.bv_val, 0);
-        entry = rs->sr_entry;
-        op->o_callback->sc_private = (void *) entry_dup(entry);
-    }
-
-    return 0;
-}
-
 static int collect_error_msg_cb( Operation *op, SlapReply *rs)
 {
     if(rs->sr_text)
@@ -427,5 +352,5 @@
 
 int init_module(int argc, char *argv[]) 
 {
-        return addpartial_init();
+    return addpartial_init();
 }

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/allop/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/allop/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/allop/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2004-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/allop/allop.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/allop/allop.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/allop/allop.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* allop.c - returns all operational attributes when appropriate */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/allop/allop.c,v 1.3.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/allop/allop.c,v 1.3.2.4 2009/01/22 00:00:45 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/allop/slapo-allop.5
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/allop/slapo-allop.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/allop/slapo-allop.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-ALLOP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/contrib/slapd-modules/allop/slapo-allop.5,v 1.2.2.3 2008/02/11 23:26:38 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/contrib/slapd-modules/allop/slapo-allop.5,v 1.2.2.4 2009/01/22 00:00:45 kurt Exp $
 .SH NAME
 slapo-allop \- All Operational Attributes overlay
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/autogroup.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/autogroup.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/autogroup/autogroup.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 /* autogroup.c - automatic group overlay */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/autogroup/autogroup.c,v 1.2.2.1 2008/02/08 23:00:43 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/autogroup/autogroup.c,v 1.2.2.2 2008/11/10 19:57:30 quanah Exp $ */
 /*
  * Copyright 2007 Michał Szulczyński.
  * All rights reserved.
@@ -1503,7 +1503,7 @@
 		op->o_bd->be_search( op, &rs );
 		op->o_bd->bd_info = (BackendInfo *)on;
 
-		filter_free_x( op, op->ors_filter );
+		filter_free_x( op, op->ors_filter, 1 );
 		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
 	}		
 	ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );

Added: openldap/vendor/openldap-release/contrib/slapd-modules/cloak/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/cloak/Makefile	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/cloak/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,16 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/Makefile,v 1.2.2.1 2009/02/02 22:48:36 quanah Exp $
+CPPFLAGS+=-I../../../include -I../../../servers/slapd 
+CPPFLAGS+=-DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC
+LIBS=-lldap_r -llber -lcrypto
+
+all: cloak.la
+
+cloak.lo:    cloak.c
+	$(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -c $?
+
+cloak.la:    cloak.lo
+	$(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+		   -rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
+
+clean:
+	rm cloak.lo cloak.la

Added: openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/cloak/cloak.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,328 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/cloak.c,v 1.2.2.1 2009/01/21 01:15:37 quanah Exp $ */
+/* cloak.c - Overlay to hide some attribute except if explicitely requested */
+/* 
+ * Copyright 2008 Emmanuel Dreyfus
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+#include "portable.h"
+
+#ifdef SLAPD_OVER_CLOAK
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "config.h"
+
+enum { CLOAK_ATTR = 1 };
+
+typedef struct cloak_info_t {
+	ObjectClass 		*ci_oc;	
+	AttributeDescription	*ci_ad;
+	struct cloak_info_t	*ci_next;
+} cloak_info_t;
+
+#define CLOAK_USAGE "\"cloak-attr <attr> [<class>]\": "
+
+static int
+cloak_cfgen( ConfigArgs *c )
+{
+	slap_overinst	*on = (slap_overinst *)c->bi;
+	cloak_info_t	*ci = (cloak_info_t *)on->on_bi.bi_private;
+
+	int		rc = 0, i;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		switch( c->type ) {
+		case CLOAK_ATTR:
+			for ( i = 0; ci; i++, ci = ci->ci_next ) {
+				struct berval	bv;
+				int len;
+
+				assert( ci->ci_ad != NULL );
+
+				if ( ci->ci_oc != NULL )
+					len = snprintf( c->cr_msg, 
+					sizeof( c->cr_msg ),
+					SLAP_X_ORDERED_FMT "%s %s", i,
+					ci->ci_ad->ad_cname.bv_val,
+					ci->ci_oc->soc_cname.bv_val );
+				else
+					len = snprintf( c->cr_msg, 
+					sizeof( c->cr_msg ),
+					SLAP_X_ORDERED_FMT "%s", i,
+					ci->ci_ad->ad_cname.bv_val );
+
+				bv.bv_val = c->cr_msg;
+				bv.bv_len = len;
+				value_add_one( &c->rvalue_vals, &bv );
+			}
+			break;
+
+		default:
+			rc = 1;
+			break;
+		}
+
+		return rc;
+
+	} else if ( c->op == LDAP_MOD_DELETE ) {
+		cloak_info_t	*ci_next;
+
+		switch( c->type ) {
+		case CLOAK_ATTR:
+			for ( ci_next = ci, i = 0; 
+			      ci_next, c->valx < 0 || i < c->valx; 
+			      ci = ci_next, i++ ){
+
+				ci_next = ci->ci_next;
+
+				ch_free ( ci->ci_ad );
+				if ( ci->ci_oc != NULL )
+					ch_free ( ci->ci_oc );
+
+				ch_free( ci );
+			}
+			ci = (cloak_info_t *)on->on_bi.bi_private;
+			break;
+
+		default:
+			rc = 1;
+			break;
+		}
+
+		return rc;
+	}
+
+	switch( c->type ) {
+	case CLOAK_ATTR: {
+		ObjectClass		*oc = NULL;
+		AttributeDescription	*ad = NULL;
+		const char		*text;
+		cloak_info_t 	       **cip = NULL;
+		cloak_info_t 	        *ci_next = NULL;
+
+		if ( c->argc == 3 ) {
+			oc = oc_find( c->argv[ 2 ] );
+			if ( oc == NULL ) {
+				snprintf( c->cr_msg, 
+					  sizeof( c->cr_msg ), 
+					  CLOAK_USAGE
+					  "unable to find ObjectClass \"%s\"",
+					  c->argv[ 2 ] );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				       c->log, c->cr_msg, 0 );
+				return 1;
+			}
+		}
+
+		rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ), CLOAK_USAGE
+				"unable to find AttributeDescription \"%s\"",
+				c->argv[ 1 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg, 0 );
+			return 1;
+		}
+
+		for ( i = 0, cip = (cloak_info_t **)&on->on_bi.bi_private;
+		      c->valx < 0 || i < c->valx, *cip;
+		      i++, cip = &(*cip)->ci_next ) {
+			if ( c->valx >= 0 && *cip == NULL ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					CLOAK_USAGE
+					"invalid index {%d}\n",
+					c->valx );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+					c->log, c->cr_msg, 0 );
+				return 1;
+			}
+			ci_next = *cip;
+		}
+
+		*cip = (cloak_info_t *)ch_calloc( 1, sizeof( cloak_info_t ) );
+		(*cip)->ci_oc = oc;
+		(*cip)->ci_ad = ad;
+		(*cip)->ci_next = ci_next;
+
+		rc = 0;
+		break;
+	}
+
+	default:
+		rc = 1;
+		break;
+	}
+
+	return rc;
+}
+
+static int
+cloak_search_cb( Operation *op, SlapReply *rs )
+{
+	slap_callback   *sc;
+	cloak_info_t	*ci;
+	Entry		*e = NULL;
+	Entry		*me = NULL;
+
+	assert( op && op->o_callback && rs );
+
+	if ( rs->sr_type != REP_SEARCH || !rs->sr_entry ) {
+		slap_freeself_cb( op, rs );
+		return ( SLAP_CB_CONTINUE );
+	}
+
+	sc = op->o_callback;
+	e = rs->sr_entry;
+
+	/* 
+	 * First perform a quick scan for an attribute to cloak
+	 */
+	for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
+		Attribute *a;
+
+		if ( ci->ci_oc != NULL &&
+		     !is_entry_objectclass_or_sub( e, ci->ci_oc ) )
+			continue;
+
+		for ( a = e->e_attrs; a; a = a->a_next )
+			if ( a->a_desc == ci->ci_ad )
+				break;
+
+		if ( a != NULL )
+			break;
+	}
+
+	/*
+	 * Nothing found to cloak
+	 */
+	if ( ci == NULL )
+		return ( SLAP_CB_CONTINUE );
+
+	/*
+	 * We are now committed to cloak an attribute.
+	 */
+	if ( rs->sr_flags & REP_ENTRY_MODIFIABLE )
+		me = e;
+	else
+		me = entry_dup( e );
+		
+	for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
+		Attribute *a;
+		Attribute *pa;
+
+		for ( pa = NULL, a = me->e_attrs;
+		      a; 
+		      pa = a, a = a->a_next ) {
+
+			if ( a->a_desc != ci->ci_ad )
+				continue;
+
+			Debug( LDAP_DEBUG_TRACE, "cloak_search_cb: cloak %s\n", 
+			       a->a_desc->ad_cname.bv_val,
+			       0, 0 );
+
+			if ( pa != NULL ) 
+				pa->a_next = a->a_next;
+			else
+				me->e_attrs = a->a_next;
+
+			attr_clean( a );
+		}
+
+	}
+
+	if ( me != e ) {
+		if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED )
+			entry_free( e );
+
+		rs->sr_entry = me;
+        	rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
+	}
+
+	return ( SLAP_CB_CONTINUE );
+}
+
+static int
+cloak_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst   *on = (slap_overinst *)op->o_bd->bd_info;
+	cloak_info_t    *ci = (cloak_info_t *)on->on_bi.bi_private; 
+	slap_callback	*sc;
+
+	if ( op->ors_attrsonly ||
+	     op->ors_attrs ||
+	     get_manageDSAit( op ) )
+		return SLAP_CB_CONTINUE;
+
+	sc = op->o_tmpcalloc( 1, sizeof( *sc ), op->o_tmpmemctx );
+	sc->sc_response = cloak_search_cb;
+	sc->sc_cleanup = NULL;
+	sc->sc_next = NULL;
+	sc->sc_private = ci;
+	op->o_callback = sc;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst cloak_ovl;
+
+static ConfigTable cloakcfg[] = {
+	{ "cloak-attr", "attribute [class]",
+		2, 3, 0, ARG_MAGIC|CLOAK_ATTR, cloak_cfgen,
+		"( OLcfgCtAt:4.1 NAME 'olcCloakAttribute' "
+			"DESC 'Cloaked attribute: attribute [class]' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"X-ORDERED 'VALUES' )",
+			NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs cloakocs[] = {
+	{ "( OLcfgCtOc:4.1 "
+	  "NAME 'olcCloakConfig' "
+	  "DESC 'Attribute cloak configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcCloakAttribute ) )", 
+	  Cft_Overlay, cloakcfg },
+	{ NULL, 0, NULL }
+};
+
+#if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
+static
+#endif
+int
+cloak_initialize( void ) {
+	int rc;
+	cloak_ovl.on_bi.bi_type = "cloak";
+	cloak_ovl.on_bi.bi_op_search = cloak_search;
+        cloak_ovl.on_bi.bi_cf_ocs = cloakocs;
+
+	rc = config_register_schema ( cloakcfg, cloakocs );
+	if ( rc ) 
+		return rc;
+
+	return overlay_register( &cloak_ovl );
+}
+
+#if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	return cloak_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_CLOAK) */
+

Added: openldap/vendor/openldap-release/contrib/slapd-modules/cloak/slapo-cloak.5
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/cloak/slapo-cloak.5	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/cloak/slapo-cloak.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,82 @@
+.TH SLAPO-CLOAK 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply.  See the COPYRIGHT file.
+.\" $OpenLDAP: pkg/ldap/contrib/slapd-modules/cloak/slapo-cloak.5,v 1.1.2.2 2009/01/22 00:00:45 kurt Exp $
+.SH NAME
+slapo-cloak \- Attribute cloak overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B cloak
+overlay to
+.BR slapd (8)
+allows the server to hide specific attributes, unless explicitely requested
+by the client. This improve performance when a client requests all attributes
+and get a huge binary attribute that is of no interest for it.
+This behavior is disabled when the \fImanageDSAit\fP
+control (RFC 3296) is used.
+
+.SH CONFIGURATION
+The config directives that are specific to the
+.B cloak
+overlay must be prefixed by
+.BR cloak\- ,
+to avoid potential conflicts with directives specific to the underlying 
+database or to other stacked overlays.
+
+.TP
+.B overlay cloak
+This directive adds the cloak overlay to the current database,
+or to the frontend, if used before any database instantiation; see
+.BR slapd.conf (5)
+for details.
+
+.LP
+This
+.B slapd.conf
+configuration option is defined for the cloak overlay. It may have multiple 
+occurrences, and it must appear after the
+.B overlay
+directive:
+.TP
+.B cloak-attr <attribute> [<class>]
+The value 
+.B <attribute>
+is the name of the attribute that will be cloaked.
+
+The optional
+.B <class>
+restricts cloaking only to entries of the named 
+.B <class>.
+
+.SH EXAMPLE
+This example hide the
+.B jpegPhoto
+attribute. Add the following to slapd.conf:
+
+.LP
+.nf
+    database <database>
+    # ...
+
+    overlay cloak
+    cloak-attr jpegPhoto
+.fi
+.LP
+and that slapd loads cloak.la, if compiled as a run-time module;
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
+The
+.BR slapo-cloak (5)
+overlay supports dynamic configuration via
+.BR back-config .
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2008 by Emmanuel Dreyfus.

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/comp_match/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/contrib/slapd-modules/comp_match/Makefile,v 1.11.2.3 2008/02/11 23:26:38 kurt Exp $
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/comp_match/Makefile,v 1.11.2.4 2009/01/22 00:00:45 kurt Exp $
 # This work is part of OpenLDAP Software <http://www.openldap.org/>.
 #
-# Copyright 2003-2008 The OpenLDAP Foundation.
+# Copyright 2003-2009 The OpenLDAP Foundation.
 # Portions Copyright 2004 by IBM Corporation.
 # All rights reserved.
 

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/denyop/denyop.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/denyop/denyop.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/denyop/denyop.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* denyop.c - Denies operations */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/denyop/denyop.c,v 1.2.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/denyop/denyop.c,v 1.2.2.4 2009/01/22 00:00:45 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2004-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/dsaschema/dsaschema.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/dsaschema/dsaschema.c,v 1.5.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/dsaschema/dsaschema.c,v 1.5.2.4 2009/01/22 00:00:45 kurt Exp $ */
 /*
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/lastmod.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/lastmod.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/lastmod.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* lastmod.c - returns last modification info */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/lastmod/lastmod.c,v 1.2.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/lastmod/lastmod.c,v 1.2.2.4 2009/01/22 00:00:45 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/slapo-lastmod.5
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/slapo-lastmod.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/lastmod/slapo-lastmod.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .TH SLAPO_LASTMOD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
 .SH NAME

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nops/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,9 +1,16 @@
-CPPFLAGS+=-I../../../include -I../../../servers/slapd
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/nops/Makefile,v 1.1.2.3 2009/02/02 18:32:58 quanah Exp $
+CPPFLAGS+=-I../../../include -I../../../servers/slapd 
+CPPFLAGS+=-DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
+LIBS=-lldap_r -llber -lcrypto
 
-all: nops.so
+all: nops.la
 
-nops.so: nops.c
-	$(CC) -shared $(CPPFLAGS) -Wall -o $@ $?
+nops.lo:    nops.c
+	$(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) -c $?
 
+nops.la:    nops.lo
+	$(LIBTOOL) --mode=link $(CC) -version-info 0:0:0 \
+		   -rpath $(PREFIX)/lib -module -o $@ $? $(LIBS)
+
 clean:
-	rm nops.so
+	rm nops.lo nops.la

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/group.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 /* group.c - group lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/group.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/group.c,v 1.1.2.2 2008/11/10 22:39:09 quanah Exp $ */
 /*
  * Copyright 2008 by Howard Chu, Symas Corp.
  * All rights reserved.
@@ -191,26 +191,31 @@
 			i += a->a_numvals;
 		if ( b )
 			i += b->a_numvals;
-		if ( i )
+		if ( i ) {
 			members = cbp->op->o_tmpalloc( (i+1) * sizeof(struct berval), cbp->op->o_tmpmemctx );
 			
-		if ( a ) {
-			for (i=0; i<a->a_numvals; i++) {
-				if (isvalidusername(&a->a_vals[i])) {
-					ber_dupbv_x(&members[j],&a->a_vals[i],cbp->op->o_tmpmemctx);
-					j++;
+			if ( a ) {
+				for (i=0; i<a->a_numvals; i++) {
+					if (isvalidusername(&a->a_vals[i])) {
+						ber_dupbv_x(&members[j],&a->a_vals[i],cbp->op->o_tmpmemctx);
+						j++;
+					}
 				}
 			}
-		}
-		a = b;
-		if ( a ) {
-			for (i=0; i<a->a_numvals; i++) {
-				if (nssov_dn2uid(cbp->op,cbp->ni,&a->a_nvals[i],&members[j]))
-					j++;
+			a = b;
+			if ( a ) {
+				for (i=0; i<a->a_numvals; i++) {
+					if (nssov_dn2uid(cbp->op,cbp->ni,&a->a_nvals[i],&members[j]))
+						j++;
+				}
 			}
+			nummembers = j;
+			BER_BVZERO(&members[j]);
+		} else {
+			members=NULL;
+			nummembers = 0;
 		}
-		nummembers = j;
-		BER_BVZERO(&members[j]);
+
 	} else {
 		members=NULL;
 		nummembers = 0;

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 /* nssov.c - nss-ldap overlay for slapd */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.c,v 1.1.2.2 2008/11/10 22:40:35 quanah Exp $ */
 /*
  * Copyright 2008 by Howard Chu, Symas Corp.
  * All rights reserved.
@@ -476,7 +476,6 @@
 		case NSS_MAP:
 			rc = 1;
 			for (i=NM_alias;i<NM_NONE;i++) {
-				int j;
 
 				mi = &ni->ni_maps[i];
 				for (j=0;!BER_BVISNULL(&mi->mi_attrkeys[j]);j++) {
@@ -486,10 +485,10 @@
 
 						map.bv_len = nss_svcs[i].word.bv_len +
 							mi->mi_attrkeys[j].bv_len +
-							mi->mi_attrs->an_desc->ad_cname.bv_len + 2;
+							mi->mi_attrs[j].an_desc->ad_cname.bv_len + 2;
 						map.bv_val = ch_malloc(map.bv_len + 1);
 						sprintf(map.bv_val, "%s %s %s", nss_svcs[i].word.bv_val,
-							mi->mi_attrkeys[j].bv_val, mi->mi_attrs->an_desc->ad_cname.bv_val );
+							mi->mi_attrkeys[j].bv_val, mi->mi_attrs[j].an_desc->ad_cname.bv_val );
 						ber_bvarray_add( &c->rvalue_vals, &map );
 						rc = 0;
 					}

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/nssov.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* nssov.h - NSS overlay header file */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/nssov.h,v 1.1.2.3 2009/01/22 00:00:45 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2008 The OpenLDAP Foundation.
+ * Copyright 2008-2009 The OpenLDAP Foundation.
  * Portions Copyright 2008 Howard Chu.
  */
 
@@ -277,7 +277,7 @@
 	op->ors_slimit = SLAP_NO_LIMIT; \
     /* do the internal search */ \
 	op->o_bd->be_search( op, &rs ); \
-	filter_free_x( op, op->ors_filter ); \
+	filter_free_x( op, op->ors_filter, 1 ); \
     return 0; \
   }
 

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/nssov/passwd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 /* passwd.c - password lookup routines */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/passwd.c,v 1.1.2.1 2008/07/08 18:53:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/nssov/passwd.c,v 1.1.2.3 2008/11/10 22:41:45 quanah Exp $ */
 /*
  * Copyright 2008 by Howard Chu, Symas Corp.
  * All rights reserved.
@@ -172,7 +172,7 @@
 	if (!isvalidusername(uid))
 		return 0;
 	/* we have to look up the entry */
-	nssov_filter_byid(mi,UIDN_KEY,uid,&filter);
+	nssov_filter_byid(mi,UID_KEY,uid,&filter);
 	BER_BVZERO(dn);
 	cb.sc_private = dn;
 	cb.sc_response = uid2dn_cb;
@@ -184,8 +184,10 @@
 	op2.ors_filterstr = filter;
 	op2.ors_filter = str2filter_x( op, filter.bv_val );
 	op2.ors_attrs = slap_anlist_no_attrs;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_slimit = SLAP_NO_LIMIT;
 	rc = op2.o_bd->be_search( &op2, &rs );
-	filter_free_x( op, op2.ors_filter );
+	filter_free_x( op, op2.ors_filter, 1 );
 	return rc == LDAP_SUCCESS;
 }
 

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2004-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/kerberos.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/kerberos.c,v 1.5.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/kerberos.c,v 1.5.2.4 2009/01/22 00:00:46 kurt Exp $ */
 /*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/netscape.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.5.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/netscape.c,v 1.5.2.4 2009/01/22 00:00:46 kurt Exp $ */
 /*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/radius.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/radius.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/radius.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/radius.c,v 1.2.2.4 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/radius.c,v 1.2.2.5 2009/01/22 00:00:46 kurt Exp $ */
 /*
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/Makefile
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/Makefile	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,15 @@
+# $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/sha2/Makefile,v 1.1.2.1 2009/01/26 21:07:06 quanah Exp $
+
+OPENLDAP := ../../../..
+
+#CCFLAGS = -Wall -g -DSLAPD_SHA2_DEBUG
+CCFLAGS = -Wall -g
+
+slapd-sha2.so: slapd-sha2.o sha2.o
+	$(CC) -I$(OPENLDAP)/include -shared -Wall -g $^ -o $@
+
+%.o: %.c
+	$(CC) -I$(OPENLDAP)/include $(CCFLAGS) -c $<
+
+clean:
+	@rm -f slapd-sha2.so *.o

Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/README	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,131 @@
+SHA-512 OpenLDAP support
+------------------------
+
+  Based on SHA2 implementation by Aaron D. Gifford (http://www.aarongifford.com/), also used in OpenBSD.
+  Adapted for OpenLDAP use by Jeff Turner <jeff at atlassian.com>
+  Distributed under open source BSD license - see code for details.
+
+
+slapd-sha2.c provides support for SHA-512, SHA-384 and SHA-256 hashed passwords in
+OpenLDAP. For instance, one could have the LDAP attribute:
+
+userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
+
+or:
+
+userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+
+or:
+
+userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+
+all of which encode the password 'secret'.
+
+
+Building
+--------
+
+1) Obtain the OpenLDAP source, eg. 'apt-get source slapd'.  Really we
+only want the headers, but there doesn't seem to be a Debian package
+with them.
+
+2) Customize the OPENLDAP variable in Makefile to point to the OpenLDAP
+source root.
+
+For initial testing you might also want to edit CCFLAGS to define
+SLAPD_SHA2_DEBUG, which enables logging to stderr (don't leave this on
+in production, as it prints passwords in cleartext).
+
+3) Run 'make' to produce slapd-sha2.so
+
+4) Copy slapd-sha2.so somewhere permanent.
+
+4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
+
+moduleload ...path/to/slapd-sha2.so
+
+5) Restart slapd.
+
+The {SHA512} scheme should now be recognised.
+
+Testing
+-------
+
+A quick way to test whether it's working is to customize the rootdn and
+rootpw in slapd.conf, eg:
+
+rootdn          "cn=admin,dc=example,dc=com"
+# This encrypts the string 'secret' 
+
+rootpw  {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+
+Then to test, run something like:
+
+ldapsearch -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w secret
+
+
+-- Test hashes:
+
+Test hashes can be generated with openssl:
+
+$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
+K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+$ echo -n "secret" | openssl dgst -sha384 -binary | openssl enc -base64
+WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64   
+vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cm
+W192CF5bDufKRpayrW/isg==
+
+(join those lines up to form the full hash)
+
+
+
+Alternatively we could modify an existing user's password with
+ldapmodify, and then test binding as that user:
+
+$ ldapmodify -D "cn=admin,dc=example,dc=com" -x -W
+Enter LDAP Password: 
+dn: uid=jturner,ou=People,dc=example,dc=com
+changetype: modify 
+replace: userPassword
+userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
+
+modifying entry "uid=jturner,ou=People,dc=example,dc=com"
+
+$ ldapsearch -b "dc=example,dc=com" -D "uid=jturner,ou=People,dc=example,dc=com" -x -w secret
+
+
+Debugging
+---------
+
+To see what's going on, recompile with SLAPD_SHA2_DEBUG (use the
+commented-out CCFLAGS in Makefile), and then run slapd from the console
+to see stderr:
+
+$ sudo /etc/init.d/slapd stop
+Stopping OpenLDAP: slapd.
+$ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d 256
+@(#) $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/sha2/README,v 1.1.2.1 2009/01/26 21:07:06 quanah Exp $
+        buildd at palmer:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
+/etc/ldap/slapd.conf: line 123: rootdn is always granted unlimited privileges.
+/etc/ldap/slapd.conf: line 140: rootdn is always granted unlimited privileges.
+slapd starting
+...
+Validating password
+  Password to validate: secret
+  Hashes to: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+  Stored password scheme: {SHA256}
+  Stored password value: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+  -> Passwords match
+conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
+conn=0 op=0 RESULT tag=97 err=0 text=
+conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)"
+conn=0 fd=12 closed (connection lost)
+
+
+
+Origin
+------
+
+Based on code maintained at:
+http://confluence.atlassian.com/display/JIRAEXT/OpenLDAP+support+for+SHA-2+(SHA-256%2C+SHA-384%2C+SHA-512)+and+atlassian-sha1+passwords

Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.c	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,1066 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/sha2/sha2.c,v 1.1.2.1 2009/01/26 21:07:06 quanah Exp $ */
+/*
+ * FILE:	sha2.c
+ * AUTHOR:	Aaron D. Gifford - http://www.aarongifford.com/
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ */
+
+#include <string.h>	/* memcpy()/memset() or bcopy()/bzero() */
+#include <assert.h>	/* assert() */
+#include "sha2.h"
+
+/*
+ * ASSERT NOTE:
+ * Some sanity checking code is included using assert().  On my FreeBSD
+ * system, this additional code can be removed by compiling with NDEBUG
+ * defined.  Check your own systems manpage on assert() to see how to
+ * compile WITHOUT the sanity checking code on your system.
+ *
+ * UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file).  Either define on the command line, for example:
+ *
+ *   cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ *   #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+
+/*** SHA-256/384/512 Machine Architecture Definitions *****************/
+/*
+ * BYTE_ORDER NOTE:
+ *
+ * Please make sure that your system defines BYTE_ORDER.  If your
+ * architecture is little-endian, make sure it also defines
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+ * equivilent.
+ *
+ * If your system does not define the above, then you can do so by
+ * hand like this:
+ *
+ *   #define LITTLE_ENDIAN 1234
+ *   #define BIG_ENDIAN    4321
+ *
+ * And for little-endian machines, add:
+ *
+ *   #define BYTE_ORDER LITTLE_ENDIAN 
+ *
+ * Or for big-endian machines:
+ *
+ *   #define BYTE_ORDER BIG_ENDIAN
+ *
+ * The FreeBSD machine this was written on defines BYTE_ORDER
+ * appropriately by including <sys/types.h> (which in turn includes
+ * <machine/endian.h> where the appropriate definitions are actually
+ * made).
+ */
+#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
+#endif
+
+/*
+ * Define the followingsha2_* types to types of the correct length on
+ * the native archtecture.   Most BSD systems and Linux define u_intXX_t
+ * types.  Machines with very recent ANSI C headers, can use the
+ * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
+ * during compile or in the sha.h header file.
+ *
+ * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
+ * will need to define these three typedefs below (and the appropriate
+ * ones in sha.h too) by hand according to their system architecture.
+ *
+ * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
+ * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
+ */
+#ifdef SHA2_USE_INTTYPES_H
+
+typedef uint8_t  sha2_byte;	/* Exactly 1 byte */
+typedef uint32_t sha2_word32;	/* Exactly 4 bytes */
+typedef uint64_t sha2_word64;	/* Exactly 8 bytes */
+
+#else /* SHA2_USE_INTTYPES_H */
+
+typedef u_int8_t  sha2_byte;	/* Exactly 1 byte */
+typedef u_int32_t sha2_word32;	/* Exactly 4 bytes */
+typedef u_int64_t sha2_word64;	/* Exactly 8 bytes */
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+/* NOTE: Most of these are in sha2.h */
+#define SHA256_SHORT_BLOCK_LENGTH	(SHA256_BLOCK_LENGTH - 8)
+#define SHA384_SHORT_BLOCK_LENGTH	(SHA384_BLOCK_LENGTH - 16)
+#define SHA512_SHORT_BLOCK_LENGTH	(SHA512_BLOCK_LENGTH - 16)
+
+
+/*** ENDIAN REVERSAL MACROS *******************************************/
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define REVERSE32(w,x)	{ \
+	sha2_word32 tmp = (w); \
+	tmp = (tmp >> 16) | (tmp << 16); \
+	(x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
+}
+#define REVERSE64(w,x)	{ \
+	sha2_word64 tmp = (w); \
+	tmp = (tmp >> 32) | (tmp << 32); \
+	tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
+	      ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
+	(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
+	      ((tmp & 0x0000ffff0000ffffULL) << 16); \
+}
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+
+/*
+ * Macro for incrementally adding the unsigned 64-bit integer n to the
+ * unsigned 128-bit integer (represented using a two-element array of
+ * 64-bit words):
+ */
+#define ADDINC128(w,n)	{ \
+	(w)[0] += (sha2_word64)(n); \
+	if ((w)[0] < (n)) { \
+		(w)[1]++; \
+	} \
+}
+
+/*
+ * Macros for copying blocks of memory and for zeroing out ranges
+ * of memory.  Using these macros makes it easy to switch from
+ * using memset()/memcpy() and using bzero()/bcopy().
+ *
+ * Please define either SHA2_USE_MEMSET_MEMCPY or define
+ * SHA2_USE_BZERO_BCOPY depending on which function set you
+ * choose to use:
+ */
+#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
+/* Default to memset()/memcpy() if no option is specified */
+#define	SHA2_USE_MEMSET_MEMCPY	1
+#endif
+#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
+/* Abort with an error if BOTH options are defined */
+#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
+#endif
+
+#ifdef SHA2_USE_MEMSET_MEMCPY
+#define MEMSET_BZERO(p,l)	memset((p), 0, (l))
+#define MEMCPY_BCOPY(d,s,l)	memcpy((d), (s), (l))
+#endif
+#ifdef SHA2_USE_BZERO_BCOPY
+#define MEMSET_BZERO(p,l)	bzero((p), (l))
+#define MEMCPY_BCOPY(d,s,l)	bcopy((s), (d), (l))
+#endif
+
+
+/*** THE SIX LOGICAL FUNCTIONS ****************************************/
+/*
+ * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
+ *
+ *   NOTE:  The naming of R and S appears backwards here (R is a SHIFT and
+ *   S is a ROTATION) because the SHA-256/384/512 description document
+ *   (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
+ *   same "backwards" definition.
+ */
+/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
+#define R(b,x) 		((x) >> (b))
+/* 32-bit Rotate-right (used in SHA-256): */
+#define S32(b,x)	(((x) >> (b)) | ((x) << (32 - (b))))
+/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
+#define S64(b,x)	(((x) >> (b)) | ((x) << (64 - (b))))
+
+/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
+#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+/* Four of six logical functions used in SHA-256: */
+#define Sigma0_256(x)	(S32(2,  (x)) ^ S32(13, (x)) ^ S32(22, (x)))
+#define Sigma1_256(x)	(S32(6,  (x)) ^ S32(11, (x)) ^ S32(25, (x)))
+#define sigma0_256(x)	(S32(7,  (x)) ^ S32(18, (x)) ^ R(3 ,   (x)))
+#define sigma1_256(x)	(S32(17, (x)) ^ S32(19, (x)) ^ R(10,   (x)))
+
+/* Four of six logical functions used in SHA-384 and SHA-512: */
+#define Sigma0_512(x)	(S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
+#define Sigma1_512(x)	(S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
+#define sigma0_512(x)	(S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7,   (x)))
+#define sigma1_512(x)	(S64(19, (x)) ^ S64(61, (x)) ^ R( 6,   (x)))
+
+/*** INTERNAL FUNCTION PROTOTYPES *************************************/
+/* NOTE: These should not be accessed directly from outside this
+ * library -- they are intended for private internal visibility/use
+ * only.
+ */
+void SHA512_Last(SHA512_CTX*);
+void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
+void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
+
+
+/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
+/* Hash constant words K for SHA-256: */
+const static sha2_word32 K256[64] = {
+	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/* Initial hash value H for SHA-256: */
+const static sha2_word32 sha256_initial_hash_value[8] = {
+	0x6a09e667UL,
+	0xbb67ae85UL,
+	0x3c6ef372UL,
+	0xa54ff53aUL,
+	0x510e527fUL,
+	0x9b05688cUL,
+	0x1f83d9abUL,
+	0x5be0cd19UL
+};
+
+/* Hash constant words K for SHA-384 and SHA-512: */
+const static sha2_word64 K512[80] = {
+	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
+	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
+	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
+	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
+	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
+	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
+	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
+	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
+	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
+	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
+	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+/* Initial hash value H for SHA-384 */
+const static sha2_word64 sha384_initial_hash_value[8] = {
+	0xcbbb9d5dc1059ed8ULL,
+	0x629a292a367cd507ULL,
+	0x9159015a3070dd17ULL,
+	0x152fecd8f70e5939ULL,
+	0x67332667ffc00b31ULL,
+	0x8eb44a8768581511ULL,
+	0xdb0c2e0d64f98fa7ULL,
+	0x47b5481dbefa4fa4ULL
+};
+
+/* Initial hash value H for SHA-512 */
+const static sha2_word64 sha512_initial_hash_value[8] = {
+	0x6a09e667f3bcc908ULL,
+	0xbb67ae8584caa73bULL,
+	0x3c6ef372fe94f82bULL,
+	0xa54ff53a5f1d36f1ULL,
+	0x510e527fade682d1ULL,
+	0x9b05688c2b3e6c1fULL,
+	0x1f83d9abfb41bd6bULL,
+	0x5be0cd19137e2179ULL
+};
+
+/*
+ * Constant used by SHA256/384/512_End() functions for converting the
+ * digest to a readable hexadecimal character string:
+ */
+static const char *sha2_hex_digits = "0123456789abcdef";
+
+
+/*** SHA-256: *********************************************************/
+void SHA256_Init(SHA256_CTX* context) {
+	if (context == (SHA256_CTX*)0) {
+		return;
+	}
+	MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
+	MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
+	context->bitcount = 0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-256 round macros: */
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+
+#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
+	REVERSE32(*data++, W256[j]); \
+	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
+             K256[j] + W256[j]; \
+	(d) += T1; \
+	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+	j++
+
+
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
+	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
+	     K256[j] + (W256[j] = *data++); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+	j++
+
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND256(a,b,c,d,e,f,g,h)	\
+	s0 = W256[(j+1)&0x0f]; \
+	s0 = sigma0_256(s0); \
+	s1 = W256[(j+14)&0x0f]; \
+	s1 = sigma1_256(s1); \
+	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
+	     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+	j++
+
+void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
+	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word32	T1, *W256;
+	int		j;
+
+	W256 = (sha2_word32*)context->buffer;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+		/* Rounds 0 to 15 (unrolled): */
+		ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
+		ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
+		ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
+		ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
+		ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
+		ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
+		ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
+		ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
+	} while (j < 16);
+
+	/* Now for the remaining rounds to 64: */
+	do {
+		ROUND256(a,b,c,d,e,f,g,h);
+		ROUND256(h,a,b,c,d,e,f,g);
+		ROUND256(g,h,a,b,c,d,e,f);
+		ROUND256(f,g,h,a,b,c,d,e);
+		ROUND256(e,f,g,h,a,b,c,d);
+		ROUND256(d,e,f,g,h,a,b,c);
+		ROUND256(c,d,e,f,g,h,a,b);
+		ROUND256(b,c,d,e,f,g,h,a);
+	} while (j < 64);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = 0;
+}
+
+#else /* SHA2_UNROLL_TRANSFORM */
+
+void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
+	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word32	T1, T2, *W256;
+	int		j;
+
+	W256 = (sha2_word32*)context->buffer;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+#if BYTE_ORDER == LITTLE_ENDIAN
+		/* Copy data while converting to host byte order */
+		REVERSE32(*data++,W256[j]);
+		/* Apply the SHA-256 compression function to update a..h */
+		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+		/* Apply the SHA-256 compression function to update a..h with copy */
+		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+		T2 = Sigma0_256(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 16);
+
+	do {
+		/* Part of the message block expansion: */
+		s0 = W256[(j+1)&0x0f];
+		s0 = sigma0_256(s0);
+		s1 = W256[(j+14)&0x0f];	
+		s1 = sigma1_256(s1);
+
+		/* Apply the SHA-256 compression function to update a..h */
+		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 
+		     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
+		T2 = Sigma0_256(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 64);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = T2 = 0;
+}
+
+#endif /* SHA2_UNROLL_TRANSFORM */
+
+void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
+	unsigned int	freespace, usedspace;
+
+	if (len == 0) {
+		/* Calling with no data is valid - we do nothing */
+		return;
+	}
+
+	/* Sanity check: */
+	assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
+
+	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+	if (usedspace > 0) {
+		/* Calculate how much free space is available in the buffer */
+		freespace = SHA256_BLOCK_LENGTH - usedspace;
+
+		if (len >= freespace) {
+			/* Fill the buffer completely and process it */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
+			context->bitcount += freespace << 3;
+			len -= freespace;
+			data += freespace;
+			SHA256_Transform(context, (sha2_word32*)context->buffer);
+		} else {
+			/* The buffer is not yet full */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
+			context->bitcount += len << 3;
+			/* Clean up: */
+			usedspace = freespace = 0;
+			return;
+		}
+	}
+	while (len >= SHA256_BLOCK_LENGTH) {
+		/* Process as many complete blocks as we can */
+		SHA256_Transform(context, (sha2_word32*)data);
+		context->bitcount += SHA256_BLOCK_LENGTH << 3;
+		len -= SHA256_BLOCK_LENGTH;
+		data += SHA256_BLOCK_LENGTH;
+	}
+	if (len > 0) {
+		/* There's left-overs, so save 'em */
+		MEMCPY_BCOPY(context->buffer, data, len);
+		context->bitcount += len << 3;
+	}
+	/* Clean up: */
+	usedspace = freespace = 0;
+}
+
+void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
+	sha2_word32	*d = (sha2_word32*)digest;
+	unsigned int	usedspace;
+
+	/* Sanity check: */
+	assert(context != (SHA256_CTX*)0);
+
+	/* If no digest buffer is passed, we don't bother doing this: */
+	if (digest != (sha2_byte*)0) {
+		usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+#if BYTE_ORDER == LITTLE_ENDIAN
+		/* Convert FROM host byte order */
+		REVERSE64(context->bitcount,context->bitcount);
+#endif
+		if (usedspace > 0) {
+			/* Begin padding with a 1 bit: */
+			context->buffer[usedspace++] = 0x80;
+
+			if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
+				/* Set-up for the last transform: */
+				MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
+			} else {
+				if (usedspace < SHA256_BLOCK_LENGTH) {
+					MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
+				}
+				/* Do second-to-last transform: */
+				SHA256_Transform(context, (sha2_word32*)context->buffer);
+
+				/* And set-up for the last transform: */
+				MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
+			}
+		} else {
+			/* Set-up for the last transform: */
+			MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
+
+			/* Begin padding with a 1 bit: */
+			*context->buffer = 0x80;
+		}
+		/* Set the bit count: */
+		*(sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
+
+		/* Final transform: */
+		SHA256_Transform(context, (sha2_word32*)context->buffer);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+		{
+			/* Convert TO host byte order */
+			int	j;
+			for (j = 0; j < 8; j++) {
+				REVERSE32(context->state[j],context->state[j]);
+				*d++ = context->state[j];
+			}
+		}
+#else
+		MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
+#endif
+	}
+
+	/* Clean up state data: */
+	MEMSET_BZERO(context, sizeof(context));
+	usedspace = 0;
+}
+
+char *SHA256_End(SHA256_CTX* context, char buffer[]) {
+	sha2_byte	digest[SHA256_DIGEST_LENGTH], *d = digest;
+	int		i;
+
+	/* Sanity check: */
+	assert(context != (SHA256_CTX*)0);
+
+	if (buffer != (char*)0) {
+		SHA256_Final(digest, context);
+
+		for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = sha2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = (char)0;
+	} else {
+		MEMSET_BZERO(context, sizeof(context));
+	}
+	MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
+	return buffer;
+}
+
+char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
+	SHA256_CTX	context;
+
+	SHA256_Init(&context);
+	SHA256_Update(&context, data, len);
+	return SHA256_End(&context, digest);
+}
+
+
+/*** SHA-512: *********************************************************/
+void SHA512_Init(SHA512_CTX* context) {
+	if (context == (SHA512_CTX*)0) {
+		return;
+	}
+	MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
+	MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
+	context->bitcount[0] = context->bitcount[1] =  0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-512 round macros: */
+#if BYTE_ORDER == LITTLE_ENDIAN
+
+#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
+	REVERSE64(*data++, W512[j]); \
+	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
+             K512[j] + W512[j]; \
+	(d) += T1, \
+	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
+	j++
+
+
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
+	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
+             K512[j] + (W512[j] = *data++); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
+	j++
+
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND512(a,b,c,d,e,f,g,h)	\
+	s0 = W512[(j+1)&0x0f]; \
+	s0 = sigma0_512(s0); \
+	s1 = W512[(j+14)&0x0f]; \
+	s1 = sigma1_512(s1); \
+	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
+             (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
+	j++
+
+void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
+	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word64	T1, *W512 = (sha2_word64*)context->buffer;
+	int		j;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+		ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
+		ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
+		ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
+		ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
+		ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
+		ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
+		ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
+		ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
+	} while (j < 16);
+
+	/* Now for the remaining rounds up to 79: */
+	do {
+		ROUND512(a,b,c,d,e,f,g,h);
+		ROUND512(h,a,b,c,d,e,f,g);
+		ROUND512(g,h,a,b,c,d,e,f);
+		ROUND512(f,g,h,a,b,c,d,e);
+		ROUND512(e,f,g,h,a,b,c,d);
+		ROUND512(d,e,f,g,h,a,b,c);
+		ROUND512(c,d,e,f,g,h,a,b);
+		ROUND512(b,c,d,e,f,g,h,a);
+	} while (j < 80);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = 0;
+}
+
+#else /* SHA2_UNROLL_TRANSFORM */
+
+void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
+	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word64	T1, T2, *W512 = (sha2_word64*)context->buffer;
+	int		j;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+#if BYTE_ORDER == LITTLE_ENDIAN
+		/* Convert TO host byte order */
+		REVERSE64(*data++, W512[j]);
+		/* Apply the SHA-512 compression function to update a..h */
+		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+		/* Apply the SHA-512 compression function to update a..h with copy */
+		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+		T2 = Sigma0_512(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 16);
+
+	do {
+		/* Part of the message block expansion: */
+		s0 = W512[(j+1)&0x0f];
+		s0 = sigma0_512(s0);
+		s1 = W512[(j+14)&0x0f];
+		s1 =  sigma1_512(s1);
+
+		/* Apply the SHA-512 compression function to update a..h */
+		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
+		     (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
+		T2 = Sigma0_512(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 80);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = T2 = 0;
+}
+
+#endif /* SHA2_UNROLL_TRANSFORM */
+
+void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
+	unsigned int	freespace, usedspace;
+
+	if (len == 0) {
+		/* Calling with no data is valid - we do nothing */
+		return;
+	}
+
+	/* Sanity check: */
+	assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
+
+	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
+	if (usedspace > 0) {
+		/* Calculate how much free space is available in the buffer */
+		freespace = SHA512_BLOCK_LENGTH - usedspace;
+
+		if (len >= freespace) {
+			/* Fill the buffer completely and process it */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
+			ADDINC128(context->bitcount, freespace << 3);
+			len -= freespace;
+			data += freespace;
+			SHA512_Transform(context, (sha2_word64*)context->buffer);
+		} else {
+			/* The buffer is not yet full */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
+			ADDINC128(context->bitcount, len << 3);
+			/* Clean up: */
+			usedspace = freespace = 0;
+			return;
+		}
+	}
+	while (len >= SHA512_BLOCK_LENGTH) {
+		/* Process as many complete blocks as we can */
+		SHA512_Transform(context, (sha2_word64*)data);
+		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
+		len -= SHA512_BLOCK_LENGTH;
+		data += SHA512_BLOCK_LENGTH;
+	}
+	if (len > 0) {
+		/* There's left-overs, so save 'em */
+		MEMCPY_BCOPY(context->buffer, data, len);
+		ADDINC128(context->bitcount, len << 3);
+	}
+	/* Clean up: */
+	usedspace = freespace = 0;
+}
+
+void SHA512_Last(SHA512_CTX* context) {
+	unsigned int	usedspace;
+
+	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
+#if BYTE_ORDER == LITTLE_ENDIAN
+	/* Convert FROM host byte order */
+	REVERSE64(context->bitcount[0],context->bitcount[0]);
+	REVERSE64(context->bitcount[1],context->bitcount[1]);
+#endif
+	if (usedspace > 0) {
+		/* Begin padding with a 1 bit: */
+		context->buffer[usedspace++] = 0x80;
+
+		if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
+			/* Set-up for the last transform: */
+			MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
+		} else {
+			if (usedspace < SHA512_BLOCK_LENGTH) {
+				MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
+			}
+			/* Do second-to-last transform: */
+			SHA512_Transform(context, (sha2_word64*)context->buffer);
+
+			/* And set-up for the last transform: */
+			MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
+		}
+	} else {
+		/* Prepare for final transform: */
+		MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
+
+		/* Begin padding with a 1 bit: */
+		*context->buffer = 0x80;
+	}
+	/* Store the length of input data (in bits): */
+	*(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
+	*(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
+
+	/* Final transform: */
+	SHA512_Transform(context, (sha2_word64*)context->buffer);
+}
+
+void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
+	sha2_word64	*d = (sha2_word64*)digest;
+
+	/* Sanity check: */
+	assert(context != (SHA512_CTX*)0);
+
+	/* If no digest buffer is passed, we don't bother doing this: */
+	if (digest != (sha2_byte*)0) {
+		SHA512_Last(context);
+
+		/* Save the hash data for output: */
+#if BYTE_ORDER == LITTLE_ENDIAN
+		{
+			/* Convert TO host byte order */
+			int	j;
+			for (j = 0; j < 8; j++) {
+				REVERSE64(context->state[j],context->state[j]);
+				*d++ = context->state[j];
+			}
+		}
+#else
+		MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
+#endif
+	}
+
+	/* Zero out state data */
+	MEMSET_BZERO(context, sizeof(context));
+}
+
+char *SHA512_End(SHA512_CTX* context, char buffer[]) {
+	sha2_byte	digest[SHA512_DIGEST_LENGTH], *d = digest;
+	int		i;
+
+	/* Sanity check: */
+	assert(context != (SHA512_CTX*)0);
+
+	if (buffer != (char*)0) {
+		SHA512_Final(digest, context);
+
+		for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
+			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = sha2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = (char)0;
+	} else {
+		MEMSET_BZERO(context, sizeof(context));
+	}
+	MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
+	return buffer;
+}
+
+char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
+	SHA512_CTX	context;
+
+	SHA512_Init(&context);
+	SHA512_Update(&context, data, len);
+	return SHA512_End(&context, digest);
+}
+
+
+/*** SHA-384: *********************************************************/
+void SHA384_Init(SHA384_CTX* context) {
+	if (context == (SHA384_CTX*)0) {
+		return;
+	}
+	MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
+	MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
+	context->bitcount[0] = context->bitcount[1] = 0;
+}
+
+void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
+	SHA512_Update((SHA512_CTX*)context, data, len);
+}
+
+void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
+	sha2_word64	*d = (sha2_word64*)digest;
+
+	/* Sanity check: */
+	assert(context != (SHA384_CTX*)0);
+
+	/* If no digest buffer is passed, we don't bother doing this: */
+	if (digest != (sha2_byte*)0) {
+		SHA512_Last((SHA512_CTX*)context);
+
+		/* Save the hash data for output: */
+#if BYTE_ORDER == LITTLE_ENDIAN
+		{
+			/* Convert TO host byte order */
+			int	j;
+			for (j = 0; j < 6; j++) {
+				REVERSE64(context->state[j],context->state[j]);
+				*d++ = context->state[j];
+			}
+		}
+#else
+		MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
+#endif
+	}
+
+	/* Zero out state data */
+	MEMSET_BZERO(context, sizeof(context));
+}
+
+char *SHA384_End(SHA384_CTX* context, char buffer[]) {
+	sha2_byte	digest[SHA384_DIGEST_LENGTH], *d = digest;
+	int		i;
+
+	/* Sanity check: */
+	assert(context != (SHA384_CTX*)0);
+
+	if (buffer != (char*)0) {
+		SHA384_Final(digest, context);
+
+		for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
+			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = sha2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = (char)0;
+	} else {
+		MEMSET_BZERO(context, sizeof(context));
+	}
+	MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
+	return buffer;
+}
+
+char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
+	SHA384_CTX	context;
+
+	SHA384_Init(&context);
+	SHA384_Update(&context, data, len);
+	return SHA384_End(&context, digest);
+}
+

Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.h
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.h	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/sha2.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,198 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/sha2/sha2.h,v 1.1.2.1 2009/01/26 21:07:06 quanah Exp $ */
+/*
+ * FILE:	sha2.h
+ * AUTHOR:	Aaron D. Gifford - http://www.aarongifford.com/
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
+ */
+
+#ifndef __SHA2_H__
+#define __SHA2_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+ * Import u_intXX_t size_t type definitions from system headers.  You
+ * may need to change this, or define these things yourself in this
+ * file.
+ */
+#include <sys/types.h>
+
+#ifdef SHA2_USE_INTTYPES_H
+
+#include <inttypes.h>
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+#define SHA256_BLOCK_LENGTH		64
+#define SHA256_DIGEST_LENGTH		32
+#define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
+#define SHA384_BLOCK_LENGTH		128
+#define SHA384_DIGEST_LENGTH		48
+#define SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
+#define SHA512_BLOCK_LENGTH		128
+#define SHA512_DIGEST_LENGTH		64
+#define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
+
+
+/*** SHA-256/384/512 Context Structures *******************************/
+/* NOTE: If your architecture does not define either u_intXX_t types or
+ * uintXX_t (from inttypes.h), you may need to define things by hand
+ * for your system:
+ */
+#if 0
+typedef unsigned char u_int8_t;		/* 1-byte  (8-bits)  */
+typedef unsigned int u_int32_t;		/* 4-bytes (32-bits) */
+typedef unsigned long long u_int64_t;	/* 8-bytes (64-bits) */
+#endif
+/*
+ * Most BSD systems already define u_intXX_t types, as does Linux.
+ * Some systems, however, like Compaq's Tru64 Unix instead can use
+ * uintXX_t types defined by very recent ANSI C standards and included
+ * in the file:
+ *
+ *   #include <inttypes.h>
+ *
+ * If you choose to use <inttypes.h> then please define: 
+ *
+ *   #define SHA2_USE_INTTYPES_H
+ *
+ * Or on the command line during compile:
+ *
+ *   cc -DSHA2_USE_INTTYPES_H ...
+ */
+#ifdef SHA2_USE_INTTYPES_H
+
+typedef struct _SHA256_CTX {
+	uint32_t	state[8];
+	uint64_t	bitcount;
+	uint8_t	buffer[SHA256_BLOCK_LENGTH];
+} SHA256_CTX;
+typedef struct _SHA512_CTX {
+	uint64_t	state[8];
+	uint64_t	bitcount[2];
+	uint8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+
+#else /* SHA2_USE_INTTYPES_H */
+
+typedef struct _SHA256_CTX {
+	u_int32_t	state[8];
+	u_int64_t	bitcount;
+	u_int8_t	buffer[SHA256_BLOCK_LENGTH];
+} SHA256_CTX;
+typedef struct _SHA512_CTX {
+	u_int64_t	state[8];
+	u_int64_t	bitcount[2];
+	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+typedef SHA512_CTX SHA384_CTX;
+
+
+/*** SHA-256/384/512 Function Prototypes ******************************/
+#ifndef NOPROTO
+#ifdef SHA2_USE_INTTYPES_H
+
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const uint8_t*, size_t);
+void SHA256_Final(uint8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const uint8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const uint8_t*, size_t);
+void SHA384_Final(uint8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const uint8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, const uint8_t*, size_t);
+void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
+char* SHA512_Data(const uint8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+
+#else /* SHA2_USE_INTTYPES_H */
+
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const u_int8_t*, size_t);
+void SHA256_Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const u_int8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const u_int8_t*, size_t);
+void SHA384_Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const u_int8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, const u_int8_t*, size_t);
+void SHA512_Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
+char* SHA512_Data(const u_int8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+#else /* NOPROTO */
+
+void SHA256_Init();
+void SHA256_Update();
+void SHA256_Final();
+char* SHA256_End();
+char* SHA256_Data();
+
+void SHA384_Init();
+void SHA384_Update();
+void SHA384_Final();
+char* SHA384_End();
+char* SHA384_Data();
+
+void SHA512_Init();
+void SHA512_Update();
+void SHA512_Final();
+char* SHA512_End();
+char* SHA512_Data();
+
+#endif /* NOPROTO */
+
+#ifdef	__cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __SHA2_H__ */
+

Added: openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/slapd-sha2.c	                        (rev 0)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/passwd/sha2/slapd-sha2.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,141 @@
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/passwd/sha2/slapd-sha2.c,v 1.1.2.1 2009/01/26 21:07:06 quanah Exp $ */
+#include <lber.h>
+#include <lber_pvt.h> // Required for BER_BVC
+#include <ac/string.h> // Required for BER_BVC dep
+#include "lutil.h"
+#include <stdint.h>
+#include <string.h>	/* memcpy()/memset() or bcopy()/bzero() */
+#include <assert.h>	/* assert() */
+#include "sha2.h"
+
+#ifdef SLAPD_SHA2_DEBUG
+#include <stdio.h>
+#endif
+
+char * sha256_hex_hash(const char * passwd) {
+
+	SHA256_CTX ct;
+	unsigned char hash[SHA256_DIGEST_LENGTH];
+	static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1]; // extra char for \0
+
+	SHA256_Init(&ct);
+	SHA256_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
+	SHA256_Final(hash, &ct);
+
+        /* base64 encode it */
+	lutil_b64_ntop(
+			hash,
+			SHA256_DIGEST_LENGTH,
+			real_hash,
+			LUTIL_BASE64_ENCODE_LEN(SHA256_DIGEST_LENGTH)+1
+			);
+
+	return real_hash;
+}
+
+
+char * sha384_hex_hash(const char * passwd) {
+
+	SHA384_CTX ct;
+	unsigned char hash[SHA384_DIGEST_LENGTH];
+	static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1]; // extra char for \0
+
+	SHA384_Init(&ct);
+	SHA384_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
+	SHA384_Final(hash, &ct);
+
+        /* base64 encode it */
+	lutil_b64_ntop(
+			hash,
+			SHA384_DIGEST_LENGTH,
+			real_hash,
+			LUTIL_BASE64_ENCODE_LEN(SHA384_DIGEST_LENGTH)+1
+			);
+
+	return real_hash;
+}
+
+char * sha512_hex_hash(const char * passwd) {
+
+	SHA512_CTX ct;
+	unsigned char hash[SHA512_DIGEST_LENGTH];
+	static char real_hash[LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1]; // extra char for \0
+
+	SHA512_Init(&ct);
+	SHA512_Update(&ct, (const uint8_t*)passwd, strlen(passwd));
+	SHA512_Final(hash, &ct);
+
+        /* base64 encode it */
+	lutil_b64_ntop(
+			hash,
+			SHA512_DIGEST_LENGTH,
+			real_hash,
+			LUTIL_BASE64_ENCODE_LEN(SHA512_DIGEST_LENGTH)+1
+			);
+
+	return real_hash;
+}
+
+static int chk_sha256(
+	const struct berval *scheme, // Scheme of hashed reference password
+	const struct berval *passwd, // Hashed reference password to check against
+	const struct berval *cred, // user-supplied password to check
+	const char **text )
+{
+#ifdef SLAPD_SHA2_DEBUG
+	fprintf(stderr, "Validating password\n");
+	fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
+	fprintf(stderr, "  Hashes to: %s\n", sha256_hex_hash(cred->bv_val));
+	fprintf(stderr, "  Stored password scheme: %s\n", scheme->bv_val);
+	fprintf(stderr, "  Stored password value: %s\n", passwd->bv_val);
+	fprintf(stderr, "  -> Passwords %s\n", strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
+#endif
+	return (strcmp(sha256_hex_hash(cred->bv_val), passwd->bv_val));
+}
+
+static int chk_sha384(
+	const struct berval *scheme, // Scheme of hashed reference password
+	const struct berval *passwd, // Hashed reference password to check against
+	const struct berval *cred, // user-supplied password to check
+	const char **text )
+{
+#ifdef SLAPD_SHA2_DEBUG
+	fprintf(stderr, "Validating password\n");
+	fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
+	fprintf(stderr, "  Hashes to: %s\n", sha384_hex_hash(cred->bv_val));
+	fprintf(stderr, "  Stored password scheme: %s\n", scheme->bv_val);
+	fprintf(stderr, "  Stored password value: %s\n", passwd->bv_val);
+	fprintf(stderr, "  -> Passwords %s\n", strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
+#endif
+	return (strcmp(sha384_hex_hash(cred->bv_val), passwd->bv_val));
+}
+
+static int chk_sha512(
+	const struct berval *scheme, // Scheme of hashed reference password
+	const struct berval *passwd, // Hashed reference password to check against
+	const struct berval *cred, // user-supplied password to check
+	const char **text )
+{
+#ifdef SLAPD_SHA2_DEBUG
+	fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
+	fprintf(stderr, "  Hashes to: %s\n", sha512_hex_hash(cred->bv_val));
+	fprintf(stderr, "  Stored password scheme: %s\n", scheme->bv_val);
+	fprintf(stderr, "  Stored password value: %s\n", passwd->bv_val);
+	fprintf(stderr, "  -> Passwords %s\n", strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val) == 0 ? "match" : "do not match");
+#endif
+	return (strcmp(sha512_hex_hash(cred->bv_val), passwd->bv_val));
+}
+
+const struct berval sha256scheme = BER_BVC("{SHA256}");
+const struct berval sha384scheme = BER_BVC("{SHA384}");
+const struct berval sha512scheme = BER_BVC("{SHA512}");
+
+int init_module(int argc, char *argv[]) {
+	int result = 0;
+	result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, NULL );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, NULL );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, NULL );
+	return result;
+}

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/smbk5pwd/smbk5pwd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 /* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.17.2.12 2008/07/09 22:59:00 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/smbk5pwd/smbk5pwd.c,v 1.17.2.14 2009/01/26 21:05:10 quanah Exp $ */
 /*
  * Copyright 2004-2005 by Howard Chu, Symas Corp.
  * All rights reserved.
@@ -59,12 +59,18 @@
 static AttributeDescription *ad_krb5Key;
 static AttributeDescription *ad_krb5KeyVersionNumber;
 static AttributeDescription *ad_krb5PrincipalName;
+static AttributeDescription *ad_krb5ValidEnd;
 static ObjectClass *oc_krb5KDCEntry;
 #endif
 
 #ifdef DO_SAMBA
+#ifdef HAVE_GNUTLS
+#include <gcrypt.h>
+typedef unsigned char DES_cblock[8];
+#else
 #include <openssl/des.h>
 #include <openssl/md4.h>
+#endif
 #include "ldap_utf8.h"
 
 static AttributeDescription *ad_sambaLMPassword;
@@ -129,7 +135,9 @@
 	k[6] = ((lpw[5]&0x3F)<<2) | (lpw[6]>>6);
 	k[7] = ((lpw[6]&0x7F)<<1);
 
+#ifdef HAVE_OPENSSL
 	des_set_odd_parity( key );
+#endif
 }
 
 #define MAX_PWLEN 256
@@ -163,21 +171,45 @@
 {
 	char UcasePassword[15];
 	DES_cblock key;
-	DES_key_schedule schedule;
 	DES_cblock StdText = "KGS!@#$%";
 	DES_cblock hbuf[2];
+#ifdef HAVE_OPENSSL
+	DES_key_schedule schedule;
+#elif defined(HAVE_GNUTLS)
+	gcry_cipher_hd_t h = NULL;
+	gcry_error_t err;
 
+	err = gcry_cipher_open( &h, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0 );
+	if ( err ) return;
+#endif
+
 	strncpy( UcasePassword, passwd->bv_val, 14 );
 	UcasePassword[14] = '\0';
 	ldap_pvt_str2upper( UcasePassword );
 
 	lmPasswd_to_key( UcasePassword, &key );
+#ifdef HAVE_GNUTLS
+	err = gcry_cipher_setkey( h, &key, sizeof(key) );
+	if ( err == 0 ) {
+		err = gcry_cipher_encrypt( h, &hbuf[0], sizeof(key), &StdText, sizeof(key) );
+		if ( err == 0 ) {
+			gcry_cipher_reset( h );
+			lmPasswd_to_key( &UcasePassword[7], &key );
+			err = gcry_cipher_setkey( h, &key, sizeof(key) );
+			if ( err == 0 ) {
+				err = gcry_cipher_encrypt( h, &hbuf[1], sizeof(key), &StdText, sizeof(key) );
+			}
+		}
+		gcry_cipher_close( h );
+	}
+#elif defined(HAVE_OPENSSL)
 	des_set_key_unchecked( &key, schedule );
 	des_ecb_encrypt( &StdText, &hbuf[0], schedule , DES_ENCRYPT );
 
 	lmPasswd_to_key( &UcasePassword[7], &key );
 	des_set_key_unchecked( &key, schedule );
 	des_ecb_encrypt( &StdText, &hbuf[1], schedule , DES_ENCRYPT );
+#endif
 
 	hexify( (char *)hbuf, hash );
 }
@@ -192,14 +224,20 @@
 	 * 256 UCS2 characters, not 256 bytes...
 	 */
 	char hbuf[HASHLEN];
+#ifdef HAVE_OPENSSL
 	MD4_CTX ctx;
+#endif
 
 	if (passwd->bv_len > MAX_PWLEN*2)
 		passwd->bv_len = MAX_PWLEN*2;
-		
+
+#ifdef HAVE_OPENSSL
 	MD4_Init( &ctx );
 	MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
 	MD4_Final( (unsigned char *)hbuf, &ctx );
+#elif defined(HAVE_GNUTLS)
+	gcry_md_hash_buffer(GCRY_MD_MD4, hbuf, passwd->bv_val, passwd->bv_len );
+#endif
 
 	hexify( hbuf, hash );
 }
@@ -273,9 +311,9 @@
 	int rc;
 	Entry *e;
 	Attribute *a;
-    krb5_error_code ret;
-    krb5_keyblock key;
-    krb5_salt salt;
+	krb5_error_code ret;
+	krb5_keyblock key;
+	krb5_salt salt;
 	hdb_entry ent;
 
 	/* Find our thread context, find our Operation */
@@ -300,6 +338,19 @@
 		memset( &ent, 0, sizeof(ent) );
 		ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
 		if ( ret ) break;
+
+		a = attr_find( e->e_attrs, ad_krb5ValidEnd );
+		if (a) {
+			struct lutil_tm tm;
+			struct lutil_timet tt;
+			if ( lutil_parsetime( a->a_vals[0].bv_val, &tm ) == 0 &&
+				lutil_tm2time( &tm, &tt ) == 0 && tt.tt_usec < op->o_time ) {
+				/* Account is expired */
+				rc = LUTIL_PASSWD_ERR;
+				break;
+			}
+		}
+
 		krb5_get_pw_salt( context, ent.principal, &salt );
 		krb5_free_principal( context, ent.principal );
 
@@ -840,6 +891,7 @@
 		{ "krb5Key",			&ad_krb5Key },
 		{ "krb5KeyVersionNumber",	&ad_krb5KeyVersionNumber },
 		{ "krb5PrincipalName",		&ad_krb5PrincipalName },
+		{ "krb5ValidEnd",		&ad_krb5ValidEnd },
 		{ NULL }
 	},
 #endif /* DO_KRB5 */
@@ -908,7 +960,7 @@
 			char *err_str, *err_msg = "<unknown error>";
 			err_str = krb5_get_error_string( context );
 			if (!err_str)
-				err_msg = krb5_get_err_text( context, ret );
+				err_msg = (char *)krb5_get_err_text( context, ret );
 			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
 				"unable to initialize krb5 admin context: %s (%d).\n",
 				err_str ? err_str : err_msg, ret, 0 );

Modified: openldap/vendor/openldap-release/contrib/slapd-modules/trace/trace.c
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-modules/trace/trace.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-modules/trace/trace.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* trace.c - traces overlay invocation */
-/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/trace/trace.c,v 1.2.2.3 2008/02/11 23:26:38 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/contrib/slapd-modules/trace/trace.c,v 1.2.2.4 2009/01/22 00:00:46 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2006-2008 The OpenLDAP Foundation.
+ * Copyright 2006-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/contrib/slapd-tools/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapd-tools/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapd-tools/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2004-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2004-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README
===================================================================
--- openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/contrib/slapi-plugins/addrdnvalues/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 2003-2008 The OpenLDAP Foundation. All rights reserved.
+Copyright 2003-2009 The OpenLDAP Foundation. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted only as authorized by the OpenLDAP

Modified: openldap/vendor/openldap-release/doc/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 ## doc Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/Makefile.in,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/Makefile.in,v 1.11.2.4 2009/01/22 00:00:46 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/devel/args
===================================================================
--- openldap/vendor/openldap-release/doc/devel/args	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/devel/args	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,11 +1,13 @@
 Tools           ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-ldapcompare      * DE**HI*K M*OPQR  UVWXYZ   de *h**k *nop*    vwxyz
-ldapdelete       *CDE**HI*K M*OPQR  UVWXYZ  cdef*h**k *nop*    vwxyz
-ldapmodify       *CDE**HI*K M*OPQRS UVWXYZabcde *h**k *nop*r t vwxy
-ldapmodrdn       *CDE**HI*K M*OPQR  UVWXYZ  cdef*h**k *nop*rs  vwxy
-ldappasswd      A*CDE**HI*   *O QRS UVWXYZa  def*h**  * o * s  vwxy  
-ldapsearch      A*CDE**HI*KLM*OPQRSTUVWXYZab def*h**kl*nop* stuvwxyz
-ldapwhoami       * DE**HI*   *O QR  UVWXYZ   def*h**  *nop*    vwxy 
+ldapcompare      * DE**HI** MNOPQR  UVWXYZ   de *h*** *nop*    vwxyz
+ldapdelete       *CDE**HI** MNOPQR  UVWXYZ  cdef*h*** *nop*    vwxyz
+ldapexop         * D **HI**  NO QR  UVWXYZ   de *h*** *nop     vwxy
+ldapmodify       *CDE**HI** MNOPQRS UVWXYZabcde *h*** *nop*r t vwxy
+ldapmodrdn       *CDE**HI** MNOPQR  UVWXYZ  cdef*h*** *nop*rs  vwxy
+ldappasswd      A*CDE**HI**  NO QRS UVWXYZa  def*h*** * o * s  vwxy  
+ldapsearch      A*CDE**HI**LMNOPQRSTUVWXYZab def*h***l*nop* stuvwxyz
+ldapurl          *  E**H **       S       ab   f*h*** *  p* s
+ldapwhoami       * DE**HI**  NO QR  UVWXYZ   def*h*** *nop*    vwxy 
 
 
 * reserved
@@ -32,6 +34,8 @@
 	-x simple bind
 	-y Bind password-file
 	-w Bind password
+
+Not used
 	-4 IPv4 only
 	-6 IPv6 only
 
@@ -50,10 +54,10 @@
 	-Q SASL quiet mode (default: automatic)
 
 
-* LDAPv2+ Only (DEPRECATED)
+* LDAPv2+ Only (REMOVED)
 	-K LDAPv2 Kerberos Bind (Step 1 only)
 	-k LDAPv2 Kerberos Bind
 
 
 ---
-$OpenLDAP: pkg/ldap/doc/devel/args,v 1.29.2.3 2008/02/09 00:53:37 quanah Exp $
+$OpenLDAP: pkg/ldap/doc/devel/args,v 1.29.2.5 2009/01/21 00:27:40 quanah Exp $

Modified: openldap/vendor/openldap-release/doc/guide/COPYRIGHT
===================================================================
--- openldap/vendor/openldap-release/doc/guide/COPYRIGHT	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/COPYRIGHT	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-Copyright 1998-2008 The OpenLDAP Foundation
+Copyright 1998-2009 The OpenLDAP Foundation
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -39,8 +39,8 @@
 Portions Copyright 1999-2008 Howard Y.H. Chu.
 Portions Copyright 1999-2008 Symas Corporation.
 Portions Copyright 1998-2003 Hallvard B. Furuseth.
-Portions Copyright 2008 Gavin Henry.
-Portions Copyright 2008 Suretec Systems.
+Portions Copyright 2008-2009 Gavin Henry.
+Portions Copyright 2008-2009 Suretec Systems Ltd.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/guide/admin/Makefile
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/Makefile	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 ## Makefile for OpenLDAP Administrator's Guide
-# $OpenLDAP: pkg/openldap-guide/admin/Makefile,v 1.5.2.10 2008/07/10 00:58:19 quanah Exp $
+# $OpenLDAP: pkg/openldap-guide/admin/Makefile,v 1.5.2.11 2009/01/22 00:00:47 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2005-2008 The OpenLDAP Foundation.
+## Copyright 2005-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/guide/admin/README.spellcheck
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/README.spellcheck	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/README.spellcheck	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/README.spellcheck,v 1.2.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/README.spellcheck,v 1.2.2.4 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # README.spellcheck 

Modified: openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/abstract.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/abstract.sdf,v 1.7.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/abstract.sdf,v 1.7.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 # 
 # OpenLDAP Administrator's Guide: Abstract

Modified: openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/access-control.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/access-control.sdf,v 1.3.2.2 2008/05/20 00:17:58 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/access-control.sdf,v 1.3.2.5 2009/02/02 22:45:18 quanah Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Access Control
@@ -218,8 +218,15 @@
 an entry and/or attribute, slapd compares the entry and/or attribute
 to the {{EX:<what>}} selectors given in the configuration file.
 For each entry, access controls provided in the database which holds
-the entry (or the first database if not held in any database) apply
-first, followed by the global access directives.  Within this
+the entry (or the global access directives if not held in any database) apply
+first, followed by the global access directives. However, when dealing with 
+an access list, because the global access list is effectively appended 
+to each per-database list, if the resulting list is non-empty then the 
+access list will end with an implicit {{EX:access to * by * none}} directive. 
+If there are no access directives applicable to a backend, then a default 
+read is used.
+
+Within this
 priority, access directives are examined in the order in which they
 appear in the config file.  Slapd stops with the first {{EX:<what>}}
 selector that matches the entry and/or attribute. The corresponding
@@ -304,9 +311,12 @@
 
 Also note that if no {{EX:access to}} directive matches or no {{EX:by
 <who>}} clause, {{B:access is denied}}.  That is, every {{EX:access
-to}} directive ends with an implicit {{EX:by * none}} clause and
-every access list ends with an implicit {{EX:access to * by * none}}
-directive.
+to}} directive ends with an implicit {{EX:by * none}} clause. When dealing
+with an access list, because the global access list is effectively appended 
+to each per-database list, if the resulting list is non-empty then the access 
+list will end with an implicit {{EX:access to * by * none}} directive. If
+there are no access directives applicable to a backend, then a default read is
+used.
 
 The next example again shows the importance of ordering, both of
 the access directives and the {{EX:by <who>}} clauses.  It also
@@ -422,9 +432,7 @@
 attributes.
 
 Lines 16 through 24 specify access control for entries in this
-database.  As this is the first database, the controls also apply
-to entries not held in any database (such as the Root DSE).  For
-all applicable entries, the {{EX:userPassword}} attribute is writable
+database. For all applicable entries, the {{EX:userPassword}} attribute is writable
 by the entry itself and by the "admin" entry.  It may be used for
 authentication/authorization purposes, but is otherwise not readable.
 All other attributes are writable by the entry and the "admin"
@@ -635,9 +643,16 @@
 an entry and/or attribute, slapd compares the entry and/or attribute
 to the {{EX:<what>}} selectors given in the configuration.  For
 each entry, access controls provided in the database which holds
-the entry (or the first database if not held in any database) apply
+the entry (or the global access directives if not held in any database) apply
 first, followed by the global access directives (which are held in
-the {{EX:frontend}} database definition).  Within this priority,
+the {{EX:frontend}} database definition). However, when dealing with 
+an access list, because the global access list is effectively appended 
+to each per-database list, if the resulting list is non-empty then the 
+access list will end with an implicit {{EX:access to * by * none}} directive. 
+If there are no access directives applicable to a backend, then a default 
+read is used.
+
+Within this priority,
 access directives are examined in the order in which they appear
 in the configuration attribute.  Slapd stops with the first
 {{EX:<what>}} selector that matches the entry and/or attribute. The
@@ -722,10 +737,11 @@
 are also under {{EX:dc=com}} entries.
 
 Also note that if no {{EX:olcAccess: to}} directive matches or no {{EX:by
-<who>}} clause, {{B:access is denied}}.  That is, every {{EX:olcAccess:
-to}} directive ends with an implicit {{EX:by * none}} clause and
-every access list ends with an implicit {{EX:olcAccess: to * by * none}}
-directive.
+<who>}} clause, {{B:access is denied}}.  When dealing with an access list, 
+because the global access list is effectively appended to each per-database 
+list, if the resulting list is non-empty then the access list will end with 
+an implicit {{EX:access to * by * none}} directive. If there are no access 
+directives applicable to a backend, then a default read is used.
 
 The next example again shows the importance of ordering, both of
 the access directives and the {{EX:by <who>}} clauses.  It also
@@ -944,9 +960,7 @@
 attributes.
 
 Lines 33 through 41 specify access control for entries in this
-database.  As this is the first database, the controls also apply
-to entries not held in any database (such as the Root DSE).  For
-all applicable entries, the {{EX:userPassword}} attribute is writable
+database. For all applicable entries, the {{EX:userPassword}} attribute is writable
 by the entry itself and by the "admin" entry.  It may be used for
 authentication/authorization purposes, but is otherwise not readable.
 All other attributes are writable by the entry and the "admin"

Modified: openldap/vendor/openldap-release/doc/guide/admin/admin.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/admin.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/admin.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/admin.sdf,v 1.2.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/admin.sdf,v 1.2.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # guide.sdf 

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-changes.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-changes.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-changes.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-changes.sdf,v 1.8.2.6 2008/04/14 22:36:18 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-changes.sdf,v 1.8.2.7 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Changes Since Previous Release

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-common-errors.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-common-errors.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-common-errors.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-common-errors.sdf,v 1.4.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-common-errors.sdf,v 1.4.2.5 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Common errors encountered when using OpenLDAP Software
@@ -162,7 +162,7 @@
 
 Common causes include:
 
-* extraneous white space (especially trailing white space)
+* extraneous whitespace (especially trailing whitespace)
 * improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode)
 * empty values (few syntaxes allow empty values)
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-configs.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-configs.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-configs.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-configs.sdf,v 1.2.2.4 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-configs.sdf,v 1.2.2.5 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Configuration File Examples

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-contrib.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-contrib.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-contrib.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-contrib.sdf,v 1.1.2.5 2008/07/09 00:40:40 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-contrib.sdf,v 1.1.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: OpenLDAP Software Contributions

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-deployments.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-deployments.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-deployments.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-deployments.sdf,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-deployments.sdf,v 1.1.2.4 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Real World OpenLDAP Deployments and Examples

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-ldap-result-codes.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-ldap-result-codes.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-ldap-result-codes.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,15 +1,19 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-ldap-result-codes.sdf,v 1.1.2.4 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-ldap-result-codes.sdf,v 1.1.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1:  LDAP Result Codes
 
 For the purposes of this guide, we have incorporated the standard LDAP result 
-codes from {{Appendix A.  LDAP Result Codes}} of rfc4511. A copy of which can 
+codes from {{Appendix A.  LDAP Result Codes}} of rfc4511, a copy of which can 
 be found in {{F:doc/rfc}} of the OpenLDAP source code.
 
 We have expanded the description of each error in relation to the OpenLDAP 
 toolsets.
+LDAP extensions may introduce extension-specific result codes, which are not part
+of rfc4511.
+OpenLDAP returns the result codes related to extensions it implements.
+Their meaning is documented in the extension they are related to.
 
 H2:  Non-Error Result Codes
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-recommended-versions.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-recommended-versions.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-recommended-versions.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-recommended-versions.sdf,v 1.3.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-recommended-versions.sdf,v 1.3.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Recommended OpenLDAP Software Dependency Versions
@@ -22,11 +22,11 @@
 |{{PRD:Heimdal}}|Version
 |{{PRD:MIT Kerberos}}|Version
 Database Software|{{PRD:Berkeley DB}}:|
-||4.2
 ||4.4
 ||4.5
 ||4.6
-||Note: It is highly recommended to apply the patches from for a given release.
+||4.7
+||Note: It is highly recommended to apply the patches from Oracle for a given release.
 Threads:
 |POSIX {{pthreads}}|Version
 |Mach {{CThreads}}|Version

Modified: openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/appendix-upgrading.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/appendix-upgrading.sdf,v 1.1.2.5 2008/05/20 00:17:58 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/appendix-upgrading.sdf,v 1.1.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Upgrading from 2.3.x

Modified: openldap/vendor/openldap-release/doc/guide/admin/aspell.en.pws
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/aspell.en.pws	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/aspell.en.pws	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-personal_ws-1.1 en 1644 
+personal_ws-1.1 en 1687 
 commonName
 bla
 Masarati
@@ -6,8 +6,8 @@
 api
 usnCreated
 BhY
+olcSyncRepl
 olcSyncrepl
-olcSyncRepl
 adamsom
 adamson
 CER
@@ -25,6 +25,7 @@
 BNF
 TLSEphemeralDHParamFile
 ppolicy
+gavin
 ASN
 ava
 Chu
@@ -39,8 +40,8 @@
 dev
 reqNewSuperior
 librewrite
+memberof
 memberOf
-memberof
 BSI
 updateref
 buf
@@ -64,6 +65,7 @@
 CRP
 postread
 csn
+laura
 checkpass
 xvfB
 neverDerefaliases
@@ -82,6 +84,7 @@
 ando
 reqDeleteOldRDN
 DSA
+dontusecopy
 msgfree
 DSE
 keycol
@@ -89,14 +92,15 @@
 eng
 AttributeValue
 attributevalue
+DUA
 EOF
-DUA
 inputfile
 DSP
 refreshDone
 dst
 NOSYNC
 env
+pagedResultsControl
 dup
 hdb
 LDIFv
@@ -105,9 +109,11 @@
 subschemaSubentry
 interoperate
 gid
+testdb
 gif
 memfree
 struct
+dirsync
 IAB
 fmt
 SysNet
@@ -125,15 +131,16 @@
 contextCSN
 auditModify
 auditSearch
+OpenLDAP
 openldap
-OpenLDAP
+resultcode
 resultCode
-resultcode
 sysconfig
 indices
 blen
 APIs
 lresolv
+uidObject
 Contribware
 directoryString
 database's
@@ -141,6 +148,7 @@
 qbuaQ
 gss
 ZKKuqbEKJfKSXhUbHG
+employeeType
 invalidAttributeSyntax
 subtree
 Kartik
@@ -149,6 +157,7 @@
 memcalloc
 ing
 filtertype
+ini
 XKqkdPOmY
 regcomp
 ldapmodify
@@ -160,17 +169,18 @@
 dynlist
 args
 hardcoded
+pgsql
 argv
 kdz
 notAllowedOnRDN
 hostport
+StartTLS
 starttls
-StartTLS
 ldb
 servercredp
 ldd
+IPv
 ipv
-IPv
 hyc
 joe
 bindmethods
@@ -202,8 +212,8 @@
 acknowledgements
 jts
 createTimestamp
+MIB
 LLL
-MIB
 OpenSSL
 openssl
 LOF
@@ -243,10 +253,10 @@
 aeeiib
 oidlen
 submatches
+PEM
 olc
-PEM
+OLF
 PDU
-OLF
 LDAPSchemaExtensionItem
 auth
 Pierangelo
@@ -262,10 +272,11 @@
 numattrsets
 requestDN
 caseExactSubstringsMatch
+NSS
 PKI
-NSS
 olcSyncProvConfig
 ple
+jones
 NTP
 auditModRDN
 checkpointing
@@ -286,9 +297,9 @@
 wZFQrDD
 OTP
 olcSizeLimit
+PRD
+sbi
 pos
-sbi
-PRD
 pre
 sudoadm
 stringal
@@ -308,8 +319,8 @@
 HtZhZS
 TBC
 stringbv
+SHA
 Sep
-SHA
 ptr
 conn
 pwd
@@ -326,8 +337,8 @@
 supportedSASLMechanism
 supportedSASLmechanism
 realnamingcontext
+UCD
 SMD
-UCD
 keytab
 portnumber
 uncached
@@ -340,8 +351,8 @@
 UCS
 searchDN
 keytbl
+UDP
 tgz
-UDP
 freemods
 prepend
 nssov
@@ -359,22 +370,23 @@
 objectClassViolation
 ssf
 ldapfilter
+vec
+TOC
 rwm
-TOC
-vec
 pwdChangedTime
 tls
 peernamestyle
 xpasswd
+SRP
 tmp
-SRP
 SSL
 dupbv
 CPUs
+itsupport
 SRV
 entrymods
+sss
 rwx
-sss
 reqNewRDN
 nopresent
 rebindproc
@@ -402,6 +414,7 @@
 uri
 tty
 url
+sambaGroupMapping
 XED
 sortKey
 UTF
@@ -413,6 +426,7 @@
 txt
 UTR
 XER
+roomNumber
 olcDbIDLcacheSize
 namespace
 LDAPControl
@@ -435,8 +449,8 @@
 MezRroT
 GDBM
 LIBRELEASE
+DSA's
 DSAs
-DSA's
 realloc
 booleanMatch
 compareTrue
@@ -455,6 +469,7 @@
 derated
 auditDelete
 cn
+ee
 versa
 cp
 bv
@@ -477,6 +492,7 @@
 regexec
 IG
 msgidp
+noEstimate
 kb
 organizationalUnit
 Warper
@@ -495,8 +511,8 @@
 iZ
 ldapdelete
 xyz
+rdbms
 RDBMs
-rdbms
 extparam
 mk
 ng
@@ -505,6 +521,7 @@
 NL
 logfiles
 mr
+octetStringSubstringsMatch
 ok
 mv
 LTVERSION
@@ -560,8 +577,8 @@
 LDVERSION
 testAttr
 backend
+backends
 backend's
-backends
 BerValues
 Solaris
 structs
@@ -573,15 +590,16 @@
 policyDN
 testObject
 pwdMaxAge
+binddn
+bindDN
 bindDn
-bindDN
-binddn
 distributedOperation
 schemachecking
 strvals
 dataflow
 robert
 fqdn
+prtotal
 admittable
 Makefile
 IANA
@@ -595,6 +613,7 @@
 searchResultDone
 MAXLEN
 pwdInHistory
+realtime
 reqAttrsOnly
 sysconfdir
 searchResultReference
@@ -612,20 +631,21 @@
 bindpw
 AUTHNAME
 UniqueName
+blahblah
 saslmech
 pthreads
 IEEE
 regex
 SIGINT
 slappasswd
+errABsObject
 errAbsObject
-errABsObject
 ldapexop
+objectIdentifier
 objectidentifier
-objectIdentifier
 deallocators
+mirrormode
 MirrorMode
-mirrormode
 loopDetect
 SIGHUP
 authMethodNotSupported
@@ -642,8 +662,8 @@
 expr
 syntaxes
 memrealloc
+returncode
 returnCode
-returncode
 OpenLDAP's
 exts
 bitstringa
@@ -667,8 +687,8 @@
 lldap
 cachesize
 slapauth
+attributeType
 attributetype
-attributeType
 GSER
 olcDbNosync
 typedef
@@ -685,13 +705,15 @@
 TLSVerifyClient
 noidlen
 LDAPNOINIT
+henry
+pwdGraceAuthnLimit
 pwdGraceAuthNLimit
-pwdGraceAuthnLimit
 hnPk
+userpassword
 userPassword
-userpassword
 noanonymous
 LIBVERSION
+anyuser
 symas
 dcedn
 glibc
@@ -708,12 +730,14 @@
 organisations
 rewriteMap
 monitoredInfo
+modrDN
+ModRDN
 modrdn
-ModRDN
-modrDN
 HREF
 DQTxCYEApdUtNXGgdUac
 inline
+ConnSettings
+ShowSystemTables
 multiproxy
 reqSizeLimit
 kerberos
@@ -723,8 +747,8 @@
 rlookups
 siiiib
 LTSTATIC
+timelimitExceeded
 timeLimitExceeded
-timelimitExceeded
 XKYnrjvGT
 subtrees
 unixODBC
@@ -736,9 +760,10 @@
 dnstyle
 inet
 schemas
+pwdPolicySubentry
 pwdPolicySubEntry
-pwdPolicySubentry
 reqId
+backsql
 scanf
 olcBackend
 TLSCACertificatePath
@@ -765,6 +790,7 @@
 GCmfuqEvm
 multimaster
 testrun
+olcUniqueURI
 rewriteEngine
 slapdindex
 LTFINISH
@@ -798,6 +824,7 @@
 dbnum
 operationsError
 homePhone
+octetStringOrderingMatch
 testTwo
 BmIwN
 ldif
@@ -805,6 +832,7 @@
 plaintext
 someoneelse
 errDisconnect
+UserName
 username
 accessee
 LDAPURLDesc
@@ -969,11 +997,13 @@
 proxyAuthz
 config
 IDSET
-ODBC
+odbc
 searchFilter
 wholeSubtree
 SASLprep
 nisMailAlias
+libodbcpsqlS
+OxObjects
 attributeDescription
 groupnummer
 lsei
@@ -1030,6 +1060,7 @@
 attribute's
 pPasswd
 metadirectory
+Mitya
 assciated
 myObjectClass
 OIDs
@@ -1070,8 +1101,8 @@
 errObject
 XXLIBS
 reqAssertion
+nops
 PDUs
-nops
 baseObject
 bvecadd
 perl
@@ -1122,6 +1153,7 @@
 filterlist
 generalizedTimeMatch
 strongAuthRequired
+Kovalev
 Google
 sessionlog
 balancer
@@ -1184,10 +1216,13 @@
 ldapport
 octetString
 repl
+FakeOidIndex
 ERXRTc
 LxsdLy
 lastmod
 integerOrderingMatch
+sambaGroupType
+RowVersioning
 searchEntryDN
 pwdLockout
 sbin
@@ -1211,6 +1246,7 @@
 xeXBkeFxlZ
 priv
 proxyTemplates
+FileUsage
 bvals
 givenName
 givenname
@@ -1289,6 +1325,7 @@
 searchbase
 berval
 slen
+metadata
 lookup
 databasetype
 rewriteRules
@@ -1301,6 +1338,7 @@
 reloadHint
 moduleload
 hasSubordinates
+ShowOidColumn
 contextp
 LDAPModifying
 nameAndOptionalUID
@@ -1348,6 +1386,7 @@
 XLIBS
 freeit
 invalidDNSyntax
+sambaSID
 zeilenga
 addAttrDN
 syncdata
@@ -1364,13 +1403,13 @@
 mandir
 RXER
 SSFs
-octetStringOrderingStringMatch
 auditCompare
 pEntry
 strongAuthNotSupported
 endblock
 LDAPAVA
 startup
+sharedemail
 olcReplicationInterval
 TLSv
 libtool's
@@ -1435,9 +1474,11 @@
 bitstring
 objclass
 oplist
+libodbcpsql
 LDAPObjectClass
 sockurl
 somevalue
+businessCategory
 getpid
 monitorIsShadow
 confidentialityRequired
@@ -1447,6 +1488,7 @@
 TTLs
 attrdesc
 ghenry
+odbcinst
 reqType
 slapover
 BerkeleyDB's
@@ -1473,6 +1515,7 @@
 urls
 olcAuditLogConfig
 reqMod
+joebloggs
 pwdHistory
 entryTtl
 olcIdleTimeout
@@ -1504,8 +1547,8 @@
 saslargs
 OBJEXT
 LDAPAttributeType
+newpasswdfile
 newPasswdFile
-newpasswdfile
 boolean
 liblber
 ucdata
@@ -1529,6 +1572,7 @@
 abcd
 olcRootPW
 dnattr
+Servername
 AttributeTypeDescription
 strdup
 domainScope
@@ -1567,12 +1611,12 @@
 supportedSASLMechanisms
 ACLs
 reqMethod
+authzId
+authzid
 authzID
-authzid
-authzId
 hasSubordintes
+proxyCache
 proxycache
-proxyCache
 slaptest
 olcLogLevel
 LDAPDN
@@ -1597,8 +1641,8 @@
 multi
 aaa
 ldaprc
+UpdateDN
 updatedn
-UpdateDN
 LDAPBASE
 LDAPAPIFeatureInfo
 authzTo
@@ -1633,13 +1677,12 @@
 baz
 params
 generalizedTimeOrderingMatch
-octetStringSubstringsStringMatch
 ber
 slimit
 ali
 attributeoptions
 BfQ
 uidNumber
+CA's
 CAs
-CA's
 namingContext

Modified: openldap/vendor/openldap-release/doc/guide/admin/backends.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/backends.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/backends.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/backends.sdf,v 1.8.2.6 2008/07/12 05:51:38 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/backends.sdf,v 1.8.2.7 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Backends

Modified: openldap/vendor/openldap-release/doc/guide/admin/config.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/config.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/config.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/config.sdf,v 1.14.2.6 2008/04/14 20:43:48 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/config.sdf,v 1.14.2.7 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: The Big Picture - Configuration Choices
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/dbtools.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/dbtools.sdf,v 1.24.2.6 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/dbtools.sdf,v 1.24.2.7 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Database Creation and Maintenance Tools

Modified: openldap/vendor/openldap-release/doc/guide/admin/glossary.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/glossary.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/glossary.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/glossary.sdf,v 1.5.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2006-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/glossary.sdf,v 1.5.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2006-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Glossary
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.html
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.html	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.html	2009-02-17 16:18:54 UTC (rev 1195)
@@ -23,7 +23,7 @@
 <DIV CLASS="title">
 <H1 CLASS="doc-title">OpenLDAP Software 2.4 Administrator's Guide</H1>
 <ADDRESS CLASS="doc-author">The OpenLDAP Project &lt;<A HREF="http://www.openldap.org/">http://www.openldap.org/</A>&gt;</ADDRESS>
-<ADDRESS CLASS="doc-modified">16 July 2008</ADDRESS>
+<ADDRESS CLASS="doc-modified">13 February 2009</ADDRESS>
 <BR CLEAR="All">
 </DIV>
 <DIV CLASS="contents">
@@ -114,495 +114,525 @@
 <BR>
 <A HREF="#BDB and HDB Database Directives">6.2.4. BDB and HDB Database Directives</A></UL></UL>
 <BR>
-<A HREF="#Access Control">7. Access Control</A><UL>
-<A HREF="#Introduction">7.1. Introduction</A>
+<A HREF="#Running slapd">7. Running slapd</A><UL>
+<A HREF="#Command-Line Options">7.1. Command-Line Options</A>
 <BR>
-<A HREF="#Access Control via Static Configuration">7.2. Access Control via Static Configuration</A><UL>
-<A HREF="#What to control access to">7.2.1. What to control access to</A>
+<A HREF="#Starting slapd">7.2. Starting slapd</A>
 <BR>
-<A HREF="#Who to grant access to">7.2.2. Who to grant access to</A>
+<A HREF="#Stopping slapd">7.3. Stopping slapd</A></UL>
 <BR>
-<A HREF="#The access to grant">7.2.3. The access to grant</A>
+<A HREF="#Access Control">8. Access Control</A><UL>
+<A HREF="#Introduction">8.1. Introduction</A>
 <BR>
-<A HREF="#Access Control Evaluation">7.2.4. Access Control Evaluation</A>
+<A HREF="#Access Control via Static Configuration">8.2. Access Control via Static Configuration</A><UL>
+<A HREF="#What to control access to">8.2.1. What to control access to</A>
 <BR>
-<A HREF="#Access Control Examples">7.2.5. Access Control Examples</A>
+<A HREF="#Who to grant access to">8.2.2. Who to grant access to</A>
 <BR>
-<A HREF="#Configuration File Example">7.2.6. Configuration File Example</A></UL>
+<A HREF="#The access to grant">8.2.3. The access to grant</A>
 <BR>
-<A HREF="#Access Control via Dynamic Configuration">7.3. Access Control via Dynamic Configuration</A><UL>
-<A HREF="#What to control access to">7.3.1. What to control access to</A>
+<A HREF="#Access Control Evaluation">8.2.4. Access Control Evaluation</A>
 <BR>
-<A HREF="#Who to grant access to">7.3.2. Who to grant access to</A>
+<A HREF="#Access Control Examples">8.2.5. Access Control Examples</A>
 <BR>
-<A HREF="#The access to grant">7.3.3. The access to grant</A>
+<A HREF="#Configuration File Example">8.2.6. Configuration File Example</A></UL>
 <BR>
-<A HREF="#Access Control Evaluation">7.3.4. Access Control Evaluation</A>
+<A HREF="#Access Control via Dynamic Configuration">8.3. Access Control via Dynamic Configuration</A><UL>
+<A HREF="#What to control access to">8.3.1. What to control access to</A>
 <BR>
-<A HREF="#Access Control Examples">7.3.5. Access Control Examples</A>
+<A HREF="#Who to grant access to">8.3.2. Who to grant access to</A>
 <BR>
-<A HREF="#Access Control Ordering">7.3.6. Access Control Ordering</A>
+<A HREF="#The access to grant">8.3.3. The access to grant</A>
 <BR>
-<A HREF="#Configuration Example">7.3.7. Configuration Example</A>
+<A HREF="#Access Control Evaluation">8.3.4. Access Control Evaluation</A>
 <BR>
-<A HREF="#Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">7.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></UL>
+<A HREF="#Access Control Examples">8.3.5. Access Control Examples</A>
 <BR>
-<A HREF="#Access Control Common Examples">7.4. Access Control Common Examples</A><UL>
-<A HREF="#Basic ACLs">7.4.1. Basic ACLs</A>
+<A HREF="#Access Control Ordering">8.3.6. Access Control Ordering</A>
 <BR>
-<A HREF="#Matching Anonymous and Authenticated users">7.4.2. Matching Anonymous and Authenticated users</A>
+<A HREF="#Configuration Example">8.3.7. Configuration Example</A>
 <BR>
-<A HREF="#Controlling rootdn access">7.4.3. Controlling rootdn access</A>
+<A HREF="#Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">8.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></UL>
 <BR>
-<A HREF="#Managing access with Groups">7.4.4. Managing access with Groups</A>
+<A HREF="#Access Control Common Examples">8.4. Access Control Common Examples</A><UL>
+<A HREF="#Basic ACLs">8.4.1. Basic ACLs</A>
 <BR>
-<A HREF="#Granting access to a subset of attributes">7.4.5. Granting access to a subset of attributes</A>
+<A HREF="#Matching Anonymous and Authenticated users">8.4.2. Matching Anonymous and Authenticated users</A>
 <BR>
-<A HREF="#Allowing a user write to all entries below theirs">7.4.6. Allowing a user write to all entries below theirs</A>
+<A HREF="#Controlling rootdn access">8.4.3. Controlling rootdn access</A>
 <BR>
-<A HREF="#Allowing entry creation">7.4.7. Allowing entry creation</A>
+<A HREF="#Managing access with Groups">8.4.4. Managing access with Groups</A>
 <BR>
-<A HREF="#Tips for using regular expressions in Access Control">7.4.8. Tips for using regular expressions in Access Control</A>
+<A HREF="#Granting access to a subset of attributes">8.4.5. Granting access to a subset of attributes</A>
 <BR>
-<A HREF="#Granting and Denying access based on security strength factors (ssf)">7.4.9. Granting and Denying access based on security strength factors (ssf)</A>
+<A HREF="#Allowing a user write to all entries below theirs">8.4.6. Allowing a user write to all entries below theirs</A>
 <BR>
-<A HREF="#When things aren\'t working as expected">7.4.10. When things aren't working as expected</A></UL>
+<A HREF="#Allowing entry creation">8.4.7. Allowing entry creation</A>
 <BR>
-<A HREF="#Sets - Granting rights based on relationships">7.5. Sets - Granting rights based on relationships</A><UL>
-<A HREF="#Groups of Groups">7.5.1. Groups of Groups</A>
+<A HREF="#Tips for using regular expressions in Access Control">8.4.8. Tips for using regular expressions in Access Control</A>
 <BR>
-<A HREF="#Group ACLs without DN syntax">7.5.2. Group ACLs without DN syntax</A>
+<A HREF="#Granting and Denying access based on security strength factors (ssf)">8.4.9. Granting and Denying access based on security strength factors (ssf)</A>
 <BR>
-<A HREF="#Following references">7.5.3. Following references</A></UL></UL>
+<A HREF="#When things aren\'t working as expected">8.4.10. When things aren't working as expected</A></UL>
 <BR>
-<A HREF="#Running slapd">8. Running slapd</A><UL>
-<A HREF="#Command-Line Options">8.1. Command-Line Options</A>
+<A HREF="#Sets - Granting rights based on relationships">8.5. Sets - Granting rights based on relationships</A><UL>
+<A HREF="#Groups of Groups">8.5.1. Groups of Groups</A>
 <BR>
-<A HREF="#Starting slapd">8.2. Starting slapd</A>
+<A HREF="#Group ACLs without DN syntax">8.5.2. Group ACLs without DN syntax</A>
 <BR>
-<A HREF="#Stopping slapd">8.3. Stopping slapd</A></UL>
+<A HREF="#Following references">8.5.3. Following references</A></UL></UL>
 <BR>
-<A HREF="#Database Creation and Maintenance Tools">9. Database Creation and Maintenance Tools</A><UL>
-<A HREF="#Creating a database over LDAP">9.1. Creating a database over LDAP</A>
+<A HREF="#Limits">9. Limits</A><UL>
+<A HREF="#Introduction">9.1. Introduction</A>
 <BR>
-<A HREF="#Creating a database off-line">9.2. Creating a database off-line</A><UL>
-<A HREF="#The {{EX:slapadd}} program">9.2.1. The <TT>slapadd</TT> program</A>
+<A HREF="#Soft and Hard limits">9.2. Soft and Hard limits</A>
 <BR>
-<A HREF="#The {{EX:slapindex}} program">9.2.2. The <TT>slapindex</TT> program</A>
+<A HREF="#Global Limits">9.3. Global Limits</A>
 <BR>
-<A HREF="#The {{EX:slapcat}} program">9.2.3. The <TT>slapcat</TT> program</A></UL>
+<A HREF="#Per-Database Limits">9.4. Per-Database Limits</A><UL>
+<A HREF="#Specify who the limits apply to">9.4.1. Specify who the limits apply to</A>
 <BR>
-<A HREF="#The LDIF text entry format">9.3. The LDIF text entry format</A></UL>
+<A HREF="#Specify time limits">9.4.2. Specify time limits</A>
 <BR>
-<A HREF="#Backends">10. Backends</A><UL>
-<A HREF="#Berkeley DB Backends">10.1. Berkeley DB Backends</A><UL>
-<A HREF="#Overview">10.1.1. Overview</A>
+<A HREF="#Specifying size limits">9.4.3. Specifying size limits</A>
 <BR>
-<A HREF="#back-bdb/back-hdb Configuration">10.1.2. back-bdb/back-hdb Configuration</A>
+<A HREF="#Size limits and Paged Results">9.4.4. Size limits and Paged Results</A></UL>
 <BR>
-<A HREF="#Further Information">10.1.3. Further Information</A></UL>
+<A HREF="#Example Limit Configurations">9.5. Example Limit Configurations</A><UL>
+<A HREF="#Simple Global Limits">9.5.1. Simple Global Limits</A>
 <BR>
-<A HREF="#LDAP">10.2. LDAP</A><UL>
-<A HREF="#Overview">10.2.1. Overview</A>
+<A HREF="#Global Hard and Soft Limits">9.5.2. Global Hard and Soft Limits</A>
 <BR>
-<A HREF="#back-ldap Configuration">10.2.2. back-ldap Configuration</A>
+<A HREF="#Giving specific users larger limits">9.5.3. Giving specific users larger limits</A>
 <BR>
-<A HREF="#Further Information">10.2.3. Further Information</A></UL>
+<A HREF="#Limiting who can do paged searches">9.5.4. Limiting who can do paged searches</A></UL>
 <BR>
-<A HREF="#LDIF">10.3. LDIF</A><UL>
-<A HREF="#Overview">10.3.1. Overview</A>
+<A HREF="#Further Information">9.6. Further Information</A></UL>
 <BR>
-<A HREF="#back-ldif Configuration">10.3.2. back-ldif Configuration</A>
+<A HREF="#Database Creation and Maintenance Tools">10. Database Creation and Maintenance Tools</A><UL>
+<A HREF="#Creating a database over LDAP">10.1. Creating a database over LDAP</A>
 <BR>
-<A HREF="#Further Information">10.3.3. Further Information</A></UL>
+<A HREF="#Creating a database off-line">10.2. Creating a database off-line</A><UL>
+<A HREF="#The {{EX:slapadd}} program">10.2.1. The <TT>slapadd</TT> program</A>
 <BR>
-<A HREF="#Metadirectory">10.4. Metadirectory</A><UL>
-<A HREF="#Overview">10.4.1. Overview</A>
+<A HREF="#The {{EX:slapindex}} program">10.2.2. The <TT>slapindex</TT> program</A>
 <BR>
-<A HREF="#back-meta Configuration">10.4.2. back-meta Configuration</A>
+<A HREF="#The {{EX:slapcat}} program">10.2.3. The <TT>slapcat</TT> program</A></UL>
 <BR>
-<A HREF="#Further Information">10.4.3. Further Information</A></UL>
+<A HREF="#The LDIF text entry format">10.3. The LDIF text entry format</A></UL>
 <BR>
-<A HREF="#Monitor">10.5. Monitor</A><UL>
-<A HREF="#Overview">10.5.1. Overview</A>
+<A HREF="#Backends">11. Backends</A><UL>
+<A HREF="#Berkeley DB Backends">11.1. Berkeley DB Backends</A><UL>
+<A HREF="#Overview">11.1.1. Overview</A>
 <BR>
-<A HREF="#back-monitor Configuration">10.5.2. back-monitor Configuration</A>
+<A HREF="#back-bdb/back-hdb Configuration">11.1.2. back-bdb/back-hdb Configuration</A>
 <BR>
-<A HREF="#Further Information">10.5.3. Further Information</A></UL>
+<A HREF="#Further Information">11.1.3. Further Information</A></UL>
 <BR>
-<A HREF="#Null">10.6. Null</A><UL>
-<A HREF="#Overview">10.6.1. Overview</A>
+<A HREF="#LDAP">11.2. LDAP</A><UL>
+<A HREF="#Overview">11.2.1. Overview</A>
 <BR>
-<A HREF="#back-null Configuration">10.6.2. back-null Configuration</A>
+<A HREF="#back-ldap Configuration">11.2.2. back-ldap Configuration</A>
 <BR>
-<A HREF="#Further Information">10.6.3. Further Information</A></UL>
+<A HREF="#Further Information">11.2.3. Further Information</A></UL>
 <BR>
-<A HREF="#Passwd">10.7. Passwd</A><UL>
-<A HREF="#Overview">10.7.1. Overview</A>
+<A HREF="#LDIF">11.3. LDIF</A><UL>
+<A HREF="#Overview">11.3.1. Overview</A>
 <BR>
-<A HREF="#back-passwd Configuration">10.7.2. back-passwd Configuration</A>
+<A HREF="#back-ldif Configuration">11.3.2. back-ldif Configuration</A>
 <BR>
-<A HREF="#Further Information">10.7.3. Further Information</A></UL>
+<A HREF="#Further Information">11.3.3. Further Information</A></UL>
 <BR>
-<A HREF="#Perl/Shell">10.8. Perl/Shell</A><UL>
-<A HREF="#Overview">10.8.1. Overview</A>
+<A HREF="#Metadirectory">11.4. Metadirectory</A><UL>
+<A HREF="#Overview">11.4.1. Overview</A>
 <BR>
-<A HREF="#back-perl/back-shell Configuration">10.8.2. back-perl/back-shell Configuration</A>
+<A HREF="#back-meta Configuration">11.4.2. back-meta Configuration</A>
 <BR>
-<A HREF="#Further Information">10.8.3. Further Information</A></UL>
+<A HREF="#Further Information">11.4.3. Further Information</A></UL>
 <BR>
-<A HREF="#Relay">10.9. Relay</A><UL>
-<A HREF="#Overview">10.9.1. Overview</A>
+<A HREF="#Monitor">11.5. Monitor</A><UL>
+<A HREF="#Overview">11.5.1. Overview</A>
 <BR>
-<A HREF="#back-relay Configuration">10.9.2. back-relay Configuration</A>
+<A HREF="#back-monitor Configuration">11.5.2. back-monitor Configuration</A>
 <BR>
-<A HREF="#Further Information">10.9.3. Further Information</A></UL>
+<A HREF="#Further Information">11.5.3. Further Information</A></UL>
 <BR>
-<A HREF="#SQL">10.10. SQL</A><UL>
-<A HREF="#Overview">10.10.1. Overview</A>
+<A HREF="#Null">11.6. Null</A><UL>
+<A HREF="#Overview">11.6.1. Overview</A>
 <BR>
-<A HREF="#back-sql Configuration">10.10.2. back-sql Configuration</A>
+<A HREF="#back-null Configuration">11.6.2. back-null Configuration</A>
 <BR>
-<A HREF="#Further Information">10.10.3. Further Information</A></UL></UL>
+<A HREF="#Further Information">11.6.3. Further Information</A></UL>
 <BR>
-<A HREF="#Overlays">11. Overlays</A><UL>
-<A HREF="#Access Logging">11.1. Access Logging</A><UL>
-<A HREF="#Overview">11.1.1. Overview</A>
+<A HREF="#Passwd">11.7. Passwd</A><UL>
+<A HREF="#Overview">11.7.1. Overview</A>
 <BR>
-<A HREF="#Access Logging Configuration">11.1.2. Access Logging Configuration</A>
+<A HREF="#back-passwd Configuration">11.7.2. back-passwd Configuration</A>
 <BR>
-<A HREF="#Further Information">11.1.3. Further Information</A></UL>
+<A HREF="#Further Information">11.7.3. Further Information</A></UL>
 <BR>
-<A HREF="#Audit Logging">11.2. Audit Logging</A><UL>
-<A HREF="#Overview">11.2.1. Overview</A>
+<A HREF="#Perl/Shell">11.8. Perl/Shell</A><UL>
+<A HREF="#Overview">11.8.1. Overview</A>
 <BR>
-<A HREF="#Audit Logging Configuration">11.2.2. Audit Logging Configuration</A>
+<A HREF="#back-perl/back-shell Configuration">11.8.2. back-perl/back-shell Configuration</A>
 <BR>
-<A HREF="#Further Information">11.2.3. Further Information</A></UL>
+<A HREF="#Further Information">11.8.3. Further Information</A></UL>
 <BR>
-<A HREF="#Chaining">11.3. Chaining</A><UL>
-<A HREF="#Overview">11.3.1. Overview</A>
+<A HREF="#Relay">11.9. Relay</A><UL>
+<A HREF="#Overview">11.9.1. Overview</A>
 <BR>
-<A HREF="#Chaining Configuration">11.3.2. Chaining Configuration</A>
+<A HREF="#back-relay Configuration">11.9.2. back-relay Configuration</A>
 <BR>
-<A HREF="#Handling Chaining Errors">11.3.3. Handling Chaining Errors</A>
+<A HREF="#Further Information">11.9.3. Further Information</A></UL>
 <BR>
-<A HREF="#Further Information">11.3.4. Further Information</A></UL>
+<A HREF="#SQL">11.10. SQL</A><UL>
+<A HREF="#Overview">11.10.1. Overview</A>
 <BR>
-<A HREF="#Constraints">11.4. Constraints</A><UL>
-<A HREF="#Overview">11.4.1. Overview</A>
+<A HREF="#back-sql Configuration">11.10.2. back-sql Configuration</A>
 <BR>
-<A HREF="#Constraint Configuration">11.4.2. Constraint Configuration</A>
+<A HREF="#Further Information">11.10.3. Further Information</A></UL></UL>
 <BR>
-<A HREF="#Further Information">11.4.3. Further Information</A></UL>
+<A HREF="#Overlays">12. Overlays</A><UL>
+<A HREF="#Access Logging">12.1. Access Logging</A><UL>
+<A HREF="#Overview">12.1.1. Overview</A>
 <BR>
-<A HREF="#Dynamic Directory Services">11.5. Dynamic Directory Services</A><UL>
-<A HREF="#Overview">11.5.1. Overview</A>
+<A HREF="#Access Logging Configuration">12.1.2. Access Logging Configuration</A>
 <BR>
-<A HREF="#Dynamic Directory Service Configuration">11.5.2. Dynamic Directory Service Configuration</A>
+<A HREF="#Further Information">12.1.3. Further Information</A></UL>
 <BR>
-<A HREF="#Further Information">11.5.3. Further Information</A></UL>
+<A HREF="#Audit Logging">12.2. Audit Logging</A><UL>
+<A HREF="#Overview">12.2.1. Overview</A>
 <BR>
-<A HREF="#Dynamic Groups">11.6. Dynamic Groups</A><UL>
-<A HREF="#Overview">11.6.1. Overview</A>
+<A HREF="#Audit Logging Configuration">12.2.2. Audit Logging Configuration</A>
 <BR>
-<A HREF="#Dynamic Group Configuration">11.6.2. Dynamic Group Configuration</A></UL>
+<A HREF="#Further Information">12.2.3. Further Information</A></UL>
 <BR>
-<A HREF="#Dynamic Lists">11.7. Dynamic Lists</A><UL>
-<A HREF="#Overview">11.7.1. Overview</A>
+<A HREF="#Chaining">12.3. Chaining</A><UL>
+<A HREF="#Overview">12.3.1. Overview</A>
 <BR>
-<A HREF="#Dynamic List Configuration">11.7.2. Dynamic List Configuration</A>
+<A HREF="#Chaining Configuration">12.3.2. Chaining Configuration</A>
 <BR>
-<A HREF="#Further Information">11.7.3. Further Information</A></UL>
+<A HREF="#Handling Chaining Errors">12.3.3. Handling Chaining Errors</A>
 <BR>
-<A HREF="#Reverse Group Membership Maintenance">11.8. Reverse Group Membership Maintenance</A><UL>
-<A HREF="#Overview">11.8.1. Overview</A>
+<A HREF="#Read-Back of Chained Modifications">12.3.4. Read-Back of Chained Modifications</A>
 <BR>
-<A HREF="#Member Of Configuration">11.8.2. Member Of Configuration</A>
+<A HREF="#Further Information">12.3.5. Further Information</A></UL>
 <BR>
-<A HREF="#Further Information">11.8.3. Further Information</A></UL>
+<A HREF="#Constraints">12.4. Constraints</A><UL>
+<A HREF="#Overview">12.4.1. Overview</A>
 <BR>
-<A HREF="#The Proxy Cache Engine">11.9. The Proxy Cache Engine</A><UL>
-<A HREF="#Overview">11.9.1. Overview</A>
+<A HREF="#Constraint Configuration">12.4.2. Constraint Configuration</A>
 <BR>
-<A HREF="#Proxy Cache Configuration">11.9.2. Proxy Cache Configuration</A>
+<A HREF="#Further Information">12.4.3. Further Information</A></UL>
 <BR>
-<A HREF="#Further Information">11.9.3. Further Information</A></UL>
+<A HREF="#Dynamic Directory Services">12.5. Dynamic Directory Services</A><UL>
+<A HREF="#Overview">12.5.1. Overview</A>
 <BR>
-<A HREF="#Password Policies">11.10. Password Policies</A><UL>
-<A HREF="#Overview">11.10.1. Overview</A>
+<A HREF="#Dynamic Directory Service Configuration">12.5.2. Dynamic Directory Service Configuration</A>
 <BR>
-<A HREF="#Password Policy Configuration">11.10.2. Password Policy Configuration</A>
+<A HREF="#Further Information">12.5.3. Further Information</A></UL>
 <BR>
-<A HREF="#Further Information">11.10.3. Further Information</A></UL>
+<A HREF="#Dynamic Groups">12.6. Dynamic Groups</A><UL>
+<A HREF="#Overview">12.6.1. Overview</A>
 <BR>
-<A HREF="#Referential Integrity">11.11. Referential Integrity</A><UL>
-<A HREF="#Overview">11.11.1. Overview</A>
+<A HREF="#Dynamic Group Configuration">12.6.2. Dynamic Group Configuration</A></UL>
 <BR>
-<A HREF="#Referential Integrity Configuration">11.11.2. Referential Integrity Configuration</A>
+<A HREF="#Dynamic Lists">12.7. Dynamic Lists</A><UL>
+<A HREF="#Overview">12.7.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.11.3. Further Information</A></UL>
+<A HREF="#Dynamic List Configuration">12.7.2. Dynamic List Configuration</A>
 <BR>
-<A HREF="#Return Code">11.12. Return Code</A><UL>
-<A HREF="#Overview">11.12.1. Overview</A>
+<A HREF="#Further Information">12.7.3. Further Information</A></UL>
 <BR>
-<A HREF="#Return Code Configuration">11.12.2. Return Code Configuration</A>
+<A HREF="#Reverse Group Membership Maintenance">12.8. Reverse Group Membership Maintenance</A><UL>
+<A HREF="#Overview">12.8.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.12.3. Further Information</A></UL>
+<A HREF="#Member Of Configuration">12.8.2. Member Of Configuration</A>
 <BR>
-<A HREF="#Rewrite/Remap">11.13. Rewrite/Remap</A><UL>
-<A HREF="#Overview">11.13.1. Overview</A>
+<A HREF="#Further Information">12.8.3. Further Information</A></UL>
 <BR>
-<A HREF="#Rewrite/Remap Configuration">11.13.2. Rewrite/Remap Configuration</A>
+<A HREF="#The Proxy Cache Engine">12.9. The Proxy Cache Engine</A><UL>
+<A HREF="#Overview">12.9.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.13.3. Further Information</A></UL>
+<A HREF="#Proxy Cache Configuration">12.9.2. Proxy Cache Configuration</A>
 <BR>
-<A HREF="#Sync Provider">11.14. Sync Provider</A><UL>
-<A HREF="#Overview">11.14.1. Overview</A>
+<A HREF="#Further Information">12.9.3. Further Information</A></UL>
 <BR>
-<A HREF="#Sync Provider Configuration">11.14.2. Sync Provider Configuration</A>
+<A HREF="#Password Policies">12.10. Password Policies</A><UL>
+<A HREF="#Overview">12.10.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.14.3. Further Information</A></UL>
+<A HREF="#Password Policy Configuration">12.10.2. Password Policy Configuration</A>
 <BR>
-<A HREF="#Translucent Proxy">11.15. Translucent Proxy</A><UL>
-<A HREF="#Overview">11.15.1. Overview</A>
+<A HREF="#Further Information">12.10.3. Further Information</A></UL>
 <BR>
-<A HREF="#Translucent Proxy Configuration">11.15.2. Translucent Proxy Configuration</A>
+<A HREF="#Referential Integrity">12.11. Referential Integrity</A><UL>
+<A HREF="#Overview">12.11.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.15.3. Further Information</A></UL>
+<A HREF="#Referential Integrity Configuration">12.11.2. Referential Integrity Configuration</A>
 <BR>
-<A HREF="#Attribute Uniqueness">11.16. Attribute Uniqueness</A><UL>
-<A HREF="#Overview">11.16.1. Overview</A>
+<A HREF="#Further Information">12.11.3. Further Information</A></UL>
 <BR>
-<A HREF="#Attribute Uniqueness Configuration">11.16.2. Attribute Uniqueness Configuration</A>
+<A HREF="#Return Code">12.12. Return Code</A><UL>
+<A HREF="#Overview">12.12.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.16.3. Further Information</A></UL>
+<A HREF="#Return Code Configuration">12.12.2. Return Code Configuration</A>
 <BR>
-<A HREF="#Value Sorting">11.17. Value Sorting</A><UL>
-<A HREF="#Overview">11.17.1. Overview</A>
+<A HREF="#Further Information">12.12.3. Further Information</A></UL>
 <BR>
-<A HREF="#Value Sorting Configuration">11.17.2. Value Sorting Configuration</A>
+<A HREF="#Rewrite/Remap">12.13. Rewrite/Remap</A><UL>
+<A HREF="#Overview">12.13.1. Overview</A>
 <BR>
-<A HREF="#Further Information">11.17.3. Further Information</A></UL>
+<A HREF="#Rewrite/Remap Configuration">12.13.2. Rewrite/Remap Configuration</A>
 <BR>
-<A HREF="#Overlay Stacking">11.18. Overlay Stacking</A><UL>
-<A HREF="#Overview">11.18.1. Overview</A>
+<A HREF="#Further Information">12.13.3. Further Information</A></UL>
 <BR>
-<A HREF="#Example Scenarios">11.18.2. Example Scenarios</A></UL></UL>
+<A HREF="#Sync Provider">12.14. Sync Provider</A><UL>
+<A HREF="#Overview">12.14.1. Overview</A>
 <BR>
-<A HREF="#Schema Specification">12. Schema Specification</A><UL>
-<A HREF="#Distributed Schema Files">12.1. Distributed Schema Files</A>
+<A HREF="#Sync Provider Configuration">12.14.2. Sync Provider Configuration</A>
 <BR>
-<A HREF="#Extending Schema">12.2. Extending Schema</A><UL>
-<A HREF="#Object Identifiers">12.2.1. Object Identifiers</A>
+<A HREF="#Further Information">12.14.3. Further Information</A></UL>
 <BR>
-<A HREF="#Naming Elements">12.2.2. Naming Elements</A>
+<A HREF="#Translucent Proxy">12.15. Translucent Proxy</A><UL>
+<A HREF="#Overview">12.15.1. Overview</A>
 <BR>
-<A HREF="#Local schema file">12.2.3. Local schema file</A>
+<A HREF="#Translucent Proxy Configuration">12.15.2. Translucent Proxy Configuration</A>
 <BR>
-<A HREF="#Attribute Type Specification">12.2.4. Attribute Type Specification</A>
+<A HREF="#Further Information">12.15.3. Further Information</A></UL>
 <BR>
-<A HREF="#Object Class Specification">12.2.5. Object Class Specification</A>
+<A HREF="#Attribute Uniqueness">12.16. Attribute Uniqueness</A><UL>
+<A HREF="#Overview">12.16.1. Overview</A>
 <BR>
-<A HREF="#OID Macros">12.2.6. OID Macros</A></UL></UL>
+<A HREF="#Attribute Uniqueness Configuration">12.16.2. Attribute Uniqueness Configuration</A>
 <BR>
-<A HREF="#Security Considerations">13. Security Considerations</A><UL>
-<A HREF="#Network Security">13.1. Network Security</A><UL>
-<A HREF="#Selective Listening">13.1.1. Selective Listening</A>
+<A HREF="#Further Information">12.16.3. Further Information</A></UL>
 <BR>
-<A HREF="#IP Firewall">13.1.2. IP Firewall</A>
+<A HREF="#Value Sorting">12.17. Value Sorting</A><UL>
+<A HREF="#Overview">12.17.1. Overview</A>
 <BR>
-<A HREF="#TCP Wrappers">13.1.3. TCP Wrappers</A></UL>
+<A HREF="#Value Sorting Configuration">12.17.2. Value Sorting Configuration</A>
 <BR>
-<A HREF="#Data Integrity and Confidentiality Protection">13.2. Data Integrity and Confidentiality Protection</A><UL>
-<A HREF="#Security Strength Factors">13.2.1. Security Strength Factors</A></UL>
+<A HREF="#Further Information">12.17.3. Further Information</A></UL>
 <BR>
-<A HREF="#Authentication Methods">13.3. Authentication Methods</A><UL>
-<A HREF="#&quot;simple&quot; method">13.3.1. &quot;simple&quot; method</A>
+<A HREF="#Overlay Stacking">12.18. Overlay Stacking</A><UL>
+<A HREF="#Overview">12.18.1. Overview</A>
 <BR>
-<A HREF="#SASL method">13.3.2. SASL method</A></UL>
+<A HREF="#Example Scenarios">12.18.2. Example Scenarios</A></UL></UL>
 <BR>
-<A HREF="#Password Storage">13.4. Password Storage</A><UL>
-<A HREF="#SSHA password storage scheme">13.4.1. SSHA password storage scheme</A>
+<A HREF="#Schema Specification">13. Schema Specification</A><UL>
+<A HREF="#Distributed Schema Files">13.1. Distributed Schema Files</A>
 <BR>
-<A HREF="#CRYPT password storage scheme">13.4.2. CRYPT password storage scheme</A>
+<A HREF="#Extending Schema">13.2. Extending Schema</A><UL>
+<A HREF="#Object Identifiers">13.2.1. Object Identifiers</A>
 <BR>
-<A HREF="#MD5 password storage scheme">13.4.3. MD5 password storage scheme</A>
+<A HREF="#Naming Elements">13.2.2. Naming Elements</A>
 <BR>
-<A HREF="#SMD5 password storage scheme">13.4.4. SMD5 password storage scheme</A>
+<A HREF="#Local schema file">13.2.3. Local schema file</A>
 <BR>
-<A HREF="#SHA password storage scheme">13.4.5. SHA password storage scheme</A>
+<A HREF="#Attribute Type Specification">13.2.4. Attribute Type Specification</A>
 <BR>
-<A HREF="#SASL password storage scheme">13.4.6. SASL password storage scheme</A>
+<A HREF="#Object Class Specification">13.2.5. Object Class Specification</A>
 <BR>
-<A HREF="#KERBEROS password storage scheme">13.4.7. KERBEROS password storage scheme</A></UL>
+<A HREF="#OID Macros">13.2.6. OID Macros</A></UL></UL>
 <BR>
-<A HREF="#Pass-Through authentication">13.5. Pass-Through authentication</A><UL>
-<A HREF="#Configuring slapd to use an authentication provider">13.5.1. Configuring slapd to use an authentication provider</A>
+<A HREF="#Security Considerations">14. Security Considerations</A><UL>
+<A HREF="#Network Security">14.1. Network Security</A><UL>
+<A HREF="#Selective Listening">14.1.1. Selective Listening</A>
 <BR>
-<A HREF="#Configuring saslauthd">13.5.2. Configuring saslauthd</A>
+<A HREF="#IP Firewall">14.1.2. IP Firewall</A>
 <BR>
-<A HREF="#Testing pass-through authentication">13.5.3. Testing pass-through authentication</A></UL></UL>
+<A HREF="#TCP Wrappers">14.1.3. TCP Wrappers</A></UL>
 <BR>
-<A HREF="#Using SASL">14. Using SASL</A><UL>
-<A HREF="#SASL Security Considerations">14.1. SASL Security Considerations</A>
+<A HREF="#Data Integrity and Confidentiality Protection">14.2. Data Integrity and Confidentiality Protection</A><UL>
+<A HREF="#Security Strength Factors">14.2.1. Security Strength Factors</A></UL>
 <BR>
-<A HREF="#SASL Authentication">14.2. SASL Authentication</A><UL>
-<A HREF="#GSSAPI">14.2.1. GSSAPI</A>
+<A HREF="#Authentication Methods">14.3. Authentication Methods</A><UL>
+<A HREF="#&quot;simple&quot; method">14.3.1. &quot;simple&quot; method</A>
 <BR>
-<A HREF="#KERBEROS_V4">14.2.2. KERBEROS_V4</A>
+<A HREF="#SASL method">14.3.2. SASL method</A></UL>
 <BR>
-<A HREF="#DIGEST-MD5">14.2.3. DIGEST-MD5</A>
+<A HREF="#Password Storage">14.4. Password Storage</A><UL>
+<A HREF="#SSHA password storage scheme">14.4.1. SSHA password storage scheme</A>
 <BR>
-<A HREF="#Mapping Authentication Identities">14.2.4. Mapping Authentication Identities</A>
+<A HREF="#CRYPT password storage scheme">14.4.2. CRYPT password storage scheme</A>
 <BR>
-<A HREF="#Direct Mapping">14.2.5. Direct Mapping</A>
+<A HREF="#MD5 password storage scheme">14.4.3. MD5 password storage scheme</A>
 <BR>
-<A HREF="#Search-based mappings">14.2.6. Search-based mappings</A></UL>
+<A HREF="#SMD5 password storage scheme">14.4.4. SMD5 password storage scheme</A>
 <BR>
-<A HREF="#SASL Proxy Authorization">14.3. SASL Proxy Authorization</A><UL>
-<A HREF="#Uses of Proxy Authorization">14.3.1. Uses of Proxy Authorization</A>
+<A HREF="#SHA password storage scheme">14.4.5. SHA password storage scheme</A>
 <BR>
-<A HREF="#SASL Authorization Identities">14.3.2. SASL Authorization Identities</A>
+<A HREF="#SASL password storage scheme">14.4.6. SASL password storage scheme</A>
 <BR>
-<A HREF="#Proxy Authorization Rules">14.3.3. Proxy Authorization Rules</A></UL></UL>
+<A HREF="#KERBEROS password storage scheme">14.4.7. KERBEROS password storage scheme</A></UL>
 <BR>
-<A HREF="#Using TLS">15. Using TLS</A><UL>
-<A HREF="#TLS Certificates">15.1. TLS Certificates</A><UL>
-<A HREF="#Server Certificates">15.1.1. Server Certificates</A>
+<A HREF="#Pass-Through authentication">14.5. Pass-Through authentication</A><UL>
+<A HREF="#Configuring slapd to use an authentication provider">14.5.1. Configuring slapd to use an authentication provider</A>
 <BR>
-<A HREF="#Client Certificates">15.1.2. Client Certificates</A></UL>
+<A HREF="#Configuring saslauthd">14.5.2. Configuring saslauthd</A>
 <BR>
-<A HREF="#TLS Configuration">15.2. TLS Configuration</A><UL>
-<A HREF="#Server Configuration">15.2.1. Server Configuration</A>
+<A HREF="#Testing pass-through authentication">14.5.3. Testing pass-through authentication</A></UL></UL>
 <BR>
-<A HREF="#Client Configuration">15.2.2. Client Configuration</A></UL></UL>
+<A HREF="#Using SASL">15. Using SASL</A><UL>
+<A HREF="#SASL Security Considerations">15.1. SASL Security Considerations</A>
 <BR>
-<A HREF="#Constructing a Distributed Directory Service">16. Constructing a Distributed Directory Service</A><UL>
-<A HREF="#Subordinate Knowledge Information">16.1. Subordinate Knowledge Information</A>
+<A HREF="#SASL Authentication">15.2. SASL Authentication</A><UL>
+<A HREF="#GSSAPI">15.2.1. GSSAPI</A>
 <BR>
-<A HREF="#Superior Knowledge Information">16.2. Superior Knowledge Information</A>
+<A HREF="#KERBEROS_V4">15.2.2. KERBEROS_V4</A>
 <BR>
-<A HREF="#The ManageDsaIT Control">16.3. The ManageDsaIT Control</A></UL>
+<A HREF="#DIGEST-MD5">15.2.3. DIGEST-MD5</A>
 <BR>
-<A HREF="#Replication">17. Replication</A><UL>
-<A HREF="#Push Based">17.1. Push Based</A><UL>
-<A HREF="#Replacing Slurpd">17.1.1. Replacing Slurpd</A></UL>
+<A HREF="#Mapping Authentication Identities">15.2.4. Mapping Authentication Identities</A>
 <BR>
-<A HREF="#Pull Based">17.2. Pull Based</A><UL>
-<A HREF="#LDAP Sync Replication">17.2.1. LDAP Sync Replication</A>
+<A HREF="#Direct Mapping">15.2.5. Direct Mapping</A>
 <BR>
-<A HREF="#Delta-syncrepl replication">17.2.2. Delta-syncrepl replication</A></UL>
+<A HREF="#Search-based mappings">15.2.6. Search-based mappings</A></UL>
 <BR>
-<A HREF="#Mixture of both Pull and Push based">17.3. Mixture of both Pull and Push based</A><UL>
-<A HREF="#N-Way Multi-Master replication">17.3.1. N-Way Multi-Master replication</A>
+<A HREF="#SASL Proxy Authorization">15.3. SASL Proxy Authorization</A><UL>
+<A HREF="#Uses of Proxy Authorization">15.3.1. Uses of Proxy Authorization</A>
 <BR>
-<A HREF="#MirrorMode replication">17.3.2. MirrorMode replication</A></UL>
+<A HREF="#SASL Authorization Identities">15.3.2. SASL Authorization Identities</A>
 <BR>
-<A HREF="#Configuring the different replication types">17.4. Configuring the different replication types</A><UL>
-<A HREF="#Syncrepl">17.4.1. Syncrepl</A>
+<A HREF="#Proxy Authorization Rules">15.3.3. Proxy Authorization Rules</A></UL></UL>
 <BR>
-<A HREF="#Delta-syncrepl">17.4.2. Delta-syncrepl</A>
+<A HREF="#Using TLS">16. Using TLS</A><UL>
+<A HREF="#TLS Certificates">16.1. TLS Certificates</A><UL>
+<A HREF="#Server Certificates">16.1.1. Server Certificates</A>
 <BR>
-<A HREF="#N-Way Multi-Master">17.4.3. N-Way Multi-Master</A>
+<A HREF="#Client Certificates">16.1.2. Client Certificates</A></UL>
 <BR>
-<A HREF="#MirrorMode">17.4.4. MirrorMode</A></UL></UL>
+<A HREF="#TLS Configuration">16.2. TLS Configuration</A><UL>
+<A HREF="#Server Configuration">16.2.1. Server Configuration</A>
 <BR>
-<A HREF="#Maintenance">18. Maintenance</A><UL>
-<A HREF="#Directory Backups">18.1. Directory Backups</A>
+<A HREF="#Client Configuration">16.2.2. Client Configuration</A></UL></UL>
 <BR>
-<A HREF="#Berkeley DB Logs">18.2. Berkeley DB Logs</A>
+<A HREF="#Constructing a Distributed Directory Service">17. Constructing a Distributed Directory Service</A><UL>
+<A HREF="#Subordinate Knowledge Information">17.1. Subordinate Knowledge Information</A>
 <BR>
-<A HREF="#Checkpointing">18.3. Checkpointing</A>
+<A HREF="#Superior Knowledge Information">17.2. Superior Knowledge Information</A>
 <BR>
-<A HREF="#Migration">18.4. Migration</A></UL>
+<A HREF="#The ManageDsaIT Control">17.3. The ManageDsaIT Control</A></UL>
 <BR>
-<A HREF="#Monitoring">19. Monitoring</A><UL>
-<A HREF="#Monitor configuration via cn=config(5)">19.1. Monitor configuration via cn=config(5)</A>
+<A HREF="#Replication">18. Replication</A><UL>
+<A HREF="#Replication Technology">18.1. Replication Technology</A><UL>
+<A HREF="#LDAP Sync Replication">18.1.1. LDAP Sync Replication</A></UL>
 <BR>
-<A HREF="#Monitor configuration via slapd.conf(5)">19.2. Monitor configuration via slapd.conf(5)</A>
+<A HREF="#Deployment Alternatives">18.2. Deployment Alternatives</A><UL>
+<A HREF="#Delta-syncrepl replication">18.2.1. Delta-syncrepl replication</A>
 <BR>
-<A HREF="#Accessing Monitoring Information">19.3. Accessing Monitoring Information</A>
+<A HREF="#N-Way Multi-Master replication">18.2.2. N-Way Multi-Master replication</A>
 <BR>
-<A HREF="#Monitor Information">19.4. Monitor Information</A><UL>
-<A HREF="#Backends">19.4.1. Backends</A>
+<A HREF="#MirrorMode replication">18.2.3. MirrorMode replication</A>
 <BR>
-<A HREF="#Connections">19.4.2. Connections</A>
+<A HREF="#Syncrepl Proxy Mode">18.2.4. Syncrepl Proxy Mode</A></UL>
 <BR>
-<A HREF="#Databases">19.4.3. Databases</A>
+<A HREF="#Configuring the different replication types">18.3. Configuring the different replication types</A><UL>
+<A HREF="#Syncrepl">18.3.1. Syncrepl</A>
 <BR>
-<A HREF="#Listener">19.4.4. Listener</A>
+<A HREF="#Delta-syncrepl">18.3.2. Delta-syncrepl</A>
 <BR>
-<A HREF="#Log">19.4.5. Log</A>
+<A HREF="#N-Way Multi-Master">18.3.3. N-Way Multi-Master</A>
 <BR>
-<A HREF="#Operations">19.4.6. Operations</A>
+<A HREF="#MirrorMode">18.3.4. MirrorMode</A>
 <BR>
-<A HREF="#Overlays">19.4.7. Overlays</A>
+<A HREF="#Syncrepl Proxy">18.3.5. Syncrepl Proxy</A></UL></UL>
 <BR>
-<A HREF="#SASL">19.4.8. SASL</A>
+<A HREF="#Maintenance">19. Maintenance</A><UL>
+<A HREF="#Directory Backups">19.1. Directory Backups</A>
 <BR>
-<A HREF="#Statistics">19.4.9. Statistics</A>
+<A HREF="#Berkeley DB Logs">19.2. Berkeley DB Logs</A>
 <BR>
-<A HREF="#Threads">19.4.10. Threads</A>
+<A HREF="#Checkpointing">19.3. Checkpointing</A>
 <BR>
-<A HREF="#Time">19.4.11. Time</A>
+<A HREF="#Migration">19.4. Migration</A></UL>
 <BR>
-<A HREF="#TLS">19.4.12. TLS</A>
+<A HREF="#Monitoring">20. Monitoring</A><UL>
+<A HREF="#Monitor configuration via cn=config(5)">20.1. Monitor configuration via cn=config(5)</A>
 <BR>
-<A HREF="#Waiters">19.4.13. Waiters</A></UL></UL>
+<A HREF="#Monitor configuration via slapd.conf(5)">20.2. Monitor configuration via slapd.conf(5)</A>
 <BR>
-<A HREF="#Tuning">20. Tuning</A><UL>
-<A HREF="#Performance Factors">20.1. Performance Factors</A><UL>
-<A HREF="#Memory">20.1.1. Memory</A>
+<A HREF="#Accessing Monitoring Information">20.3. Accessing Monitoring Information</A>
 <BR>
-<A HREF="#Disks">20.1.2. Disks</A>
+<A HREF="#Monitor Information">20.4. Monitor Information</A><UL>
+<A HREF="#Backends">20.4.1. Backends</A>
 <BR>
-<A HREF="#Network Topology">20.1.3. Network Topology</A>
+<A HREF="#Connections">20.4.2. Connections</A>
 <BR>
-<A HREF="#Directory Layout Design">20.1.4. Directory Layout Design</A>
+<A HREF="#Databases">20.4.3. Databases</A>
 <BR>
-<A HREF="#Expected Usage">20.1.5. Expected Usage</A></UL>
+<A HREF="#Listener">20.4.4. Listener</A>
 <BR>
-<A HREF="#Indexes">20.2. Indexes</A><UL>
-<A HREF="#Understanding how a search works">20.2.1. Understanding how a search works</A>
+<A HREF="#Log">20.4.5. Log</A>
 <BR>
-<A HREF="#What to index">20.2.2. What to index</A>
+<A HREF="#Operations">20.4.6. Operations</A>
 <BR>
-<A HREF="#Presence indexing">20.2.3. Presence indexing</A></UL>
+<A HREF="#Overlays">20.4.7. Overlays</A>
 <BR>
-<A HREF="#Logging">20.3. Logging</A><UL>
-<A HREF="#What log level to use">20.3.1. What log level to use</A>
+<A HREF="#SASL">20.4.8. SASL</A>
 <BR>
-<A HREF="#What to watch out for">20.3.2. What to watch out for</A>
+<A HREF="#Statistics">20.4.9. Statistics</A>
 <BR>
-<A HREF="#Improving throughput">20.3.3. Improving throughput</A></UL>
+<A HREF="#Threads">20.4.10. Threads</A>
 <BR>
-<A HREF="#Caching">20.4. Caching</A><UL>
-<A HREF="#Berkeley DB Cache">20.4.1. Berkeley DB Cache</A>
+<A HREF="#Time">20.4.11. Time</A>
 <BR>
-<A HREF="#{{slapd}}(8) Entry Cache (cachesize)">20.4.2. <EM>slapd</EM>(8) Entry Cache (cachesize)</A>
+<A HREF="#TLS">20.4.12. TLS</A>
 <BR>
-<A HREF="#{{TERM:IDL}} Cache (idlcachesize)">20.4.3. <TERM>IDL</TERM> Cache (idlcachesize)</A>
+<A HREF="#Waiters">20.4.13. Waiters</A></UL></UL>
 <BR>
-<A HREF="#{{slapd}}(8) Threads">20.4.4. <EM>slapd</EM>(8) Threads</A></UL></UL>
+<A HREF="#Tuning">21. Tuning</A><UL>
+<A HREF="#Performance Factors">21.1. Performance Factors</A><UL>
+<A HREF="#Memory">21.1.1. Memory</A>
 <BR>
-<A HREF="#Troubleshooting">21. Troubleshooting</A><UL>
-<A HREF="#User or Software errors">21.1. User or Software errors?</A>
+<A HREF="#Disks">21.1.2. Disks</A>
 <BR>
-<A HREF="#Checklist">21.2. Checklist</A>
+<A HREF="#Network Topology">21.1.3. Network Topology</A>
 <BR>
-<A HREF="#OpenLDAP Bugs">21.3. OpenLDAP Bugs</A>
+<A HREF="#Directory Layout Design">21.1.4. Directory Layout Design</A>
 <BR>
-<A HREF="#3rd party software error">21.4. 3rd party software error</A>
+<A HREF="#Expected Usage">21.1.5. Expected Usage</A></UL>
 <BR>
-<A HREF="#How to contact the OpenLDAP Project">21.5. How to contact the OpenLDAP Project</A>
+<A HREF="#Indexes">21.2. Indexes</A><UL>
+<A HREF="#Understanding how a search works">21.2.1. Understanding how a search works</A>
 <BR>
-<A HREF="#How to present your problem">21.6. How to present your problem</A>
+<A HREF="#What to index">21.2.2. What to index</A>
 <BR>
-<A HREF="#Debugging {{slapd}}(8)">21.7. Debugging <EM>slapd</EM>(8)</A>
+<A HREF="#Presence indexing">21.2.3. Presence indexing</A></UL>
 <BR>
-<A HREF="#Commercial Support">21.8. Commercial Support</A></UL>
+<A HREF="#Logging">21.3. Logging</A><UL>
+<A HREF="#What log level to use">21.3.1. What log level to use</A>
 <BR>
+<A HREF="#What to watch out for">21.3.2. What to watch out for</A>
+<BR>
+<A HREF="#Improving throughput">21.3.3. Improving throughput</A></UL>
+<BR>
+<A HREF="#Caching">21.4. Caching</A><UL>
+<A HREF="#Berkeley DB Cache">21.4.1. Berkeley DB Cache</A>
+<BR>
+<A HREF="#{{slapd}}(8) Entry Cache (cachesize)">21.4.2. <EM>slapd</EM>(8) Entry Cache (cachesize)</A>
+<BR>
+<A HREF="#{{TERM:IDL}} Cache (idlcachesize)">21.4.3. <TERM>IDL</TERM> Cache (idlcachesize)</A>
+<BR>
+<A HREF="#{{slapd}}(8) Threads">21.4.4. <EM>slapd</EM>(8) Threads</A></UL></UL>
+<BR>
+<A HREF="#Troubleshooting">22. Troubleshooting</A><UL>
+<A HREF="#User or Software errors">22.1. User or Software errors?</A>
+<BR>
+<A HREF="#Checklist">22.2. Checklist</A>
+<BR>
+<A HREF="#OpenLDAP Bugs">22.3. OpenLDAP Bugs</A>
+<BR>
+<A HREF="#3rd party software error">22.4. 3rd party software error</A>
+<BR>
+<A HREF="#How to contact the OpenLDAP Project">22.5. How to contact the OpenLDAP Project</A>
+<BR>
+<A HREF="#How to present your problem">22.6. How to present your problem</A>
+<BR>
+<A HREF="#Debugging {{slapd}}(8)">22.7. Debugging <EM>slapd</EM>(8)</A>
+<BR>
+<A HREF="#Commercial Support">22.8. Commercial Support</A></UL>
+<BR>
 <A HREF="#Changes Since Previous Release">A. Changes Since Previous Release</A><UL>
 <A HREF="#New Guide Sections">A.1. New Guide Sections</A>
 <BR>
@@ -1063,7 +1093,7 @@
 <P><B>Internationalization</B>: <EM>slapd</EM> supports Unicode and language tags.</P>
 <P><B>Choice of database backends</B>: <EM>slapd</EM> comes with a variety of different database backends you can choose from. They include <TERM>BDB</TERM>, a high-performance transactional database backend; <TERM>HDB</TERM>, a hierarchical high-performance transactional backend; <EM>SHELL</EM>, a backend interface to arbitrary shell scripts; and PASSWD, a simple backend interface to the <EM>passwd</EM>(5) file. The BDB and HDB backends utilize <A HREF="http://www.oracle.com/">Oracle</A> <A HREF="http://www.oracle.com/database/berkeley-db/db/index.html">Berkeley DB</A>.</P>
 <P><B>Multiple database instances</B>: <EM>slapd</EM> can be configured to serve multiple databases at the same time. This means that a single <EM>slapd</EM> server can respond to requests for many logically different portions of the LDAP tree, using the same or different database backends.</P>
-<P><B>Generic modules API</B>:  If you require even more customization, <EM>slapd</EM> lets you write your own modules easily. <EM>slapd</EM> consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.  Because these two pieces communicate via a well-defined <TERM>C</TERM> <TERM>API</TERM>, you can write your own customized modules which extend <EM>slapd</EM> in numerous ways.  Also, a number of <EM>programmable database</EM> modules are provided.  These allow you to expose external data sources to <EM>slapd</EM> using popular programming languages (<A HREF="http://www.perl.org/">Perl</A>, <EM>shell</EM>, and <TERM>SQL</TERM>.</P>
+<P><B>Generic modules API</B>:  If you require even more customization, <EM>slapd</EM> lets you write your own modules easily. <EM>slapd</EM> consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.  Because these two pieces communicate via a well-defined <TERM>C</TERM> <TERM>API</TERM>, you can write your own customized modules which extend <EM>slapd</EM> in numerous ways.  Also, a number of <EM>programmable database</EM> modules are provided.  These allow you to expose external data sources to <EM>slapd</EM> using popular programming languages (<A HREF="http://www.perl.org/">Perl</A>, <EM>shell</EM>, and <TERM>SQL</TERM>).</P>
 <P><B>Threads</B>: <EM>slapd</EM> is threaded for high performance.  A single multi-threaded <EM>slapd</EM> process handles all incoming requests using a pool of threads.  This reduces the amount of system overhead required while providing high performance.</P>
 <P><B>Replication</B>: <EM>slapd</EM> can be configured to maintain shadow copies of directory information.  This <EM>single-master/multiple-slave</EM> replication scheme is vital in high-volume environments where a single <EM>slapd</EM> installation just doesn't provide the necessary availability or reliability.  For extremely demanding environments where a single point of failure is not acceptable, <EM>multi-master</EM> replication is also available.  <EM>slapd</EM> includes support for <EM>LDAP Sync</EM>-based replication.</P>
 <P><B>Proxy Cache</B>: <EM>slapd</EM> can be configured as a caching LDAP proxy service.</P>
@@ -1258,7 +1288,7 @@
 <BR>
 This command will search for and retrieve every entry in the database.</OL>
 <P>You are now ready to add more entries using <EM>ldapadd</EM>(1) or another LDAP client, experiment with various configuration options, backend arrangements, etc..</P>
-<P>Note that by default, the <EM>slapd</EM>(8) database grants <EM>read access to everybody</EM> excepting the <EM>super-user</EM> (as specified by the <TT>rootdn</TT> configuration directive).  It is highly recommended that you establish controls to restrict access to authorized users. Access controls are discussed in the <A HREF="#The access Configuration Directive">The access Configuration Directive</A> section of <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapter. You are also encouraged to read the <A HREF="#Security Considerations">Security Considerations</A>, <A HREF="#Using SASL">Using SASL</A> and <A HREF="#Using TLS">Using TLS</A> sections.</P>
+<P>Note that by default, the <EM>slapd</EM>(8) database grants <EM>read access to everybody</EM> excepting the <EM>super-user</EM> (as specified by the <TT>rootdn</TT> configuration directive).  It is highly recommended that you establish controls to restrict access to authorized users. Access controls are discussed in the <A HREF="#Access Control">Access Control</A> chapter. You are also encouraged to read the <A HREF="#Security Considerations">Security Considerations</A>, <A HREF="#Using SASL">Using SASL</A> and <A HREF="#Using TLS">Using TLS</A> sections.</P>
 <P>The following chapters provide more detailed information on making, installing, and running <EM>slapd</EM>(8).</P>
 <P></P>
 <HR>
@@ -1311,7 +1341,7 @@
 <P>Heimdal Kerberos is available from <A HREF="http://www.pdc.kth.se/heimdal/">http://www.pdc.kth.se/heimdal/</A>. MIT Kerberos is available from <A HREF="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</A>.</P>
 <P>Use of strong authentication services, such as those provided by Kerberos, is highly recommended.</P>
 <H3><A NAME="Database Software">4.2.4. Database Software</A></H3>
-<P>OpenLDAP's <EM>slapd</EM>(8) <TERM>BDB</TERM> and <TERM>HDB</TERM> primary database backends require <A HREF="http://www.oracle.com/">Oracle Corporation</A> <A HREF="http://www.oracle.com/database/berkeley-db/db/index.html">Berkeley DB</A>. If not available at configure time, you will not be able build <EM>slapd</EM>(8) with these primary database backends.</P>
+<P>OpenLDAP's <EM>slapd</EM>(8) <TERM>BDB</TERM> and <TERM>HDB</TERM> primary database backends require <A HREF="http://www.oracle.com/">Oracle Corporation</A> <A HREF="http://www.oracle.com/database/berkeley-db/db/index.html">Berkeley DB</A>. If not available at configure time, you will not be able to build <EM>slapd</EM>(8) with these primary database backends.</P>
 <P>Your operating system may provide a supported version of <A HREF="http://www.oracle.com/database/berkeley-db/db/index.html">Berkeley DB</A> in the base system or as an optional software component.  If not, you'll have to obtain and install it yourself.</P>
 <P><A HREF="http://www.oracle.com/database/berkeley-db/db/index.html">Berkeley DB</A> is available from <A HREF="http://www.oracle.com/">Oracle Corporation</A>'s Berkeley DB download page <A HREF="http://www.oracle.com/technology/software/products/berkeley-db/index.html">http://www.oracle.com/technology/software/products/berkeley-db/index.html</A>.</P>
 <P>There are several versions available. Generally, the most recent release (with published patches) is recommended. This package is required if you wish to use the <TERM>BDB</TERM> or <TERM>HDB</TERM> database backends.</P>
@@ -1492,7 +1522,7 @@
 </PRE>
 <P>Some of the entries listed above have a numeric index <TT>&quot;{X}&quot;</TT> in their names. While most configuration settings have an inherent ordering dependency (i.e., one setting must take effect before a subsequent one may be set), LDAP databases are inherently unordered. The numeric index is used to enforce a consistent ordering in the configuration database, so that all ordering dependencies are preserved. In most cases the index does not have to be provided; it will be automatically generated based on the order in which entries are created.</P>
 <P>Configuration directives are specified as values of individual attributes. Most of the attributes and objectClasses used in the slapd configuration have a prefix of <TT>&quot;olc&quot;</TT> (OpenLDAP Configuration) in their names. Generally there is a one-to-one correspondence between the attributes and the old-style <TT>slapd.conf</TT> configuration keywords, using the keyword as the attribute name, with the &quot;olc&quot; prefix attached.</P>
-<P>A configuration directive may take arguments.  If so, the arguments are separated by white space.  If an argument contains white space, the argument should be enclosed in double quotes <TT>&quot;like this&quot;</TT>. In the descriptions that follow, arguments that should be replaced by actual text are shown in brackets <TT>&lt;&gt;</TT>.</P>
+<P>A configuration directive may take arguments.  If so, the arguments are separated by whitespace.  If an argument contains whitespace, the argument should be enclosed in double quotes <TT>&quot;like this&quot;</TT>. In the descriptions that follow, arguments that should be replaced by actual text are shown in brackets <TT>&lt;&gt;</TT>.</P>
 <P>The distribution contains an example configuration file that will be installed in the <TT>/usr/local/etc/openldap</TT> directory. A number of files containing schema definitions (attribute types and object classes) are also provided in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
 <H2><A NAME="Configuration Directives">5.2. Configuration Directives</A></H2>
 <P>This section details commonly used configuration directives.  For a complete list, see the <EM>slapd-config</EM>(5) manual page.  This section will treat the configuration directives in a top-down order, starting with the global directives in the <TT>cn=config</TT> entry. Each directive will be described along with its default value (if any) and an example of its use.</P>
@@ -1501,7 +1531,7 @@
 <H4><A NAME="olcIdleTimeout: &lt;integer&gt;">5.2.1.1. olcIdleTimeout: &lt;integer&gt;</A></H4>
 <P>Specify the number of seconds to wait before forcibly closing an idle client connection.  A value of 0, the default, disables this feature.</P>
 <H4><A NAME="olcLogLevel: &lt;level&gt;">5.2.1.2. olcLogLevel: &lt;level&gt;</A></H4>
-<P>This directive specifies the level at which debugging statements and operation statistics should be syslogged (currently logged to the <EM>syslogd</EM>(8) <TT>LOG_LOCAL4</TT> facility). You must have configured OpenLDAP <TT>--enable-debug</TT> (the default) for this to work (except for the two statistics levels, which are always enabled). Log levels may be specified as integers or by keyword. Multiple log levels may be used and the levels are additive. To display what levels correspond to what kind of debugging, invoke slapd with <TT>-?</TT> or consult the table below. The possible values for &lt;level&gt; are:</P>
+<P>This directive specifies the level at which debugging statements and operation statistics should be syslogged (currently logged to the <EM>syslogd</EM>(8) <TT>LOG_LOCAL4</TT> facility). You must have configured OpenLDAP <TT>--enable-debug</TT> (the default) for this to work (except for the two statistics levels, which are always enabled). Log levels may be specified as integers or by keyword. Multiple log levels may be used and the levels are additive. To display what levels correspond to what kind of debugging, invoke slapd with <TT>-d?</TT> or consult the table below. The possible values for &lt;level&gt; are:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 5.1: Debugging Levels</CAPTION>
 <TR CLASS="heading">
@@ -1520,7 +1550,7 @@
 -1
 </TD>
 <TD ALIGN='Left'>
-Any
+any
 </TD>
 <TD>
 enable all debugging
@@ -1542,10 +1572,10 @@
 1
 </TD>
 <TD ALIGN='Left'>
-Trace
+(0x1 trace)
 </TD>
 <TD>
-trace function calls
+trace function callss
 </TD>
 </TR>
 <TR>
@@ -1553,7 +1583,7 @@
 2
 </TD>
 <TD ALIGN='Left'>
-Packets
+(0x2 packets)
 </TD>
 <TD>
 debug packet handling
@@ -1564,7 +1594,7 @@
 4
 </TD>
 <TD ALIGN='Left'>
-Args
+(0x4 args)
 </TD>
 <TD>
 heavy trace debugging
@@ -1575,7 +1605,7 @@
 8
 </TD>
 <TD ALIGN='Left'>
-Conns
+(0x8 conns)
 </TD>
 <TD>
 connection management
@@ -1586,7 +1616,7 @@
 16
 </TD>
 <TD ALIGN='Left'>
-BER
+(0x10 BER)
 </TD>
 <TD>
 print out packets sent and received
@@ -1597,7 +1627,7 @@
 32
 </TD>
 <TD ALIGN='Left'>
-Filter
+(0x20 filter)
 </TD>
 <TD>
 search filter processing
@@ -1608,7 +1638,7 @@
 64
 </TD>
 <TD ALIGN='Left'>
-Config
+(0x40 config)
 </TD>
 <TD>
 configuration processing
@@ -1619,7 +1649,7 @@
 128
 </TD>
 <TD ALIGN='Left'>
-ACL
+(0x80 ACL)
 </TD>
 <TD>
 access control list processing
@@ -1630,7 +1660,7 @@
 256
 </TD>
 <TD ALIGN='Left'>
-Stats
+(0x100 stats)
 </TD>
 <TD>
 stats log connections/operations/results
@@ -1641,7 +1671,7 @@
 512
 </TD>
 <TD ALIGN='Left'>
-Stats2
+(0x200 stats2)
 </TD>
 <TD>
 stats log entries sent
@@ -1652,7 +1682,7 @@
 1024
 </TD>
 <TD ALIGN='Left'>
-Shell
+(0x400 shell)
 </TD>
 <TD>
 print communication with shell backends
@@ -1663,7 +1693,7 @@
 2048
 </TD>
 <TD ALIGN='Left'>
-Parse
+(0x800 parse)
 </TD>
 <TD>
 print entry parsing debugging
@@ -1671,52 +1701,55 @@
 </TR>
 <TR>
 <TD ALIGN='Right'>
-4096
+16384
 </TD>
 <TD ALIGN='Left'>
-Cache
+(0x4000 sync)
 </TD>
 <TD>
-database cache processing
+syncrepl consumer processing
 </TD>
 </TR>
 <TR>
 <TD ALIGN='Right'>
-8192
+32768
 </TD>
 <TD ALIGN='Left'>
-Index
+(0x8000 none)
 </TD>
 <TD>
-database indexing
+only messages that get logged whatever log level is set
 </TD>
 </TR>
-<TR>
-<TD ALIGN='Right'>
-16384
-</TD>
-<TD ALIGN='Left'>
-Sync
-</TD>
-<TD>
-syncrepl consumer processing
-</TD>
-</TR>
 </TABLE>
 
-<P>Example:</P>
+<P>The desired log level can be input as a single integer that combines the (ORed) desired levels, both in decimal or in hexadecimal notation, as a list of integers (that are ORed internally), or as a list of the names that are shown between brackets, such that</P>
 <PRE>
- olcLogLevel: -1
+                olcLogLevel 129
+                olcLogLevel 0x81
+                olcLogLevel 128 1
+                olcLogLevel 0x80 0x1
+                olcLogLevel acl trace
 </PRE>
+<P>are equivalent.</P>
+<P>Examples:</P>
+<PRE>
+ olcLogLevel -1
+</PRE>
 <P>This will cause lots and lots of debugging information to be logged.</P>
 <PRE>
- olcLogLevel: Conns Filter
+ olcLogLevel conns filter
 </PRE>
 <P>Just log the connection and search filter processing.</P>
+<PRE>
+ olcLogLevel none
+</PRE>
+<P>Log those messages that are logged regardless of the configured loglevel. This differs from setting the log level to 0, when no logging occurs. At least the <TT>None</TT> level is required to have high priority messages logged.</P>
 <P>Default:</P>
 <PRE>
- olcLogLevel: Stats
+ olcLogLevel stats
 </PRE>
+<P>Basic stats logging is configured by default. However, if no olcLogLevel is defined, no logging occurs (equivalent to a 0 level).</P>
 <H4><A NAME="olcReferral &lt;URI&gt;">5.2.1.3. olcReferral &lt;URI&gt;</A></H4>
 <P>This directive specifies the referral to pass back when slapd cannot find a local database to handle a request.</P>
 <P>Example:</P>
@@ -1954,6 +1987,7 @@
 <PRE>
         olcSizeLimit: 500
 </PRE>
+<P>See the <A HREF="#Limits">Limits</A> section of this guide and slapd-config(5) for more details.</P>
 <H4><A NAME="olcSuffix: &lt;dn suffix&gt;">5.2.5.7. olcSuffix: &lt;dn suffix&gt;</A></H4>
 <P>This directive specifies the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given, and usually at least one is required for each database definition. (Some backend types, such as <TT>frontend</TT> and <TT>monitor</TT> use a hard-coded suffix which may not be overridden in the configuration.)</P>
 <P>Example:</P>
@@ -2021,6 +2055,7 @@
 <PRE>
         olcTimeLimit: 3600
 </PRE>
+<P>See the <A HREF="#Limits">Limits</A> section of this guide and slapd-config(5) for more details.</P>
 <H4><A NAME="olcUpdateref: &lt;URL&gt;">5.2.5.10. olcUpdateref: &lt;URL&gt;</A></H4>
 <P>This directive is only applicable in a slave slapd. It specifies the URL to return to clients which submit update requests upon the replica. If specified multiple times, each <TERM>URL</TERM> is provided.</P>
 <P>Example:</P>
@@ -2104,8 +2139,8 @@
 <P>If this setting is changed while slapd is running, an internal task will be run to generate the changed index data. All server operations can continue as normal while the indexer does its work.  If slapd is stopped before the index task completes, indexing will have to be manually completed using the slapindex tool.</P>
 <H4><A NAME="olcDbLinearIndex: { TRUE | FALSE }">5.2.6.8. olcDbLinearIndex: { TRUE | FALSE }</A></H4>
 <P>If this setting is <TT>TRUE</TT> slapindex will index one attribute at a time. The default settings is <TT>FALSE</TT> in which case all indexed attributes of an entry are processed at the same time. When enabled, each indexed attribute is processed individually, using multiple passes through the entire database. This option improves slapindex performance when the database size exceeds the BDB cache size. When the BDB cache is large enough, this option is not needed and will decrease performance. Also by default, slapadd performs full indexing and so a separate slapindex run is not needed. With this option, slapadd does no indexing and slapindex must be used.</P>
-<H4><A NAME="olcDbMode: &lt;integer&gt;">5.2.6.9. olcDbMode: &lt;integer&gt;</A></H4>
-<P>This directive specifies the file protection mode that newly created database index files should have.</P>
+<H4><A NAME="olcDbMode: { &lt;octal&gt; | &lt;symbolic&gt; }">5.2.6.9. olcDbMode: { &lt;octal&gt; | &lt;symbolic&gt; }</A></H4>
+<P>This directive specifies the file protection mode that newly created database index files should have. This can be in the form <TT>0600</TT> or <TT>-rw-------</TT></P>
 <P>Default:</P>
 <PRE>
         olcDbMode: 0600
@@ -2146,7 +2181,7 @@
 <P>An alternate configuration file location can be specified via a command-line option to <EM>slapd</EM>(8). This chapter describes the general format of the <EM>slapd.conf</EM>(5) configuration file, followed by a detailed description of commonly used config file directives.</P>
 <H2><A NAME="Configuration File Format">6.1. Configuration File Format</A></H2>
 <P>The <EM>slapd.conf</EM>(5) file consists of three types of configuration information: global, backend specific, and database specific.  Global information is specified first, followed by information associated with a particular backend type, which is then followed by information associated with a particular database instance.  Global directives can be overridden in backend and/or database directives, and backend directives can be overridden by database directives.</P>
-<P>Blank lines and comment lines beginning with a '<TT>#</TT>' character are ignored.  If a line begins with white space, it is considered a continuation of the previous line (even if the previous line is a comment).</P>
+<P>Blank lines and comment lines beginning with a '<TT>#</TT>' character are ignored.  If a line begins with whitespace, it is considered a continuation of the previous line (even if the previous line is a comment).</P>
 <P>The general format of slapd.conf is as follows:</P>
 <PRE>
         # global configuration directives
@@ -2171,7 +2206,7 @@
         # subsequent backend &amp; database definitions &amp; config directives
         ...
 </PRE>
-<P>A configuration directive may take arguments.  If so, they are separated by white space.  If an argument contains white space, the argument should be enclosed in double quotes <TT>&quot;like this&quot;</TT>. If an argument contains a double quote or a backslash character `<TT>\</TT>', the character should be preceded by a backslash character `<TT>\</TT>'.</P>
+<P>A configuration directive may take arguments.  If so, they are separated by whitespace.  If an argument contains whitespace, the argument should be enclosed in double quotes <TT>&quot;like this&quot;</TT>. If an argument contains a double quote or a backslash character `<TT>\</TT>', the character should be preceded by a backslash character `<TT>\</TT>'.</P>
 <P>The distribution contains an example configuration file that will be installed in the <TT>/usr/local/etc/openldap</TT> directory. A number of files containing schema definitions (attribute types and object classes) are also provided in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
 <H2><A NAME="Configuration File Directives">6.2. Configuration File Directives</A></H2>
 <P>This section details commonly used configuration directives.  For a complete list, see the <EM>slapd.conf</EM>(5) manual page.  This section separates the configuration file directives into global, backend-specific and data-specific categories, describing each directive and its default value (if any), and giving an example of its use.</P>
@@ -2192,7 +2227,7 @@
 <STRONG>Note: </STRONG>You should be careful when using this directive - there is no small limit on the number of nested include directives, and no loop detection is done.
 <HR WIDTH="80%" ALIGN="Left"></P>
 <H4><A NAME="loglevel &lt;integer&gt;">6.2.1.5. loglevel &lt;integer&gt;</A></H4>
-<P>This directive specifies the level at which debugging statements and operation statistics should be syslogged (currently logged to the <EM>syslogd</EM>(8) <TT>LOG_LOCAL4</TT> facility). You must have configured OpenLDAP <TT>--enable-debug</TT> (the default) for this to work (except for the two statistics levels, which are always enabled).  Log levels are additive. To display what numbers correspond to what kind of debugging, invoke slapd with <TT>-?</TT> or consult the table below. The possible values for &lt;integer&gt; are:</P>
+<P>This directive specifies the level at which debugging statements and operation statistics should be syslogged (currently logged to the <EM>syslogd</EM>(8) <TT>LOG_LOCAL4</TT> facility). You must have configured OpenLDAP <TT>--enable-debug</TT> (the default) for this to work (except for the two statistics levels, which are always enabled). Log levels may be specified as integers or by keyword. Multiple log levels may be used and the levels are additive. To display what numbers correspond to what kind of debugging, invoke slapd with <TT>-d?</TT> or consult the table below. The possible values for &lt;integer&gt; are:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 6.1: Debugging Levels</CAPTION>
 <TR CLASS="heading">
@@ -2200,6 +2235,9 @@
 <STRONG>Level</STRONG>
 </TD>
 <TD ALIGN='Left'>
+<STRONG>Keyword</STRONG>
+</TD>
+<TD>
 <STRONG>Description</STRONG>
 </TD>
 </TR>
@@ -2208,6 +2246,9 @@
 -1
 </TD>
 <TD ALIGN='Left'>
+any
+</TD>
+<TD>
 enable all debugging
 </TD>
 </TR>
@@ -2216,6 +2257,9 @@
 0
 </TD>
 <TD ALIGN='Left'>
+&nbsp;
+</TD>
+<TD>
 no debugging
 </TD>
 </TR>
@@ -2224,6 +2268,9 @@
 1
 </TD>
 <TD ALIGN='Left'>
+(0x1 trace)
+</TD>
+<TD>
 trace function calls
 </TD>
 </TR>
@@ -2232,6 +2279,9 @@
 2
 </TD>
 <TD ALIGN='Left'>
+(0x2 packets)
+</TD>
+<TD>
 debug packet handling
 </TD>
 </TR>
@@ -2240,6 +2290,9 @@
 4
 </TD>
 <TD ALIGN='Left'>
+(0x4 args)
+</TD>
+<TD>
 heavy trace debugging
 </TD>
 </TR>
@@ -2248,6 +2301,9 @@
 8
 </TD>
 <TD ALIGN='Left'>
+(0x8 conns)
+</TD>
+<TD>
 connection management
 </TD>
 </TR>
@@ -2256,6 +2312,9 @@
 16
 </TD>
 <TD ALIGN='Left'>
+(0x10 BER)
+</TD>
+<TD>
 print out packets sent and received
 </TD>
 </TR>
@@ -2264,6 +2323,9 @@
 32
 </TD>
 <TD ALIGN='Left'>
+(0x20 filter)
+</TD>
+<TD>
 search filter processing
 </TD>
 </TR>
@@ -2272,14 +2334,20 @@
 64
 </TD>
 <TD ALIGN='Left'>
-configuration file processing
+(0x40 config)
 </TD>
+<TD>
+configuration processing
+</TD>
 </TR>
 <TR>
 <TD ALIGN='Right'>
 128
 </TD>
 <TD ALIGN='Left'>
+(0x80 ACL)
+</TD>
+<TD>
 access control list processing
 </TD>
 </TR>
@@ -2288,6 +2356,9 @@
 256
 </TD>
 <TD ALIGN='Left'>
+(0x100 stats)
+</TD>
+<TD>
 stats log connections/operations/results
 </TD>
 </TR>
@@ -2296,6 +2367,9 @@
 512
 </TD>
 <TD ALIGN='Left'>
+(0x200 stats2)
+</TD>
+<TD>
 stats log entries sent
 </TD>
 </TR>
@@ -2304,6 +2378,9 @@
 1024
 </TD>
 <TD ALIGN='Left'>
+(0x400 shell)
+</TD>
+<TD>
 print communication with shell backends
 </TD>
 </TR>
@@ -2312,20 +2389,63 @@
 2048
 </TD>
 <TD ALIGN='Left'>
+(0x800 parse)
+</TD>
+<TD>
 print entry parsing debugging
 </TD>
 </TR>
+<TR>
+<TD ALIGN='Right'>
+16384
+</TD>
+<TD ALIGN='Left'>
+(0x4000 sync)
+</TD>
+<TD>
+syncrepl consumer processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+32768
+</TD>
+<TD ALIGN='Left'>
+(0x8000 none)
+</TD>
+<TD>
+only messages that get logged whatever log level is set
+</TD>
+</TR>
 </TABLE>
 
-<P>Example:</P>
+<P>The desired log level can be input as a single integer that combines the (ORed) desired levels, both in decimal or in hexadecimal notation, as a list of integers (that are ORed internally), or as a list of the names that are shown between brackets, such that</P>
 <PRE>
+                loglevel 129
+                loglevel 0x81
+                loglevel 128 1
+                loglevel 0x80 0x1
+                loglevel acl trace
+</PRE>
+<P>are equivalent.</P>
+<P>Examples:</P>
+<PRE>
  loglevel -1
 </PRE>
 <P>This will cause lots and lots of debugging information to be logged.</P>
+<PRE>
+ loglevel conns filter
+</PRE>
+<P>Just log the connection and search filter processing.</P>
+<PRE>
+ loglevel none
+</PRE>
+<P>Log those messages that are logged regardless of the configured loglevel. This differs from setting the log level to 0, when no logging occurs. At least the <TT>None</TT> level is required to have high priority messages logged.</P>
 <P>Default:</P>
 <PRE>
- loglevel 256
+ loglevel stats
 </PRE>
+<P>Basic stats logging is configured by default. However, if no loglevel is defined, no logging occurs (equivalent to a 0 level).</P>
 <H4><A NAME="objectclass &lt;{{REF:RFC4512}} Object Class Description&gt;"> </A>6.2.1.6. objectclass &lt;<A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A> Object Class Description&gt;</H4>
 <P>This directive defines an object class. Please see the <A HREF="#Schema Specification">Schema Specification</A> chapter for information regarding how to use this directive.</P>
 <H4><A NAME="referral &lt;URI&gt;">6.2.1.7. referral &lt;URI&gt;</A></H4>
@@ -2341,12 +2461,14 @@
 <PRE>
         sizelimit 500
 </PRE>
+<P>See the <A HREF="#Limits">Limits</A> section of this guide and slapd.conf(5) for more details.</P>
 <H4><A NAME="timelimit &lt;integer&gt;">6.2.1.9. timelimit &lt;integer&gt;</A></H4>
 <P>This directive specifies the maximum number of seconds (in real time) slapd will spend answering a search request. If a request is not finished in this time, a result indicating an exceeded timelimit will be returned.</P>
 <P>Default:</P>
 <PRE>
         timelimit 3600
 </PRE>
+<P>See the <A HREF="#Limits">Limits</A> section of this guide and slapd.conf(5) for more details.</P>
 <H3><A NAME="General Backend Directives">6.2.2. General Backend Directives</A></H3>
 <P>Directives in this section apply only to the backend in which they are defined. They are supported by every type of backend. Backend directives apply to all databases instances of the same type and, depending on the directive, may be overridden by database directives.</P>
 <H4><A NAME="backend &lt;type&gt;">6.2.2.1. backend &lt;type&gt;</A></H4>
@@ -2457,13 +2579,16 @@
         database bdb
 </PRE>
 <P>This marks the beginning of a new <TERM>BDB</TERM> database instance declaration.</P>
-<H4><A NAME="readonly { on | off }">6.2.3.2. readonly { on | off }</A></H4>
+<H4><A NAME="limits &lt;who&gt; &lt;limit&gt; [&lt;limit&gt; [...]]">6.2.3.2. limits &lt;who&gt; &lt;limit&gt; [&lt;limit&gt; [...]]</A></H4>
+<P>Specify time and size limits based on who initiated an operation.</P>
+<P>See the <A HREF="#Limits">Limits</A> section of this guide and slapd.conf(5) for more details.</P>
+<H4><A NAME="readonly { on | off }">6.2.3.3. readonly { on | off }</A></H4>
 <P>This directive puts the database into &quot;read-only&quot; mode. Any attempts to modify the database will return an &quot;unwilling to perform&quot; error.</P>
 <P>Default:</P>
 <PRE>
         readonly off
 </PRE>
-<H4><A NAME="rootdn &lt;DN&gt;">6.2.3.3. rootdn &lt;DN&gt;</A></H4>
+<H4><A NAME="rootdn &lt;DN&gt;">6.2.3.4. rootdn &lt;DN&gt;</A></H4>
 <P>This directive specifies the DN that is not subject to access control or administrative limit restrictions for operations on this database.  The DN need not refer to an entry in this database or even in the directory. The DN may refer to a SASL identity.</P>
 <P>Entry-based Example:</P>
 <PRE>
@@ -2474,7 +2599,7 @@
         rootdn &quot;uid=root,cn=example.com,cn=digest-md5,cn=auth&quot;
 </PRE>
 <P>See the <A HREF="#SASL Authentication">SASL Authentication</A> section for information on SASL authentication identities.</P>
-<H4><A NAME="rootpw &lt;password&gt;">6.2.3.4. rootpw &lt;password&gt;</A></H4>
+<H4><A NAME="rootpw &lt;password&gt;">6.2.3.5. rootpw &lt;password&gt;</A></H4>
 <P>This directive can be used to specifies a password for the DN for the rootdn (when the rootdn is set to a DN within the database).</P>
 <P>Example:</P>
 <PRE>
@@ -2486,7 +2611,7 @@
         rootpw {SSHA}ZKKuqbEKJfKSXhUbHG3fG8MDn9j1v4QN
 </PRE>
 <P>The hash was generated using the command <TT>slappasswd -s secret</TT>.</P>
-<H4><A NAME="suffix &lt;dn suffix&gt;">6.2.3.5. suffix &lt;dn suffix&gt;</A></H4>
+<H4><A NAME="suffix &lt;dn suffix&gt;">6.2.3.6. suffix &lt;dn suffix&gt;</A></H4>
 <P>This directive specifies the DN suffix of queries that will be passed to this backend database. Multiple suffix lines can be given, and at least one is required for each database definition.</P>
 <P>Example:</P>
 <PRE>
@@ -2496,7 +2621,7 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>When the backend to pass a query to is selected, slapd looks at the suffix line(s) in each database definition in the order they appear in the file. Thus, if one database suffix is a prefix of another, it must appear after it in the config file.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H4><A NAME="syncrepl">6.2.3.6. syncrepl</A></H4>
+<H4><A NAME="syncrepl">6.2.3.7. syncrepl</A></H4>
 <PRE>
         syncrepl rid=&lt;replica ID&gt;
                 provider=ldap[s]://&lt;hostname&gt;[:port]
@@ -2547,7 +2672,7 @@
 <P>Rather than replicating whole entries, the consumer can query logs of data modifications.  This mode of operation is referred to as <EM>delta syncrepl</EM>.  In addition to the above parameters, the <TT>logbase</TT> and <TT>logfilter</TT> parameters must be set appropriately for the log that will be used. The <TT>syncdata</TT> parameter must be set to either <TT>&quot;accesslog&quot;</TT> if the log conforms to the <EM>slapo-accesslog</EM>(5) log format, or <TT>&quot;changelog&quot;</TT> if the log conforms to the obsolete <EM>changelog</EM> format. If the <TT>syncdata</TT> parameter is omitted or set to <TT>&quot;default&quot;</TT> then the log parameters are ignored.</P>
 <P>The <EM>syncrepl</EM> replication mechanism is supported by the <EM>bdb</EM> and <EM>hdb</EM> backends.</P>
 <P>See the <A HREF="#LDAP Sync Replication">LDAP Sync Replication</A> chapter of this guide for more information on how to use this directive.</P>
-<H4><A NAME="updateref &lt;URL&gt;">6.2.3.7. updateref &lt;URL&gt;</A></H4>
+<H4><A NAME="updateref &lt;URL&gt;">6.2.3.8. updateref &lt;URL&gt;</A></H4>
 <P>This directive is only applicable in a <EM>slave</EM> (or <EM>shadow</EM>) <EM>slapd</EM>(8) instance. It specifies the URL to return to clients which submit update requests upon the replica. If specified multiple times, each <TERM>URL</TERM> is provided.</P>
 <P>Example:</P>
 <PRE>
@@ -2563,14 +2688,263 @@
 </PRE>
 <P></P>
 <HR>
-<H1><A NAME="Access Control">7. Access Control</A></H1>
-<H2><A NAME="Introduction">7.1. Introduction</A></H2>
+<H1><A NAME="Running slapd">7. Running slapd</A></H1>
+<P><EM>slapd</EM>(8) is designed to be run as a standalone service.  This allows the server to take advantage of caching, manage concurrency issues with underlying databases, and conserve system resources. Running from <EM>inetd</EM>(8) is <EM>NOT</EM> an option.</P>
+<H2><A NAME="Command-Line Options">7.1. Command-Line Options</A></H2>
+<P><EM>slapd</EM>(8) supports a number of command-line options as detailed in the manual page.  This section details a few commonly used options.</P>
+<PRE>
+        -f &lt;filename&gt;
+</PRE>
+<P>This option specifies an alternate configuration file for slapd. The default is normally <TT>/usr/local/etc/openldap/slapd.conf</TT>.</P>
+<PRE>
+        -F &lt;slapd-config-directory&gt;
+</PRE>
+<P>Specifies the slapd configuration directory. The default is <TT>/usr/local/etc/openldap/slapd.d</TT>.</P>
+<P>If both <TT>-f</TT> and <TT>-F</TT> are specified, the config file will be read and converted to config directory format and written to the specified directory. If neither option is specified, slapd will attempt to read the default config directory before trying to use the default config file. If a valid config directory exists then the default config file is ignored. All of the slap tools that use the config options observe this same behavior.</P>
+<PRE>
+        -h &lt;URLs&gt;
+</PRE>
+<P>This option specifies alternative listener configurations.  The default is <TT>ldap:///</TT> which implies <TERM>LDAP</TERM> over <TERM>TCP</TERM> on all interfaces on the default LDAP port 389.  You can specify specific host-port pairs or other protocol schemes (such as <TT>ldaps://</TT> or <TT>ldapi://</TT>).  For example, <TT>-h &quot;ldaps:// ldap://127.0.0.1:666&quot;</TT> will create two listeners: one for the (non-standard) <TT>ldaps://</TT> scheme on all interfaces on the default <TT>ldaps://</TT> port 636, and one for the standard <TT>ldap://</TT> scheme on the <TT>localhost</TT> (<EM>loopback</EM>) interface on port 666.  Hosts may be specified using using hostnames or <TERM>IPv4</TERM> or <TERM>IPv6</TERM> addresses.  Port values must be numeric.</P>
+<PRE>
+        -n &lt;service-name&gt;
+</PRE>
+<P>This option specifies the service name used for logging and other purposes. The default service name is <TT>slapd</TT>.</P>
+<PRE>
+        -l &lt;syslog-local-user&gt;
+</PRE>
+<P>This option specifies the local user for the <EM>syslog</EM>(8) facility.  Values can be <TT>LOCAL0</TT>, <TT>LOCAL1</TT>, <TT>LOCAL2</TT>, ..., and <TT>LOCAL7</TT>.  The default is <TT>LOCAL4</TT>.  This option may not be supported on all systems.</P>
+<PRE>
+        -u user -g group
+</PRE>
+<P>These options specify the user and group, respectively, to run as.  <TT>user</TT> can be either a user name or uid.  <TT>group</TT> can be either a group name or gid.</P>
+<PRE>
+        -r directory
+</PRE>
+<P>This option specifies a run-time directory.  slapd will <EM>chroot</EM>(2) to this directory after opening listeners but before reading any configuration files or initializing any backends.</P>
+<UL>
+</UL>
+<PRE>
+        -d &lt;level&gt; | ?
+</PRE>
+<P>This option sets the slapd debug level to &lt;level&gt;. When level is a `?' character, the various debugging levels are printed and slapd exits, regardless of any other options you give it. Current debugging levels are</P>
+<TABLE CLASS="columns" BORDER ALIGN='Center'>
+<CAPTION ALIGN=top>Table 7.1: Debugging Levels</CAPTION>
+<TR CLASS="heading">
+<TD ALIGN='Right'>
+<STRONG>Level</STRONG>
+</TD>
+<TD ALIGN='Left'>
+<STRONG>Keyword</STRONG>
+</TD>
+<TD>
+<STRONG>Description</STRONG>
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+-1
+</TD>
+<TD ALIGN='Left'>
+any
+</TD>
+<TD>
+enable all debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+0
+</TD>
+<TD ALIGN='Left'>
+&nbsp;
+</TD>
+<TD>
+no debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1
+</TD>
+<TD ALIGN='Left'>
+(0x1 trace)
+</TD>
+<TD>
+trace function calls
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2
+</TD>
+<TD ALIGN='Left'>
+(0x2 packets)
+</TD>
+<TD>
+debug packet handling
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+4
+</TD>
+<TD ALIGN='Left'>
+(0x4 args)
+</TD>
+<TD>
+heavy trace debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+8
+</TD>
+<TD ALIGN='Left'>
+(0x8 conns)
+</TD>
+<TD>
+connection management
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+16
+</TD>
+<TD ALIGN='Left'>
+(0x10 BER)
+</TD>
+<TD>
+print out packets sent and received
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+32
+</TD>
+<TD ALIGN='Left'>
+(0x20 filter)
+</TD>
+<TD>
+search filter processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+64
+</TD>
+<TD ALIGN='Left'>
+(0x40 config)
+</TD>
+<TD>
+configuration processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+128
+</TD>
+<TD ALIGN='Left'>
+(0x80 ACL)
+</TD>
+<TD>
+access control list processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+256
+</TD>
+<TD ALIGN='Left'>
+(0x100 stats)
+</TD>
+<TD>
+stats log connections/operations/results
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+512
+</TD>
+<TD ALIGN='Left'>
+(0x200 stats2)
+</TD>
+<TD>
+stats log entries sent
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+1024
+</TD>
+<TD ALIGN='Left'>
+(0x400 shell)
+</TD>
+<TD>
+print communication with shell backends
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+2048
+</TD>
+<TD ALIGN='Left'>
+(0x800 parse)
+</TD>
+<TD>
+print entry parsing debugging
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+16384
+</TD>
+<TD ALIGN='Left'>
+(0x4000 sync)
+</TD>
+<TD>
+syncrepl consumer processing
+</TD>
+</TR>
+<TR>
+<TD ALIGN='Right'>
+32768
+</TD>
+<TD ALIGN='Left'>
+(0x8000 none)
+</TD>
+<TD>
+only messages that get logged whatever log level is set
+</TD>
+</TR>
+</TABLE>
+
+<P>You may enable multiple levels by specifying the debug option once for each desired level.  Or, since debugging levels are additive, you can do the math yourself. That is, if you want to trace function calls and watch the config file being processed, you could set level to the sum of those two levels (in this case, <TT> -d 65</TT>).  Or, you can let slapd do the math, (e.g. <TT> -d 1 -d 64</TT>).  Consult <TT>&lt;ldap_log.h&gt;</TT> for more details.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>slapd must have been compiled with <TT>--enable-debug</TT> defined for any debugging information beyond the two stats levels to be available (the default).
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H2><A NAME="Starting slapd">7.2. Starting slapd</A></H2>
+<P>In general, slapd is run like this:</P>
+<PRE>
+        /usr/local/libexec/slapd [&lt;option&gt;]*
+</PRE>
+<P>where <TT>/usr/local/libexec</TT> is determined by <TT>configure</TT> and &lt;option&gt; is one of the options described above (or in <EM>slapd</EM>(8)). Unless you have specified a debugging level (including level <TT>0</TT>), slapd will automatically fork and detach itself from its controlling terminal and run in the background.</P>
+<H2><A NAME="Stopping slapd">7.3. Stopping slapd</A></H2>
+<P>To kill off <EM>slapd</EM>(8) safely, you should give a command like this</P>
+<PRE>
+        kill -INT `cat /usr/local/var/slapd.pid`
+</PRE>
+<P>where <TT>/usr/local/var</TT> is determined by <TT>configure</TT>.</P>
+<P>Killing slapd by a more drastic method may cause information loss or database corruption.</P>
+<P></P>
+<HR>
+<H1><A NAME="Access Control">8. Access Control</A></H1>
+<H2><A NAME="Introduction">8.1. Introduction</A></H2>
 <P>As the directory gets populated with more and more data of varying sensitivity, controlling the kinds of access granted to the directory becomes more and more critical. For instance, the directory may contain data of a confidential nature that you may need to protect by contract or by law. Or, if using the directory to control access to other services, inappropriate access to the directory may create avenues of attack to your sites security that result in devastating damage to your assets.</P>
 <P>Access to your directory can be configured via two methods, the first using <A HREF="#The slapd Configuration File">The slapd Configuration File</A> and the second using the <EM>slapd-config</EM>(5) format (<A HREF="#Configuring slapd">Configuring slapd</A>).</P>
 <P>The default access control policy is allow read by all clients. Regardless of what access control policy is defined, the <EM>rootdn</EM> is always allowed full rights (i.e. auth, search, compare, read and write) on everything and anything.</P>
 <P>As a consequence, it's useless (and results in a performance penalty) to explicitly list the <EM>rootdn</EM> among the <EM>&lt;by&gt;</EM> clauses.</P>
 <P>The following sections will describe Access Control Lists in more details and follow with some examples and recommendations.</P>
-<H2><A NAME="Access Control via Static Configuration">7.2. Access Control via Static Configuration</A></H2>
+<H2><A NAME="Access Control via Static Configuration">8.2. Access Control via Static Configuration</A></H2>
 <P>Access to entries and attributes is controlled by the access configuration file directive. The general form of an access line is:</P>
 <PRE>
     &lt;access directive&gt; ::= access to &lt;what&gt;
@@ -2598,7 +2972,7 @@
     &lt;control&gt; ::= [stop | continue | break]
 </PRE>
 <P>where the &lt;what&gt; part selects the entries and/or attributes to which the access applies, the <TT>&lt;who&gt;</TT> part specifies which entities are granted access, and the <TT>&lt;access&gt;</TT> part specifies the access granted. Multiple <TT>&lt;who&gt; &lt;access&gt; &lt;control&gt;</TT> triplets are supported, allowing many entities to be granted different access to the same set of entries and attributes. Not all of these access control options are described here; for more details see the <EM>slapd.access</EM>(5) man page.</P>
-<H3><A NAME="What to control access to">7.2.1. What to control access to</A></H3>
+<H3><A NAME="What to control access to">8.2.1. What to control access to</A></H3>
 <P>The &lt;what&gt; part of an access specification determines the entries and attributes to which the access control applies.  Entries are commonly selected in two ways: by DN and by filter.  The following qualifiers select entries by DN:</P>
 <PRE>
     to *
@@ -2647,7 +3021,7 @@
 </PRE>
 <P>There are two special <EM>pseudo</EM> attributes <TT>entry</TT> and <TT>children</TT>.  To read (and hence return) a target entry, the subject must have <TT>read</TT> access to the target's <EM>entry</EM> attribute.  To perform a search, the subject must have <TT>search</TT> access to the search base's <EM>entry</EM> attribute. To add or delete an entry, the subject must have <TT>write</TT> access to the entry's <TT>entry</TT> attribute AND must have <TT>write</TT> access to the entry's parent's <TT>children</TT> attribute.  To rename an entry, the subject must have <TT>write</TT> access to entry's <TT>entry</TT> attribute AND have <TT>write</TT> access to both the old parent's and new parent's <TT>children</TT> attributes.  The complete examples at the end of this section should help clear things up.</P>
 <P>Lastly, there is a special entry selector <TT>&quot;*&quot;</TT> that is used to select any entry.  It is used when no other <TT>&lt;what&gt;</TT> selector has been provided.  It's equivalent to &quot;<TT>dn=.*</TT>&quot;</P>
-<H3><A NAME="Who to grant access to">7.2.2. Who to grant access to</A></H3>
+<H3><A NAME="Who to grant access to">8.2.2. Who to grant access to</A></H3>
 <P>The &lt;who&gt; part identifies the entity or entities being granted access. Note that access is granted to &quot;entities&quot; not &quot;entries.&quot; The following table summarizes entity specifiers:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 6.3: Access Entity Specifiers</CAPTION>
@@ -2716,7 +3090,7 @@
 </PRE>
 <P>The dnattr specification is used to give access to an entry whose DN is listed in an attribute of the entry (e.g., give access to a group entry to whoever is listed as the owner of the group entry).</P>
 <P>Some factors may not be appropriate in all environments (or any). For example, the domain factor relies on IP to domain name lookups. As these can easily be spoofed, the domain factor should be avoided.</P>
-<H3><A NAME="The access to grant">7.2.3. The access to grant</A></H3>
+<H3><A NAME="The access to grant">8.2.3. The access to grant</A></H3>
 <P>The kind of &lt;access&gt; granted can be one of the following:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 6.4: Access Levels</CAPTION>
@@ -2822,12 +3196,13 @@
 </TABLE>
 
 <P>Each level implies all lower levels of access. So, for example, granting someone <TT>write</TT> access to an entry also grants them <TT>read</TT>, <TT>search</TT>, <TT>compare</TT>, <TT>auth</TT> and <TT>disclose</TT> access.  However, one may use the privileges specifier to grant specific permissions.</P>
-<H3><A NAME="Access Control Evaluation">7.2.4. Access Control Evaluation</A></H3>
-<P>When evaluating whether some requester should be given access to an entry and/or attribute, slapd compares the entry and/or attribute to the <TT>&lt;what&gt;</TT> selectors given in the configuration file. For each entry, access controls provided in the database which holds the entry (or the first database if not held in any database) apply first, followed by the global access directives.  Within this priority, access directives are examined in the order in which they appear in the config file.  Slapd stops with the first <TT>&lt;what&gt;</TT> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access.</P>
+<H3><A NAME="Access Control Evaluation">8.2.4. Access Control Evaluation</A></H3>
+<P>When evaluating whether some requester should be given access to an entry and/or attribute, slapd compares the entry and/or attribute to the <TT>&lt;what&gt;</TT> selectors given in the configuration file. For each entry, access controls provided in the database which holds the entry (or the global access directives if not held in any database) apply first, followed by the global access directives. However, when dealing with an access list, because the global access list is effectively appended to each per-database list, if the resulting list is non-empty then the access list will end with an implicit <TT>access to * by * none</TT> directive. If there are no access directives applicable to a backend, then a default read is used.</P>
+<P>Within this priority, access directives are examined in the order in which they appear in the config file.  Slapd stops with the first <TT>&lt;what&gt;</TT> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access.</P>
 <P>Next, slapd compares the entity requesting access to the <TT>&lt;who&gt;</TT> selectors within the access directive selected above in the order in which they appear. It stops with the first <TT>&lt;who&gt;</TT> selector that matches the requester. This determines the access the entity requesting access has to the entry and/or attribute.</P>
 <P>Finally, slapd compares the access granted in the selected <TT>&lt;access&gt;</TT> clause to the access requested by the client. If it allows greater or equal access, access is granted. Otherwise, access is denied.</P>
 <P>The order of evaluation of access directives makes their placement in the configuration file important. If one access directive is more specific than another in terms of the entries it selects, it should appear first in the config file. Similarly, if one <TT>&lt;who&gt;</TT> selector is more specific than another it should come first in the access directive. The access control examples given below should help make this clear.</P>
-<H3><A NAME="Access Control Examples">7.2.5. Access Control Examples</A></H3>
+<H3><A NAME="Access Control Examples">8.2.5. Access Control Examples</A></H3>
 <P>The access control facility described above is quite powerful.  This section shows some examples of its use for descriptive purposes.</P>
 <P>A simple example:</P>
 <PRE>
@@ -2857,7 +3232,7 @@
          by * read
 </PRE>
 <P>Read access is granted to entries under the <TT>dc=com</TT> subtree, except for those entries under the <TT>dc=example,dc=com</TT> subtree, to which search access is granted.  No access is granted to <TT>dc=com</TT> as neither access directive matches this DN.  If the order of these access directives was reversed, the trailing directive would never be reached, since all entries under <TT>dc=example,dc=com</TT> are also under <TT>dc=com</TT> entries.</P>
-<P>Also note that if no <TT>access to</TT> directive matches or no <TT>by &lt;who&gt;</TT> clause, <B>access is denied</B>.  That is, every <TT>access to</TT> directive ends with an implicit <TT>by * none</TT> clause and every access list ends with an implicit <TT>access to * by * none</TT> directive.</P>
+<P>Also note that if no <TT>access to</TT> directive matches or no <TT>by &lt;who&gt;</TT> clause, <B>access is denied</B>.  That is, every <TT>access to</TT> directive ends with an implicit <TT>by * none</TT> clause. When dealing with an access list, because the global access list is effectively appended to each per-database list, if the resulting list is non-empty then the access list will end with an implicit <TT>access to * by * none</TT> directive. If there are no access directives applicable to a backend, then a default read is used.</P>
 <P>The next example again shows the importance of ordering, both of the access directives and the <TT>by &lt;who&gt;</TT> clauses.  It also shows the use of an attribute selector to grant access to a specific attribute and various <TT>&lt;who&gt;</TT> selectors.</P>
 <PRE>
     access to dn.subtree=&quot;dc=example,dc=com&quot; attrs=homePhone
@@ -2876,7 +3251,7 @@
          by dnattr=member selfwrite
 </PRE>
 <P>The dnattr <TT>&lt;who&gt;</TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
-<H3><A NAME="Configuration File Example">7.2.6. Configuration File Example</A></H3>
+<H3><A NAME="Configuration File Example">8.2.6. Configuration File Example</A></H3>
 <P>The following is an example configuration file, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
 <PRE>
   1.    # example config file - global configuration section
@@ -2912,7 +3287,7 @@
 <P>Line 5 is a comment. The start of the database definition is marked by the database keyword on line 6. Line 7 specifies the DN suffix for queries to pass to this database. Line 8 specifies the directory in which the database files will live.</P>
 <P>Lines 9 and 10 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
 <P>Lines 12 through 14 indicate the indices to maintain for various attributes.</P>
-<P>Lines 16 through 24 specify access control for entries in this database.  As this is the first database, the controls also apply to entries not held in any database (such as the Root DSE).  For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the &quot;admin&quot; entry.  It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the &quot;admin&quot; entry, but may be read by all users (authenticated or not).</P>
+<P>Lines 16 through 24 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the &quot;admin&quot; entry.  It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the &quot;admin&quot; entry, but may be read by all users (authenticated or not).</P>
 <P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database.  Note that without line 39, the read access would be allowed due to the global access rule at line 4.</P>
 <PRE>
  33.    # BDB definition for example.net
@@ -2923,7 +3298,7 @@
  38.    index objectClass eq
  39.    access to * by users read
 </PRE>
-<H2><A NAME="Access Control via Dynamic Configuration">7.3. Access Control via Dynamic Configuration</A></H2>
+<H2><A NAME="Access Control via Dynamic Configuration">8.3. Access Control via Dynamic Configuration</A></H2>
 <P>Access to slapd entries and attributes is controlled by the olcAccess attribute, whose values are a sequence of access directives. The general form of the olcAccess configuration is:</P>
 <PRE>
     olcAccess: &lt;access directive&gt;
@@ -2952,7 +3327,7 @@
     &lt;control&gt; ::= [stop | continue | break]
 </PRE>
 <P>where the &lt;what&gt; part selects the entries and/or attributes to which the access applies, the <TT>&lt;who&gt;</TT> part specifies which entities are granted access, and the <TT>&lt;access&gt;</TT> part specifies the access granted. Multiple <TT>&lt;who&gt; &lt;access&gt; &lt;control&gt;</TT> triplets are supported, allowing many entities to be granted different access to the same set of entries and attributes. Not all of these access control options are described here; for more details see the <EM>slapd.access</EM>(5) man page.</P>
-<H3><A NAME="What to control access to">7.3.1. What to control access to</A></H3>
+<H3><A NAME="What to control access to">8.3.1. What to control access to</A></H3>
 <P>The &lt;what&gt; part of an access specification determines the entries and attributes to which the access control applies.  Entries are commonly selected in two ways: by DN and by filter.  The following qualifiers select entries by DN:</P>
 <PRE>
     to *
@@ -3001,7 +3376,7 @@
 </PRE>
 <P>There are two special <EM>pseudo</EM> attributes <TT>entry</TT> and <TT>children</TT>.  To read (and hence return) a target entry, the subject must have <TT>read</TT> access to the target's <EM>entry</EM> attribute.  To perform a search, the subject must have <TT>search</TT> access to the search base's <EM>entry</EM> attribute. To add or delete an entry, the subject must have <TT>write</TT> access to the entry's <TT>entry</TT> attribute AND must have <TT>write</TT> access to the entry's parent's <TT>children</TT> attribute.  To rename an entry, the subject must have <TT>write</TT> access to entry's <TT>entry</TT> attribute AND have <TT>write</TT> access to both the old parent's and new parent's <TT>children</TT> attributes.  The complete examples at the end of this section should help clear things up.</P>
 <P>Lastly, there is a special entry selector <TT>&quot;*&quot;</TT> that is used to select any entry.  It is used when no other <TT>&lt;what&gt;</TT> selector has been provided.  It's equivalent to &quot;<TT>dn=.*</TT>&quot;</P>
-<H3><A NAME="Who to grant access to">7.3.2. Who to grant access to</A></H3>
+<H3><A NAME="Who to grant access to">8.3.2. Who to grant access to</A></H3>
 <P>The &lt;who&gt; part identifies the entity or entities being granted access. Note that access is granted to &quot;entities&quot; not &quot;entries.&quot; The following table summarizes entity specifiers:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 5.3: Access Entity Specifiers</CAPTION>
@@ -3070,7 +3445,7 @@
 </PRE>
 <P>The dnattr specification is used to give access to an entry whose DN is listed in an attribute of the entry (e.g., give access to a group entry to whoever is listed as the owner of the group entry).</P>
 <P>Some factors may not be appropriate in all environments (or any). For example, the domain factor relies on IP to domain name lookups. As these can easily be spoofed, the domain factor should be avoided.</P>
-<H3><A NAME="The access to grant">7.3.3. The access to grant</A></H3>
+<H3><A NAME="The access to grant">8.3.3. The access to grant</A></H3>
 <P>The kind of &lt;access&gt; granted can be one of the following:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 5.4: Access Levels</CAPTION>
@@ -3176,12 +3551,13 @@
 </TABLE>
 
 <P>Each level implies all lower levels of access. So, for example, granting someone <TT>write</TT> access to an entry also grants them <TT>read</TT>, <TT>search</TT>, <TT>compare</TT>, <TT>auth</TT> and <TT>disclose</TT> access.  However, one may use the privileges specifier to grant specific permissions.</P>
-<H3><A NAME="Access Control Evaluation">7.3.4. Access Control Evaluation</A></H3>
-<P>When evaluating whether some requester should be given access to an entry and/or attribute, slapd compares the entry and/or attribute to the <TT>&lt;what&gt;</TT> selectors given in the configuration.  For each entry, access controls provided in the database which holds the entry (or the first database if not held in any database) apply first, followed by the global access directives (which are held in the <TT>frontend</TT> database definition).  Within this priority, access directives are examined in the order in which they appear in the configuration attribute.  Slapd stops with the first <TT>&lt;what&gt;</TT> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access.</P>
+<H3><A NAME="Access Control Evaluation">8.3.4. Access Control Evaluation</A></H3>
+<P>When evaluating whether some requester should be given access to an entry and/or attribute, slapd compares the entry and/or attribute to the <TT>&lt;what&gt;</TT> selectors given in the configuration.  For each entry, access controls provided in the database which holds the entry (or the global access directives if not held in any database) apply first, followed by the global access directives (which are held in the <TT>frontend</TT> database definition). However, when dealing with an access list, because the global access list is effectively appended to each per-database list, if the resulting list is non-empty then the access list will end with an implicit <TT>access to * by * none</TT> directive. If there are no access directives applicable to a backend, then a default read is used.</P>
+<P>Within this priority, access directives are examined in the order in which they appear in the configuration attribute.  Slapd stops with the first <TT>&lt;what&gt;</TT> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access.</P>
 <P>Next, slapd compares the entity requesting access to the <TT>&lt;who&gt;</TT> selectors within the access directive selected above in the order in which they appear. It stops with the first <TT>&lt;who&gt;</TT> selector that matches the requester. This determines the access the entity requesting access has to the entry and/or attribute.</P>
 <P>Finally, slapd compares the access granted in the selected <TT>&lt;access&gt;</TT> clause to the access requested by the client. If it allows greater or equal access, access is granted. Otherwise, access is denied.</P>
 <P>The order of evaluation of access directives makes their placement in the configuration file important. If one access directive is more specific than another in terms of the entries it selects, it should appear first in the configuration. Similarly, if one <TT>&lt;who&gt;</TT> selector is more specific than another it should come first in the access directive. The access control examples given below should help make this clear.</P>
-<H3><A NAME="Access Control Examples">7.3.5. Access Control Examples</A></H3>
+<H3><A NAME="Access Control Examples">8.3.5. Access Control Examples</A></H3>
 <P>The access control facility described above is quite powerful.  This section shows some examples of its use for descriptive purposes.</P>
 <P>A simple example:</P>
 <PRE>
@@ -3211,7 +3587,7 @@
          by * read
 </PRE>
 <P>Read access is granted to entries under the <TT>dc=com</TT> subtree, except for those entries under the <TT>dc=example,dc=com</TT> subtree, to which search access is granted.  No access is granted to <TT>dc=com</TT> as neither access directive matches this DN.  If the order of these access directives was reversed, the trailing directive would never be reached, since all entries under <TT>dc=example,dc=com</TT> are also under <TT>dc=com</TT> entries.</P>
-<P>Also note that if no <TT>olcAccess: to</TT> directive matches or no <TT>by &lt;who&gt;</TT> clause, <B>access is denied</B>.  That is, every <TT>olcAccess: to</TT> directive ends with an implicit <TT>by * none</TT> clause and every access list ends with an implicit <TT>olcAccess: to * by * none</TT> directive.</P>
+<P>Also note that if no <TT>olcAccess: to</TT> directive matches or no <TT>by &lt;who&gt;</TT> clause, <B>access is denied</B>.  When dealing with an access list, because the global access list is effectively appended to each per-database list, if the resulting list is non-empty then the access list will end with an implicit <TT>access to * by * none</TT> directive. If there are no access directives applicable to a backend, then a default read is used.</P>
 <P>The next example again shows the importance of ordering, both of the access directives and the <TT>by &lt;who&gt;</TT> clauses.  It also shows the use of an attribute selector to grant access to a specific attribute and various <TT>&lt;who&gt;</TT> selectors.</P>
 <PRE>
     olcAccess: to dn.subtree=&quot;dc=example,dc=com&quot; attrs=homePhone
@@ -3230,7 +3606,7 @@
          by dnattr=member selfwrite
 </PRE>
 <P>The dnattr <TT>&lt;who&gt;</TT> selector says that the access applies to entries listed in the <TT>member</TT> attribute. The <TT>selfwrite</TT> access selector says that such members can only add or delete their own DN from the attribute, not other values. The addition of the entry attribute is required because access to the entry is required to access any of the entry's attributes.</P>
-<H3><A NAME="Access Control Ordering">7.3.6. Access Control Ordering</A></H3>
+<H3><A NAME="Access Control Ordering">8.3.6. Access Control Ordering</A></H3>
 <P>Since the ordering of <TT>olcAccess</TT> directives is essential to their proper evaluation, but LDAP attributes normally do not preserve the ordering of their values, OpenLDAP uses a custom schema extension to maintain a fixed ordering of these values. This ordering is maintained by prepending a <TT>&quot;{X}&quot;</TT> numeric index to each value, similarly to the approach used for ordering the configuration entries. These index tags are maintained automatically by slapd and do not need to be specified when originally defining the values. For example, when you create the settings</P>
 <PRE>
     olcAccess: to attrs=member,entry
@@ -3280,7 +3656,7 @@
          by * read
 </PRE>
 <P>which is exactly what was intended.</P>
-<H3><A NAME="Configuration Example">7.3.7. Configuration Example</A></H3>
+<H3><A NAME="Configuration Example">8.3.7. Configuration Example</A></H3>
 <P>The following is an example configuration, interspersed with explanatory text. It defines two databases to handle different parts of the <TERM>X.500</TERM> tree; both are <TERM>BDB</TERM> database instances. The line numbers shown are provided for reference only and are not included in the actual file. First, the global configuration section:</P>
 <PRE>
   1.    # example config file - global configuration entry
@@ -3343,7 +3719,7 @@
 <P>Line 21 is a comment. Lines 22-25 identify this entry as a BDB database configuration entry.  Line 26 specifies the DN suffix for queries to pass to this database. Line 27 specifies the directory in which the database files will live.</P>
 <P>Lines 28 and 29 identify the database <EM>super-user</EM> entry and associated password. This entry is not subject to access control or size or time limit restrictions.</P>
 <P>Lines 30 through 32 indicate the indices to maintain for various attributes.</P>
-<P>Lines 33 through 41 specify access control for entries in this database.  As this is the first database, the controls also apply to entries not held in any database (such as the Root DSE).  For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the &quot;admin&quot; entry.  It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the &quot;admin&quot; entry, but may be read by all users (authenticated or not).</P>
+<P>Lines 33 through 41 specify access control for entries in this database. For all applicable entries, the <TT>userPassword</TT> attribute is writable by the entry itself and by the &quot;admin&quot; entry.  It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the &quot;admin&quot; entry, but may be read by all users (authenticated or not).</P>
 <P>Line 42 is a blank line, indicating the end of this entry.</P>
 <P>The next section of the example configuration file defines another BDB database. This one handles queries involving the <TT>dc=example,dc=net</TT> subtree but is managed by the same entity as the first database.  Note that without line 52, the read access would be allowed due to the global access rule at line 19.</P>
 <PRE>
@@ -3358,10 +3734,10 @@
  51.    olcDbIndex: objectClass eq
  52.    olcAccess: to * by users read
 </PRE>
-<H3><A NAME="Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">7.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></H3>
+<H3><A NAME="Converting from {{slapd.conf}}(5) to a {{B:cn=config}} directory format">8.3.8. Converting from <EM>slapd.conf</EM>(5) to a <B>cn=config</B> directory format</A></H3>
 <P>Discuss slap* -f slapd.conf -F slapd.d/  (man slapd-config)</P>
-<H2><A NAME="Access Control Common Examples">7.4. Access Control Common Examples</A></H2>
-<H3><A NAME="Basic ACLs">7.4.1. Basic ACLs</A></H3>
+<H2><A NAME="Access Control Common Examples">8.4. Access Control Common Examples</A></H2>
+<H3><A NAME="Basic ACLs">8.4.1. Basic ACLs</A></H3>
 <P>Generally one should start with some basic ACLs such as:</P>
 <PRE>
     access to attr=userPassword
@@ -3377,7 +3753,7 @@
 </PRE>
 <P>The first ACL allows users to update (but not read) their passwords, anonymous users to authenticate against this attribute, and (implicitly) denying all access to others.</P>
 <P>The second ACL allows users full access to their entry, authenticated users read access to anything, and (implicitly) denying all access to others (in this case, anonymous users).</P>
-<H3><A NAME="Matching Anonymous and Authenticated users">7.4.2. Matching Anonymous and Authenticated users</A></H3>
+<H3><A NAME="Matching Anonymous and Authenticated users">8.4.2. Matching Anonymous and Authenticated users</A></H3>
 <P>An anonymous user has a empty DN. While the <EM>dn.exact=&quot;&quot;</EM> or <EM>dn.regex=&quot;^$&quot;</EM> could be used, <EM>slapd</EM>(8)) offers an anonymous shorthand which should be used instead.</P>
 <PRE>
     access to *
@@ -3392,7 +3768,7 @@
       by * none
 </PRE>
 <P>This ACL grants read permissions to authenticated users while denying others (i.e.: anonymous users).</P>
-<H3><A NAME="Controlling rootdn access">7.4.3. Controlling rootdn access</A></H3>
+<H3><A NAME="Controlling rootdn access">8.4.3. Controlling rootdn access</A></H3>
 <P>You could specify the <EM>rootdn</EM> in <EM>slapd.conf</EM>(5) or {[slapd.d}} without specifying a <EM>rootpw</EM>. Then you have to add an actual directory entry with the same dn, e.g.:</P>
 <PRE>
     dn: cn=Manager,o=MyOrganization
@@ -3411,7 +3787,7 @@
       by * none
 </PRE>
 <P>The ACLs above will only allow binding using rootdn from localhost and 192.168.0.0/24.</P>
-<H3><A NAME="Managing access with Groups">7.4.4. Managing access with Groups</A></H3>
+<H3><A NAME="Managing access with Groups">8.4.4. Managing access with Groups</A></H3>
 <P>There are a few ways to do this. One approach is illustrated here. Consider the following DIT layout:</P>
 <PRE>
     +-dc=example,dc=com
@@ -3462,7 +3838,7 @@
 <STRONG>Note: </STRONG>the specified member attribute type MUST be of DN or <EM>NameAndOptionalUID</EM> syntax, and the specified object class SHOULD allow the attribute type.
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P>Dynamic Groups are also supported in Access Control. Please see <EM>slapo-dynlist</EM>(5) and the <A HREF="#Dynamic Lists">Dynamic Lists</A> overlay section.</P>
-<H3><A NAME="Granting access to a subset of attributes">7.4.5. Granting access to a subset of attributes</A></H3>
+<H3><A NAME="Granting access to a subset of attributes">8.4.5. Granting access to a subset of attributes</A></H3>
 <P>You can grant access to a set of attributes by specifying a list of attribute names in the ACL <EM>to</EM> clause. To be useful, you also need to grant access to the <EM>entry</EM> itself. Also note how <EM>children</EM> controls the ability to add, delete, and rename entries.</P>
 <PRE>
     # mail: self may write, authenticated users may read
@@ -3491,7 +3867,7 @@
       by * none
 </PRE>
 <P>ObjectClass names may also be specified in this list, which will affect all the attributes that are required and/or allowed by that <EM>objectClass</EM>. Actually, names in <EM>attrlist</EM> that are prefixed by <EM>@</EM> are directly treated as objectClass names. A name prefixed by <EM>!</EM> is also treated as an objectClass, but in this case the access rule affects the attributes that are not required nor allowed by that <EM>objectClass</EM>.</P>
-<H3><A NAME="Allowing a user write to all entries below theirs">7.4.6. Allowing a user write to all entries below theirs</A></H3>
+<H3><A NAME="Allowing a user write to all entries below theirs">8.4.6. Allowing a user write to all entries below theirs</A></H3>
 <P>For a setup where a user can write to its own record and to all of its children:</P>
 <PRE>
     access to dn.regex=&quot;(.+,)?(uid=[^,]+,o=Company)$&quot;
@@ -3499,7 +3875,7 @@
        by anonymous auth
 </PRE>
 <P>(Add more examples for above)</P>
-<H3><A NAME="Allowing entry creation">7.4.7. Allowing entry creation</A></H3>
+<H3><A NAME="Allowing entry creation">8.4.7. Allowing entry creation</A></H3>
 <P>Let's say, you have it like this:</P>
 <PRE>
         o=&lt;basedn&gt;
@@ -3561,7 +3937,7 @@
     # submatches from the &quot;what&quot; clause, so a &quot;regex&quot; compilation and evaluation
     # is no longer required.
 </PRE>
-<H3><A NAME="Tips for using regular expressions in Access Control">7.4.8. Tips for using regular expressions in Access Control</A></H3>
+<H3><A NAME="Tips for using regular expressions in Access Control">8.4.8. Tips for using regular expressions in Access Control</A></H3>
 <P>Always use <EM>dn.regex=&lt;pattern&gt;</EM> when you intend to use regular expression matching. <EM>dn=&lt;pattern&gt;</EM> alone defaults to <EM>dn.exact&lt;pattern&gt;</EM>.</P>
 <P>Use <EM>(.+)</EM> instead of <EM>(.*)</EM> when you want at least one char to be matched. <EM>(.*)</EM> matches the empty string as well.</P>
 <P>Don't use regular expressions for matches that can be done otherwise in a safer and cheaper manner. Examples:</P>
@@ -3601,7 +3977,7 @@
       by dn.onelevel,expand=&quot;ou=Admin,$1&quot; write
 </PRE>
 <P>where the regex in the <EM>&lt;what&gt;</EM> clause is more compact, and the one in the <EM>&lt;by&gt;</EM> clause is replaced by a much more efficient scoping style of onelevel with substring expansion.</P>
-<H3><A NAME="Granting and Denying access based on security strength factors (ssf)">7.4.9. Granting and Denying access based on security strength factors (ssf)</A></H3>
+<H3><A NAME="Granting and Denying access based on security strength factors (ssf)">8.4.9. Granting and Denying access based on security strength factors (ssf)</A></H3>
 <P>You can restrict access based on the security strength factor (SSF)</P>
 <PRE>
     access to dn=&quot;cn=example,cn=edu&quot;
@@ -3616,7 +3992,7 @@
 </PRE>
 <P>256 is recommended.</P>
 <P>See <EM>slapd.conf</EM>(5) for information on <EM>ssf</EM>.</P>
-<H3><A NAME="When things aren\'t working as expected">7.4.10. When things aren't working as expected</A></H3>
+<H3><A NAME="When things aren\'t working as expected">8.4.10. When things aren't working as expected</A></H3>
 <P>Consider this example:</P>
 <PRE>
     access to *
@@ -3638,13 +4014,13 @@
 </PRE>
 <P>The general rule is: &quot;special access rules first, generic access rules last&quot;</P>
 <P>See also <EM>slapd.access</EM>(8), loglevel 128 and <EM>slapacl</EM>(8) for debugging information.</P>
-<H2><A NAME="Sets - Granting rights based on relationships">7.5. Sets - Granting rights based on relationships</A></H2>
+<H2><A NAME="Sets - Granting rights based on relationships">8.5. Sets - Granting rights based on relationships</A></H2>
 <P>Sets are best illustrated via examples. The following sections will present a few set ACL examples in order to facilitate their understanding.</P>
 <P>(Sets in Access Controls FAQ Entry: <A HREF="http://www.openldap.org/faq/data/cache/1133.html">http://www.openldap.org/faq/data/cache/1133.html</A>)</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>Sets are considered experimental.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="Groups of Groups">7.5.1. Groups of Groups</A></H3>
+<H3><A NAME="Groups of Groups">8.5.1. Groups of Groups</A></H3>
 <P>The OpenLDAP ACL for groups doesn't expand groups within groups, which are groups that have another group as a member. For example:</P>
 <PRE>
  dn: cn=sudoadm,ou=group,dc=example,dc=com
@@ -3679,7 +4055,7 @@
  {&quot;uid=john,ou=people,dc=example,dc=com&quot;,&quot;uid=mary,ou=people,dc=example,dc=com&quot;} &amp; user
 </PRE>
 <P>If the authenticated user's DN is any one of those two, write access is granted. So this set will include <TT>mary</TT> in the <TT>sudoadm</TT> group and she will be allowed the write access.</P>
-<H3><A NAME="Group ACLs without DN syntax">7.5.2. Group ACLs without DN syntax</A></H3>
+<H3><A NAME="Group ACLs without DN syntax">8.5.2. Group ACLs without DN syntax</A></H3>
 <P>The traditional group ACLs, and even the previous example about recursive groups, require that the members are specified as DNs instead of just usernames.</P>
 <P>With sets, however, it's also possible to use simple names in group ACLs, as this example will show.</P>
 <P>Let's say we want to allow members of the <TT>sudoadm</TT> group to write to the <TT>ou=suders</TT> branch of our tree. But our group definition now is using <TT>memberUid</TT> for the group members:</P>
@@ -3701,7 +4077,7 @@
 <P><CENTER><IMG SRC="set-memberUid.png" ALIGN="center"></CENTER></P>
 <P ALIGN="Center">Figure X.Y: Sets with <TT>memberUid</TT></P>
 <P>In this case, it's a match. If it were <TT>mary</TT> authenticating, however, she would be denied write access to <TT>ou=sudoers</TT> because her <TT>uid</TT> attribute is not listed in the group's <TT>memberUid</TT>.</P>
-<H3><A NAME="Following references">7.5.3. Following references</A></H3>
+<H3><A NAME="Following references">8.5.3. Following references</A></H3>
 <P>We will now show a quite powerful example of what can be done with sets. This example tends to make OpenLDAP administrators smile after they have understood it and its implications.</P>
 <P>Let's start with an user entry:</P>
 <PRE>
@@ -3757,192 +4133,189 @@
 <P>It's almost the same ACL as before, but we now also require that the connecting user be a member of the (possibly nested) <TT>cn=executive</TT> group.</P>
 <P></P>
 <HR>
-<H1><A NAME="Running slapd">8. Running slapd</A></H1>
-<P><EM>slapd</EM>(8) is designed to be run as a standalone service.  This allows the server to take advantage of caching, manage concurrency issues with underlying databases, and conserve system resources. Running from <EM>inetd</EM>(8) is <EM>NOT</EM> an option.</P>
-<H2><A NAME="Command-Line Options">8.1. Command-Line Options</A></H2>
-<P><EM>slapd</EM>(8) supports a number of command-line options as detailed in the manual page.  This section details a few commonly used options.</P>
+<H1><A NAME="Limits">9. Limits</A></H1>
+<H2><A NAME="Introduction">9.1. Introduction</A></H2>
+<P>It is usually desirable to limit the server resources that can be consumed by each LDAP client. OpenLDAP provides two sets of limits: a size limit, which can restrict the <EM>number</EM> of entries that a client can retrieve in a single operation, and a time limit which restricts the length of time that an operation may continue. Both types of limit can be given different values depending on who initiated the operation.</P>
+<H2><A NAME="Soft and Hard limits">9.2. Soft and Hard limits</A></H2>
+<P>The server administrator can specify both <EM>soft limits</EM> and <EM>hard limits</EM>. Soft limits can be thought of as being the default limit value. Hard limits cannot be exceeded by ordinary LDAP users.</P>
+<P>LDAP clients can specify their own size and time limits when issuing search operations. This feature has been present since the earliest version of X.500.</P>
+<P>If the client specifies a limit then the lower of the requested value and the <EM>hard limit</EM> will become the limit for the operation.</P>
+<P>If the client does not specify a limit then the server applies the <EM>soft limit</EM>.</P>
+<P>Soft and Hard limits are often referred to together as <EM>administrative limits</EM>. Thus, if an LDAP client requests a search that would return more results than the limits allow it will get an <EM>adminLimitExceeded</EM> error. Note that the server will usually return some results even if the limit has been exceeded: this feature is useful to clients that just want to check for the existence of some entries without needing to see them all.</P>
+<P>The <EM>rootdn</EM> is not subject to any limits.</P>
+<H2><A NAME="Global Limits">9.3. Global Limits</A></H2>
+<P>Limits specified in the global part of the server configuration act as defaults which are used if no database has more specific limits set.</P>
+<P>In a <EM>slapd.conf</EM>(5) configuration the keywords are <TT>sizelimit</TT> and <TT>timelimit</TT>. When using the <EM>slapd config</EM> backend, the corresponding attributes are <TT>olcSizeLimit</TT> and <TT>olcTimeLimit</TT>. The syntax of these values are the same in both cases.</P>
+<P>The simple form sets both soft and hard limits to the same value:</P>
 <PRE>
-        -f &lt;filename&gt;
+   sizelimit {&lt;integer&gt;|unlimited}
+   timelimit {&lt;integer&gt;|unlimited}
 </PRE>
-<P>This option specifies an alternate configuration file for slapd. The default is normally <TT>/usr/local/etc/openldap/slapd.conf</TT>.</P>
+<P>The default sizelimit is 500 entries and the default timelimit is 3600 seconds.</P>
+<P>An extended form allows soft and hard limits to be set separately:</P>
 <PRE>
-        -F &lt;slapd-config-directory&gt;
+   sizelimit size[.{soft|hard|unchecked}]=&lt;integer&gt; [...]
+   timelimit time[.{soft|hard}]=&lt;integer&gt; [...]
 </PRE>
-<P>Specifies the slapd configuration directory. The default is <TT>/usr/local/etc/openldap/slapd.d</TT></P>
-<P>If both <TT>-f</TT> and <TT>-F</TT> are specified, the config file will be read and converted to config directory format and written to the specified directory. If neither option is specified, slapd will attempt to read the default config directory before trying to use the default config file. If a valid config directory exists then the default config file is ignored. All of the slap tools that use the config options observe this same behavior.</P>
+<P>Thus, to set a soft sizelimit of 10 entries and a hard limit of 75 entries:</P>
 <PRE>
-        -h &lt;URLs&gt;
+  sizelimit size.soft=10 size.hard=75
 </PRE>
-<P>This option specifies alternative listener configurations.  The default is <TT>ldap:///</TT> which implies <TERM>LDAP</TERM> over <TERM>TCP</TERM> on all interfaces on the default LDAP port 389.  You can specify specific host-port pairs or other protocol schemes (such as <TT>ldaps://</TT> or <TT>ldapi://</TT>).  For example, <TT>-h &quot;ldaps:// ldap://127.0.0.1:666&quot;</TT> will create two listeners: one for the (non-standard) <TT>ldaps://</TT> scheme on all interfaces on the default <TT>ldaps://</TT> port 636, and one for the standard <TT>ldap://</TT> scheme on the <TT>localhost</TT> (<EM>loopback</EM>) interface on port 666.  Hosts may be specified using using hostnames or <TERM>IPv4</TERM> or <TERM>IPv6</TERM> addresses.  Port values must be numeric.</P>
+<P>The <EM>unchecked</EM> keyword sets a limit on how many entries the server will examine once it has created an initial set of candidate results by using indices. This can be very important in a large directory, as a search that cannot be satisfied from an index might cause the server to examine millions of entries, therefore always make sure the correct indexes are configured.</P>
+<H2><A NAME="Per-Database Limits">9.4. Per-Database Limits</A></H2>
+<P>Each database can have its own set of limits that override the global ones. The syntax is more flexible, and it allows different limits to be applied to different entities. Note that an <EM>entity</EM> is different from an <EM>entry</EM>: the term <EM>entity</EM> is used here to indicate the ID of the person or process that has initiated the LDAP operation.</P>
+<P>In a <EM>slapd.conf</EM>(5) configuration the keyword is <TT>limits</TT>. When using the <EM>slapd config</EM> backend, the corresponding attribute is <TT>olcLimits</TT>. The syntax of the values is the same in both cases.</P>
 <PRE>
-        -n &lt;service-name&gt;
+   limits &lt;who&gt; &lt;limit&gt; [&lt;limit&gt; [...]]
 </PRE>
-<P>This option specifies the service name used for logging and other purposes. The default service name is <TT>slapd</TT>.</P>
-<PRE>
-        -l &lt;syslog-local-user&gt;
-</PRE>
-<P>This option specifies the local user for the <EM>syslog</EM>(8) facility.  Values can be <TT>LOCAL0</TT>, <TT>LOCAL1</TT>, <TT>LOCAL2</TT>, ..., and <TT>LOCAL7</TT>.  The default is <TT>LOCAL4</TT>.  This option may not be supported on all systems.</P>
-<PRE>
-        -u user -g group
-</PRE>
-<P>These options specify the user and group, respectively, to run as.  <TT>user</TT> can be either a user name or uid.  <TT>group</TT> can be either a group name or gid.</P>
-<PRE>
-        -r directory
-</PRE>
-<P>This option specifies a run-time directory.  slapd will <EM>chroot</EM>(2) to this directory after opening listeners but before reading any configuration files or initializing any backends.</P>
-<UL>
-</UL>
-<PRE>
-        -d &lt;level&gt; | ?
-</PRE>
-<P>This option sets the slapd debug level to &lt;level&gt;. When level is a `?' character, the various debugging levels are printed and slapd exits, regardless of any other options you give it. Current debugging levels are</P>
+<P>The <EM>limits</EM> clause can be specified multiple times to apply different limits to different initiators. The server examines each clause in turn until it finds one that matches the ID that requested the operation. If no match is found, the global limits will be used.</P>
+<H3><A NAME="Specify who the limits apply to">9.4.1. Specify who the limits apply to</A></H3>
+<P>The <TT>&lt;who&gt;</TT> part of the <EM>limits</EM> clause can take any of these values:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
-<CAPTION ALIGN=top>Table 7.1: Debugging Levels</CAPTION>
+<CAPTION ALIGN=top>Table ZZZ.ZZZ: Entity Specifiers</CAPTION>
 <TR CLASS="heading">
-<TD ALIGN='Right'>
-<STRONG>Level</STRONG>
+<TD>
+<STRONG>Specifier</STRONG>
 </TD>
-<TD ALIGN='Left'>
-<STRONG>Description</STRONG>
+<TD>
+<STRONG>Entities</STRONG>
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
--1
+<TD>
+<TT>*</TT>
 </TD>
-<TD ALIGN='Left'>
-enable all debugging
+<TD>
+All, including anonymous and authenticated users
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
-0
+<TD>
+<TT>anonymous</TT>
 </TD>
-<TD ALIGN='Left'>
-no debugging
+<TD>
+Anonymous (non-authenticated) users
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
-1
+<TD>
+<TT>users</TT>
 </TD>
-<TD ALIGN='Left'>
-trace function calls
+<TD>
+Authenticated users
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
-2
+<TD>
+<TT>self</TT>
 </TD>
-<TD ALIGN='Left'>
-debug packet handling
+<TD>
+User associated with target entry
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
-4
+<TD>
+<TT>dn[.&lt;basic-style&gt;]=&lt;regex&gt;</TT>
 </TD>
-<TD ALIGN='Left'>
-heavy trace debugging
+<TD>
+Users matching a regular expression
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
-8
+<TD>
+<TT>dn.&lt;scope-style&gt;=&lt;DN&gt;</TT>
 </TD>
-<TD ALIGN='Left'>
-connection management
+<TD>
+Users within scope of a DN
 </TD>
 </TR>
 <TR>
-<TD ALIGN='Right'>
-16
+<TD>
+<TT>group[/oc[/at]]=&lt;pattern&gt;</TT>
 </TD>
-<TD ALIGN='Left'>
-print out packets sent and received
+<TD>
+Members of a group
 </TD>
 </TR>
-<TR>
-<TD ALIGN='Right'>
-32
-</TD>
-<TD ALIGN='Left'>
-search filter processing
-</TD>
-</TR>
-<TR>
-<TD ALIGN='Right'>
-64
-</TD>
-<TD ALIGN='Left'>
-configuration file processing
-</TD>
-</TR>
-<TR>
-<TD ALIGN='Right'>
-128
-</TD>
-<TD ALIGN='Left'>
-access control list processing
-</TD>
-</TR>
-<TR>
-<TD ALIGN='Right'>
-256
-</TD>
-<TD ALIGN='Left'>
-stats log connections/operations/results
-</TD>
-</TR>
-<TR>
-<TD ALIGN='Right'>
-512
-</TD>
-<TD ALIGN='Left'>
-stats log entries sent
-</TD>
-</TR>
-<TR>
-<TD ALIGN='Right'>
-1024
-</TD>
-<TD ALIGN='Left'>
-print communication with shell backends
-</TD>
-</TR>
-<TR>
-<TD ALIGN='Right'>
-2048
-</TD>
-<TD ALIGN='Left'>
-print entry parsing debugging
-</TD>
-</TR>
 </TABLE>
 
-<P>You may enable multiple levels by specifying the debug option once for each desired level.  Or, since debugging levels are additive, you can do the math yourself. That is, if you want to trace function calls and watch the config file being processed, you could set level to the sum of those two levels (in this case, <TT> -d 65</TT>).  Or, you can let slapd do the math, (e.g. <TT> -d 1 -d 64</TT>).  Consult <TT>&lt;ldap_log.h&gt;</TT> for more details.</P>
-<P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>slapd must have been compiled with <TT>-DLDAP_DEBUG</TT> defined for any debugging information beyond the two stats levels to be available.
-<HR WIDTH="80%" ALIGN="Left"></P>
-<H2><A NAME="Starting slapd">8.2. Starting slapd</A></H2>
-<P>In general, slapd is run like this:</P>
+<P>The rules for specifying <TT>&lt;who&gt;</TT> are the same as those used in access-control rules.</P>
+<H3><A NAME="Specify time limits">9.4.2. Specify time limits</A></H3>
+<P>The syntax for time limits is</P>
 <PRE>
-        /usr/local/libexec/slapd [&lt;option&gt;]*
+   time[.{soft|hard}]=&lt;integer&gt;
 </PRE>
-<P>where <TT>/usr/local/libexec</TT> is determined by <TT>configure</TT> and &lt;option&gt; is one of the options described above (or in <EM>slapd</EM>(8)). Unless you have specified a debugging level (including level <TT>0</TT>), slapd will automatically fork and detach itself from its controlling terminal and run in the background.</P>
-<H2><A NAME="Stopping slapd">8.3. Stopping slapd</A></H2>
-<P>To kill off <EM>slapd</EM>(8) safely, you should give a command like this</P>
+<P>where integer is the number of seconds slapd will spend answering a search request.</P>
+<P>If neither <EM>soft</EM> nor <EM>hard</EM> is specified, the value is used for both, e.g.:</P>
 <PRE>
-        kill -INT `cat /usr/local/var/slapd.pid`
+   limits anonymous time=27
 </PRE>
-<P>where <TT>/usr/local/var</TT> is determined by <TT>configure</TT>.</P>
-<P>Killing slapd by a more drastic method may cause information loss or database corruption.</P>
+<P>The value <EM>unlimited</EM> may be used to remove the hard time limit entirely, e.g.:</P>
+<PRE>
+   limits dn.exact=&quot;cn=anyuser,dc=example,dc=org&quot; time.hard=unlimited
+</PRE>
+<H3><A NAME="Specifying size limits">9.4.3. Specifying size limits</A></H3>
+<P>The syntax for size limit is</P>
+<PRE>
+   size[.{soft|hard|unchecked}]=&lt;integer&gt;
+</PRE>
+<P>where <TT>&lt;integer&gt;</TT> is the maximum number of entries slapd will return when answering a search request.</P>
+<P>Soft, hard, and &quot;unchecked&quot; limits are available, with the same meanings described for the global limits configuration above.</P>
+<H3><A NAME="Size limits and Paged Results">9.4.4. Size limits and Paged Results</A></H3>
+<P>If the LDAP client adds the <EM>pagedResultsControl</EM> to the search operation, the hard size limit is used by default, because the request for a specific page size is considered an explicit request for a limitation on the number of entries to be returned. However, the size limit applies to the total count of entries returned within the search, and not to a single page.</P>
+<P>Additional size limits may be enforced for paged searches.</P>
+<P>The <TT>size.pr</TT> limit controls the maximum page size:</P>
+<PRE>
+   size.pr={&lt;integer&gt;|noEstimate|unlimited}
+</PRE>
+<P><TT>&lt;integer&gt;</TT> is the maximum page size if no explicit size is set. <TT>noEstimate</TT> has no effect in the current implementation as the server does not return an estimate of the result size anyway. <TT>unlimited</TT> indicates that no limit is applied to the maximum page size.</P>
+<P>The <TT>size.prtotal</TT> limit controls the total number of entries that can be returned by a paged search. By default the limit is the same as the normal <TT>size.hard</TT> limit.</P>
+<PRE>
+   size.prtotal={&lt;integer&gt;|unlimited|disabled}
+</PRE>
+<P><TT>unlimited</TT> removes the limit on the number of entries that can be returned by a paged search. <TT>disabled</TT> can be used to selectively disable paged result searches.</P>
+<H2><A NAME="Example Limit Configurations">9.5. Example Limit Configurations</A></H2>
+<H3><A NAME="Simple Global Limits">9.5.1. Simple Global Limits</A></H3>
+<P>This simple global configuration fragment applies size and time limits to all searches by all users except <EM>rootdn</EM>. It limits searches to 50 results and sets an overall time limit of 10 seconds.</P>
+<PRE>
+   sizelimit 50
+   timelimit 10
+</PRE>
+<H3><A NAME="Global Hard and Soft Limits">9.5.2. Global Hard and Soft Limits</A></H3>
+<P>It is sometimes useful to limit the size of result sets but to allow clients to request a higher limit where needed. This can be achieved by setting separate hard and soft limits.</P>
+<PRE>
+   sizelimit size.soft=5 size.hard=100
+</PRE>
+<P>To prevent clients from doing very inefficient non-indexed searches, add the <EM>unchecked</EM> limit:</P>
+<PRE>
+   sizelimit size.soft=5 size.hard=100 size.unchecked=100
+</PRE>
+<H3><A NAME="Giving specific users larger limits">9.5.3. Giving specific users larger limits</A></H3>
+<P>Having set appropriate default limits in the global configuration, you may want to give certain users the ability to retrieve larger result sets. Here is a way to do that in the per-database configuration:</P>
+<PRE>
+   limits dn.exact=&quot;cn=anyuser,dc=example,dc=org&quot; size=100000
+   limits dn.exact=&quot;cn=personnel,dc=example,dc=org&quot; size=100000
+   limits dn.exact=&quot;cn=dirsync,dc=example,dc=org&quot; size=100000
+</PRE>
+<P>It is generally best to avoid mentioning specific users in the server configuration. A better way is to give the higher limits to a group:</P>
+<PRE>
+   limits group/groupOfNames/member=&quot;cn=bigwigs,dc=example,dc=org&quot; size=100000
+</PRE>
+<H3><A NAME="Limiting who can do paged searches">9.5.4. Limiting who can do paged searches</A></H3>
+<P>It may be required that certain applications need very large result sets that they retrieve using paged searches, but that you do not want ordinary LDAP users to use the pagedResults control. The <EM>pr</EM> and <EM>prtotal</EM> limits can help:</P>
+<PRE>
+   limits group/groupOfNames/member=&quot;cn=dirsync,dc=example,dc=org&quot; size.prtotal=unlimited
+   limits users size.soft=5 size.hard=100 size.prtotal=disabled
+   limits anonymous size.soft=2 size.hard=5 size.prtotal=disabled
+</PRE>
+<H2><A NAME="Further Information">9.6. Further Information</A></H2>
+<P>For further information please see <EM>slapd.conf</EM>(5), <EM>ldapsearch</EM>(1) and <EM>slapd.access</EM>(5)</P>
 <P></P>
 <HR>
-<H1><A NAME="Database Creation and Maintenance Tools">9. Database Creation and Maintenance Tools</A></H1>
+<H1><A NAME="Database Creation and Maintenance Tools">10. Database Creation and Maintenance Tools</A></H1>
 <P>This section tells you how to create a slapd database from scratch, and how to do trouble shooting if you run into problems. There are two ways to create a database. First, you can create the database on-line using <TERM>LDAP</TERM>. With this method, you simply start up slapd and add entries using the LDAP client of your choice. This method is fine for relatively small databases (a few hundred or thousand entries, depending on your requirements). This method works for database types which support updates.</P>
 <P>The second method of database creation is to do it off-line using special utilities provided with <EM>slapd</EM>(8). This method is best if you have many thousands of entries to create, which would take an unacceptably long time using the LDAP method, or if you want to ensure the database is not accessed while it is being created. Note that not all database types support these utilities.</P>
-<H2><A NAME="Creating a database over LDAP">9.1. Creating a database over LDAP</A></H2>
+<H2><A NAME="Creating a database over LDAP">10.1. Creating a database over LDAP</A></H2>
 <P>With this method, you use the LDAP client of your choice (e.g., the <EM>ldapadd</EM>(1)) to add entries, just like you would once the database is created.  You should be sure to set the following options in the configuration file before starting <EM>slapd</EM>(8).</P>
 <PRE>
         suffix &lt;dn&gt;
@@ -4002,7 +4375,7 @@
         ldapadd -f entries.ldif -x -D &quot;cn=Manager,dc=example,dc=com&quot; -w secret
 </PRE>
 <P>The above command assumes settings provided in the above examples.</P>
-<H2><A NAME="Creating a database off-line">9.2. Creating a database off-line</A></H2>
+<H2><A NAME="Creating a database off-line">10.2. Creating a database off-line</A></H2>
 <P>The second method of database creation is to do it off-line, using the slapd database tools described below. This method is best if you have many thousands of entries to create, which would take an unacceptably long time to add using the LDAP method described above. These tools read the slapd configuration file and an input file containing a text representation of the entries to add. For database types which support the tools, they produce the database files directly (otherwise you must use the on-line method above). There are several important configuration options you will want to be sure and set in the config file database definition first:</P>
 <PRE>
         suffix &lt;dn&gt;
@@ -4029,7 +4402,7 @@
         index objectClass eq
 </PRE>
 <P>This would create presence, equality, approximate, and substring indices for the <TT>cn</TT>, <TT>sn</TT>, and <TT>uid</TT> attributes and an equality index for the <TT>objectClass</TT> attribute.  Note that not all index types are available with all attribute types.  See <A HREF="#The slapd Configuration File">The slapd Configuration File</A> section for more information on this option.</P>
-<H3><A NAME="The {{EX:slapadd}} program">9.2.1. The <TT>slapadd</TT> program</A></H3>
+<H3><A NAME="The {{EX:slapadd}} program">10.2.1. The <TT>slapadd</TT> program</A></H3>
 <P>Once you've configured things to your liking, you create the primary database and associated indices by running the <EM>slapadd</EM>(8) program:</P>
 <PRE>
         slapadd -l &lt;inputfile&gt; -f &lt;slapdconfigfile&gt;
@@ -4060,21 +4433,21 @@
         -b &lt;suffix&gt;
 </PRE>
 <P>An optional argument that specifies which database to modify.  The provided suffix is matched against a database <TT>suffix</TT> directive to determine the database number. Should not be used in conjunction with <TT>-n</TT>.</P>
-<H3><A NAME="The {{EX:slapindex}} program">9.2.2. The <TT>slapindex</TT> program</A></H3>
+<H3><A NAME="The {{EX:slapindex}} program">10.2.2. The <TT>slapindex</TT> program</A></H3>
 <P>Sometimes it may be necessary to regenerate indices (such as after modifying <EM>slapd.conf</EM>(5)). This is possible using the <EM>slapindex</EM>(8) program.  <EM>slapindex</EM> is invoked like this</P>
 <PRE>
         slapindex -f &lt;slapdconfigfile&gt;
                 [-d &lt;debuglevel&gt;] [-n &lt;databasenumber&gt;|-b &lt;suffix&gt;]
 </PRE>
 <P>Where the <TT>-f</TT>, <TT>-d</TT>, <TT>-n</TT> and <TT>-b</TT> options are the same as for the <EM>slapadd</EM>(1) program.  <EM>slapindex</EM> rebuilds all indices based upon the current database contents.</P>
-<H3><A NAME="The {{EX:slapcat}} program">9.2.3. The <TT>slapcat</TT> program</A></H3>
+<H3><A NAME="The {{EX:slapcat}} program">10.2.3. The <TT>slapcat</TT> program</A></H3>
 <P>The <TT>slapcat</TT> program is used to dump the database to an <TERM>LDIF</TERM> file.  This can be useful when you want to make a human-readable backup of your database or when you want to edit your database off-line.  The program is invoked like this:</P>
 <PRE>
         slapcat -l &lt;filename&gt; -f &lt;slapdconfigfile&gt;
                 [-d &lt;debuglevel&gt;] [-n &lt;databasenumber&gt;|-b &lt;suffix&gt;]
 </PRE>
 <P>where <TT>-n</TT> or <TT>-b</TT> is used to select the database in the <EM>slapd.conf</EM>(5) specified using <TT>-f</TT>.  The corresponding <TERM>LDIF</TERM> output is written to standard output or to the file specified using the <TT>-l</TT> option.</P>
-<H2><A NAME="The LDIF text entry format">9.3. The LDIF text entry format</A></H2>
+<H2><A NAME="The LDIF text entry format">10.3. The LDIF text entry format</A></H2>
 <P>The <TERM>LDAP Data Interchange Format</TERM> (LDIF) is used to represent LDAP entries in a simple text format.  This section provides a brief description of the LDIF entry format which complements <EM>ldif</EM>(5) and the technical specification <A HREF="http://www.rfc-editor.org/rfc/rfc2849.txt">RFC2849</A>.</P>
 <P>The basic form of an entry is:</P>
 <PRE>
@@ -4146,25 +4519,25 @@
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P></P>
 <HR>
-<H1><A NAME="Backends">10. Backends</A></H1>
-<H2><A NAME="Berkeley DB Backends">10.1. Berkeley DB Backends</A></H2>
-<H3><A NAME="Overview">10.1.1. Overview</A></H3>
+<H1><A NAME="Backends">11. Backends</A></H1>
+<H2><A NAME="Berkeley DB Backends">11.1. Berkeley DB Backends</A></H2>
+<H3><A NAME="Overview">11.1.1. Overview</A></H3>
 <P>The <EM>bdb</EM> backend to <EM>slapd</EM>(8) is the recommended primary backend for a normal <EM>slapd</EM> database.  It uses the Oracle Berkeley DB (<TERM>BDB</TERM>) package to store data. It makes extensive use of indexing and caching (see the <A HREF="#Tuning">Tuning</A> section) to speed data access.</P>
 <P><EM>hdb</EM> is a variant of the <EM>bdb</EM> backend that uses a hierarchical database layout which supports subtree renames. It is otherwise identical to the <EM>bdb</EM> behavior, and all the same configuration options apply.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>An <EM>hdb</EM> database needs a large <EM>idlcachesize</EM> for good search performance, typically three times the <EM>cachesize</EM> (entry cache size) or larger.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="back-bdb/back-hdb Configuration">10.1.2. back-bdb/back-hdb Configuration</A></H3>
+<H3><A NAME="back-bdb/back-hdb Configuration">11.1.2. back-bdb/back-hdb Configuration</A></H3>
 <P>MORE LATER</P>
-<H3><A NAME="Further Information">10.1.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.1.3. Further Information</A></H3>
 <P><EM>slapd-bdb</EM>(5)</P>
-<H2><A NAME="LDAP">10.2. LDAP</A></H2>
-<H3><A NAME="Overview">10.2.1. Overview</A></H3>
+<H2><A NAME="LDAP">11.2. LDAP</A></H2>
+<H3><A NAME="Overview">11.2.1. Overview</A></H3>
 <P>The LDAP backend to <EM>slapd</EM>(8) is not an actual database; instead it acts as a proxy to forward incoming requests to another LDAP server. While processing requests it will also chase referrals, so that referrals are fully processed instead of being returned to the <EM>slapd</EM> client.</P>
 <P>Sessions that explicitly <EM>Bind</EM> to the <EM>back-ldap</EM> database always create their own private connection to the remote LDAP server. Anonymous sessions will share a single anonymous connection to the remote server. For sessions bound through other mechanisms, all sessions with the same DN will share the same connection. This connection pooling strategy can enhance the proxy's efficiency by reducing the overhead of repeatedly making/breaking multiple connections.</P>
 <P>The ldap database can also act as an information service, i.e. the identity of locally authenticated clients is asserted to the remote server, possibly in some modified form. For this purpose, the proxy binds to the remote server with some administrative identity, and, if required, authorizes the asserted identity.</P>
 <P>It is heavily used by a lot of other <A HREF="#Backends">Backends</A> and <A HREF="#Overlays">Overlays</A>.</P>
-<H3><A NAME="back-ldap Configuration">10.2.2. back-ldap Configuration</A></H3>
+<H3><A NAME="back-ldap Configuration">11.2.2. back-ldap Configuration</A></H3>
 <P>As previously mentioned, <EM>slapd-ldap(5)</EM> is used behind the scenes by many other <A HREF="#Backends">Backends</A> and <A HREF="#Overlays">Overlays</A>. Some of them merely provide a few configuration directive themselves, but have available to the administrator the whole of the <EM>slapd-ldap(5)</EM> options.</P>
 <P>For example, the <A HREF="#Translucent Proxy">Translucent Proxy</A>, which retrieves entries from a remote LDAP server that can be partially overridden by the defined database, has only four specific <EM>translucent-</EM> directives, but can be configured using any of the normal <EM>slapd-ldap(5)</EM> options. See {[slapo-translucent(5)}} for details.</P>
 <P>Other <A HREF="#Overlays">Overlays</A> allow you to tag directives in front of a normal <EM>slapd-ldap(5)</EM> directive. For example, the <EM>slapo-chain(5)</EM> overlay does this:</P>
@@ -4180,13 +4553,13 @@
 </PRE>
 <P>The URI list is space or comma-separated. Whenever the server that responds is not the first one in the list, the list is rearranged and the responsive server is moved to the head, so that it will be first contacted the next time a connection needs be created.</P>
 <P>This feature can be used to provide a form of load balancing when using <A HREF="#MirrorMode replication">MirrorMode replication</A>.</P>
-<H3><A NAME="Further Information">10.2.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.2.3. Further Information</A></H3>
 <P><EM>slapd-ldap</EM>(5)</P>
-<H2><A NAME="LDIF">10.3. LDIF</A></H2>
-<H3><A NAME="Overview">10.3.1. Overview</A></H3>
+<H2><A NAME="LDIF">11.3. LDIF</A></H2>
+<H3><A NAME="Overview">11.3.1. Overview</A></H3>
 <P>The LDIF backend to <EM>slapd</EM>(8) is a basic storage backend that stores entries in text files in LDIF format, and exploits the filesystem to create the tree structure of the database. It is intended as a cheap, low performance easy to use backend.</P>
 <P>When using the <EM>cn=config</EM> dynamic configuration database with persistent storage, the configuration data is stored using this backend. See <EM>slapd-config</EM>(5) for more information</P>
-<H3><A NAME="back-ldif Configuration">10.3.2. back-ldif Configuration</A></H3>
+<H3><A NAME="back-ldif Configuration">11.3.2. back-ldif Configuration</A></H3>
 <P>Like many other backends, the LDIF backend can be instantiated with very few configuration lines:</P>
 <PRE>
         include ./schema/core.schema
@@ -4238,23 +4611,23 @@
    modifyTimestamp: 20080711142643Z
 </PRE>
 <P>This is the complete format you would get when exporting your directory using <TT>slapcat</TT> etc.</P>
-<H3><A NAME="Further Information">10.3.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.3.3. Further Information</A></H3>
 <P><EM>slapd-ldif</EM>(5)</P>
-<H2><A NAME="Metadirectory">10.4. Metadirectory</A></H2>
-<H3><A NAME="Overview">10.4.1. Overview</A></H3>
+<H2><A NAME="Metadirectory">11.4. Metadirectory</A></H2>
+<H3><A NAME="Overview">11.4.1. Overview</A></H3>
 <P>The meta backend to <EM>slapd</EM>(8) performs basic LDAP proxying with respect to a set of remote LDAP servers, called &quot;targets&quot;. The information contained in these servers can be presented as belonging to a single Directory Information Tree (<TERM>DIT</TERM>).</P>
 <P>A basic knowledge of the functionality of the <EM>slapd-ldap</EM>(5) backend is recommended. This backend has been designed as an enhancement of the ldap backend. The two backends share many features (actually they also share portions of code). While the ldap backend is intended to proxy operations directed to a single server, the meta backend is mainly intended for proxying of multiple servers and possibly naming context  masquerading.</P>
 <P>These features, although useful in many scenarios, may result in excessive overhead for some applications, so its use should be carefully considered.</P>
-<H3><A NAME="back-meta Configuration">10.4.2. back-meta Configuration</A></H3>
+<H3><A NAME="back-meta Configuration">11.4.2. back-meta Configuration</A></H3>
 <P>LATER</P>
-<H3><A NAME="Further Information">10.4.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.4.3. Further Information</A></H3>
 <P><EM>slapd-meta</EM>(5)</P>
-<H2><A NAME="Monitor">10.5. Monitor</A></H2>
-<H3><A NAME="Overview">10.5.1. Overview</A></H3>
+<H2><A NAME="Monitor">11.5. Monitor</A></H2>
+<H3><A NAME="Overview">11.5.1. Overview</A></H3>
 <P>The monitor backend to <EM>slapd</EM>(8) is not an actual database; if enabled, it is automatically generated and dynamically maintained by slapd with information about the running status of the daemon.</P>
 <P>To inspect all monitor information, issue a subtree search with base <EM>cn=Monitor</EM>, requesting that attributes &quot;+&quot; and &quot;*&quot; are returned. The monitor backend produces mostly operational attributes, and LDAP only returns operational attributes that are explicitly requested.  Requesting attribute &quot;+&quot; is an extension which requests all operational attributes.</P>
 <P>See the <A HREF="#Monitoring">Monitoring</A> section.</P>
-<H3><A NAME="back-monitor Configuration">10.5.2. back-monitor Configuration</A></H3>
+<H3><A NAME="back-monitor Configuration">11.5.2. back-monitor Configuration</A></H3>
 <P>The monitor database can be instantiated only once, i.e. only one occurrence of &quot;database monitor&quot; can occur in the <EM>slapd.conf(5)</EM> file.  Also the suffix is automatically set to <EM>&quot;cn=Monitor&quot;</EM>.</P>
 <P>You can however set a <EM>rootdn</EM> and <EM>rootpw</EM>. The following is all that is needed to instantiate a monitor backend:</P>
 <PRE>
@@ -4304,10 +4677,10 @@
         description: This subsystem contains information about available backends.
 </PRE>
 <P>Please see the <A HREF="#Monitoring">Monitoring</A> section for complete examples of information available via this backend.</P>
-<H3><A NAME="Further Information">10.5.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.5.3. Further Information</A></H3>
 <P><EM>slapd-monitor</EM>(5)</P>
-<H2><A NAME="Null">10.6. Null</A></H2>
-<H3><A NAME="Overview">10.6.1. Overview</A></H3>
+<H2><A NAME="Null">11.6. Null</A></H2>
+<H3><A NAME="Overview">11.6.1. Overview</A></H3>
 <P>The Null backend to <EM>slapd</EM>(8) is surely the most useful part of slapd:</P>
 <UL>
 <LI>Searches return success but no entries.
@@ -4316,7 +4689,7 @@
 <LI>Binds other than as the rootdn fail unless the database option &quot;bind on&quot; is given.
 <LI>The slapadd(8) and slapcat(8) tools are equally exciting.</UL>
 <P>Inspired by the <TT>/dev/null</TT> device.</P>
-<H3><A NAME="back-null Configuration">10.6.2. back-null Configuration</A></H3>
+<H3><A NAME="back-null Configuration">11.6.2. back-null Configuration</A></H3>
 <P>This has to be one of the shortest configurations you'll ever do. In order to test this, your <TT>slapd.conf</TT> file would look like:</P>
 <PRE>
         modulepath  /usr/local/libexec/openldap
@@ -4345,13 +4718,13 @@
 
         # numResponses: 1
 </PRE>
-<H3><A NAME="Further Information">10.6.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.6.3. Further Information</A></H3>
 <P><EM>slapd-null</EM>(5)</P>
-<H2><A NAME="Passwd">10.7. Passwd</A></H2>
-<H3><A NAME="Overview">10.7.1. Overview</A></H3>
+<H2><A NAME="Passwd">11.7. Passwd</A></H2>
+<H3><A NAME="Overview">11.7.1. Overview</A></H3>
 <P>The PASSWD backend to <EM>slapd</EM>(8) serves up the user account information listed in the system <EM>passwd</EM>(5) file (defaulting to <TT>/etc/passwd</TT>).</P>
 <P>This backend is provided for demonstration purposes only. The DN of each entry is &quot;uid=&lt;username&gt;,&lt;suffix&gt;&quot;.</P>
-<H3><A NAME="back-passwd Configuration">10.7.2. back-passwd Configuration</A></H3>
+<H3><A NAME="back-passwd Configuration">11.7.2. back-passwd Configuration</A></H3>
 <P>The configuration using <TT>slapd.conf</TT> a slightly longer, but not much. For example:</P>
 <PRE>
         include ./schema/core.schema
@@ -4387,33 +4760,33 @@
         sn: root
         description: root
 </PRE>
-<H3><A NAME="Further Information">10.7.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.7.3. Further Information</A></H3>
 <P><EM>slapd-passwd</EM>(5)</P>
-<H2><A NAME="Perl/Shell">10.8. Perl/Shell</A></H2>
-<H3><A NAME="Overview">10.8.1. Overview</A></H3>
+<H2><A NAME="Perl/Shell">11.8. Perl/Shell</A></H2>
+<H3><A NAME="Overview">11.8.1. Overview</A></H3>
 <P>The Perl backend to <EM>slapd</EM>(8) works by embedding a <EM>perl</EM>(1) interpreter into <EM>slapd</EM>(8). Any perl database section of the configuration file <EM>slapd.conf</EM>(5) must then specify what Perl module to use. Slapd then creates a new Perl object that handles all the requests for that particular instance of the backend.</P>
 <P>The Shell backend to <EM>slapd</EM>(8) executes external programs to implement operations, and is designed to make it easy to tie an existing database to the slapd front-end. This backend is is primarily intended to be used in prototypes.</P>
-<H3><A NAME="back-perl/back-shell Configuration">10.8.2. back-perl/back-shell Configuration</A></H3>
+<H3><A NAME="back-perl/back-shell Configuration">11.8.2. back-perl/back-shell Configuration</A></H3>
 <P>LATER</P>
-<H3><A NAME="Further Information">10.8.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.8.3. Further Information</A></H3>
 <P><EM>slapd-shell</EM>(5) and <EM>slapd-perl</EM>(5)</P>
-<H2><A NAME="Relay">10.9. Relay</A></H2>
-<H3><A NAME="Overview">10.9.1. Overview</A></H3>
+<H2><A NAME="Relay">11.9. Relay</A></H2>
+<H3><A NAME="Overview">11.9.1. Overview</A></H3>
 <P>The primary purpose of this <EM>slapd</EM>(8) backend is to map a naming context defined in a database running in the same <EM>slapd</EM>(8) instance into a virtual naming context, with attributeType and objectClass manipulation, if required. It requires the rwm overlay.</P>
 <P>This backend and the above mentioned overlay are experimental.</P>
-<H3><A NAME="back-relay Configuration">10.9.2. back-relay Configuration</A></H3>
+<H3><A NAME="back-relay Configuration">11.9.2. back-relay Configuration</A></H3>
 <P>LATER</P>
-<H3><A NAME="Further Information">10.9.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.9.3. Further Information</A></H3>
 <P><EM>slapd-relay</EM>(5)</P>
-<H2><A NAME="SQL">10.10. SQL</A></H2>
-<H3><A NAME="Overview">10.10.1. Overview</A></H3>
+<H2><A NAME="SQL">11.10. SQL</A></H2>
+<H3><A NAME="Overview">11.10.1. Overview</A></H3>
 <P>The primary purpose of this <EM>slapd</EM>(8) backend is to PRESENT information stored in some RDBMS as an LDAP subtree without any programming (some SQL and maybe stored procedures can't be considered programming, anyway ;).</P>
 <P>That is, for example, when you (some ISP) have account information you use in an RDBMS, and want to use modern solutions that expect such information in LDAP (to authenticate users, make email lookups etc.). Or you want to synchronize or distribute information between different sites/applications that use RDBMSes and/or LDAP. Or whatever else...</P>
 <P>It is <B>NOT</B> designed as a general-purpose backend that uses RDBMS instead of BerkeleyDB (as the standard BDB backend does), though it can be used as such with several limitations. Please see <A HREF="#LDAP vs RDBMS">LDAP vs RDBMS</A> for discussion.</P>
 <P>The idea is to use some meta-information to translate LDAP queries to SQL queries, leaving relational schema untouched, so that old applications can continue using it without any modifications. This allows SQL and LDAP applications to interoperate without replication, and exchange data as needed.</P>
 <P>The SQL backend is designed to be tunable to virtually any relational schema without having to change source (through that meta-information mentioned). Also, it uses ODBC to connect to RDBMSes, and is highly configurable for SQL dialects RDBMSes may use, so it may be used for integration and distribution of data on different RDBMSes, OSes, hosts etc., in other words, in highly heterogeneous environments.</P>
 <P>This backend is experimental.</P>
-<H3><A NAME="back-sql Configuration">10.10.2. back-sql Configuration</A></H3>
+<H3><A NAME="back-sql Configuration">11.10.2. back-sql Configuration</A></H3>
 <P>This backend has to be one of the most abused and complex backends there is. Therefore, we will go through a simple, small example that comes with the OpenLDAP source and can be found in <TT>servers/slapd/back-sql/rdbms_depend/README</TT></P>
 <P>For this example we will be using PostgreSQL.</P>
 <P>First, we add to <TT>/etc/odbc.ini</TT> a block of the form:</P>
@@ -4476,11 +4849,11 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>This backend is experimental.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="Further Information">10.10.3. Further Information</A></H3>
+<H3><A NAME="Further Information">11.10.3. Further Information</A></H3>
 <P><EM>slapd-sql</EM>(5) and <TT>servers/slapd/back-sql/rdbms_depend/README</TT></P>
 <P></P>
 <HR>
-<H1><A NAME="Overlays">11. Overlays</A></H1>
+<H1><A NAME="Overlays">12. Overlays</A></H1>
 <P>Overlays are software components that provide hooks to functions analogous to those provided by backends, which can be stacked on top of the backend calls and as callbacks on top of backend responses to alter their behavior.</P>
 <P>Overlays may be compiled statically into <EM>slapd</EM>, or when module support is enabled, they may be dynamically loaded. Most of the overlays are only allowed to be configured on individual databases.</P>
 <P>Some can be stacked on the <TT>frontend</TT> as well, for global use. This means that they can be executed after a request is parsed and validated, but right before the appropriate database is selected. The main purpose is to affect operations regardless of the database they will be handled by, and, in some cases, to influence the selection of the database by massaging the request DN.</P>
@@ -4509,12 +4882,12 @@
 </PRE>
 <P>along with other types of run-time loadable components; they are officially distributed, but not maintained by the project.</P>
 <P>All the current overlays in OpenLDAP are listed and described in detail in the following sections.</P>
-<H2><A NAME="Access Logging">11.1. Access Logging</A></H2>
-<H3><A NAME="Overview">11.1.1. Overview</A></H3>
+<H2><A NAME="Access Logging">12.1. Access Logging</A></H2>
+<H3><A NAME="Overview">12.1.1. Overview</A></H3>
 <P>This overlay can record accesses to a given backend database on another database.</P>
 <P>This allows all of the activity on a given database to be reviewed using arbitrary LDAP queries, instead of just logging to local flat text files. Configuration options are available for selecting a subset of operation types to log, and to automatically prune older log records from the logging database. Log records are stored with audit schema to assure their readability whether viewed as LDIF or in raw form.</P>
 <P>It is also used for <A HREF="#delta-syncrepl replication">delta-syncrepl replication</A></P>
-<H3><A NAME="Access Logging Configuration">11.1.2. Access Logging Configuration</A></H3>
+<H3><A NAME="Access Logging Configuration">12.1.2. Access Logging Configuration</A></H3>
 <P>The following is a basic example that implements Access Logging:</P>
 <PRE>
         database bdb
@@ -4596,13 +4969,13 @@
         # numResponses: 3
         # numEntries: 2
 </PRE>
-<H3><A NAME="Further Information">11.1.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.1.3. Further Information</A></H3>
 <P><EM>slapo-accesslog(5)</EM> and the <A HREF="#delta-syncrepl replication">delta-syncrepl replication</A> section.</P>
-<H2><A NAME="Audit Logging">11.2. Audit Logging</A></H2>
+<H2><A NAME="Audit Logging">12.2. Audit Logging</A></H2>
 <P>The Audit Logging overlay can be used to record all changes on a given backend database to a specified log file.</P>
-<H3><A NAME="Overview">11.2.1. Overview</A></H3>
+<H3><A NAME="Overview">12.2.1. Overview</A></H3>
 <P>If the need arises whereby changes need to be logged as standard LDIF, then the auditlog overlay <B>slapo-auditlog (5)</B> can be used. Full examples are available in the man page <B>slapo-auditlog (5)</B></P>
-<H3><A NAME="Audit Logging Configuration">11.2.2. Audit Logging Configuration</A></H3>
+<H3><A NAME="Audit Logging Configuration">12.2.2. Audit Logging Configuration</A></H3>
 <P>If the directory is running vi <TT>slapd.d</TT>, then the following LDIF could be used to add the overlay to the overlay list in <B>cn=config</B> and set what file the <TERM>LDIF</TERM> gets logged to (adjust to suit)</P>
 <PRE>
        dn: olcOverlay=auditlog,olcDatabase={1}hdb,cn=config
@@ -4647,14 +5020,14 @@
        entryCSN: 20051123130912.000000Z#000002#000#000000
        # end add 1196797577
 </PRE>
-<H3><A NAME="Further Information">11.2.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.2.3. Further Information</A></H3>
 <P><EM>slapo-auditlog(5)</EM></P>
-<H2><A NAME="Chaining">11.3. Chaining</A></H2>
-<H3><A NAME="Overview">11.3.1. Overview</A></H3>
+<H2><A NAME="Chaining">12.3. Chaining</A></H2>
+<H3><A NAME="Overview">12.3.1. Overview</A></H3>
 <P>The chain overlay provides basic chaining capability to the underlying database.</P>
 <P>What is chaining? It indicates the capability of a DSA to follow referrals on behalf of the client, so that distributed systems are viewed as a single virtual DSA by clients that are otherwise unable to &quot;chase&quot; (i.e. follow) referrals by themselves.</P>
 <P>The chain overlay is built on top of the ldap backend; it is compiled by default when <B>--enable-ldap</B>.</P>
-<H3><A NAME="Chaining Configuration">11.3.2. Chaining Configuration</A></H3>
+<H3><A NAME="Chaining Configuration">12.3.2. Chaining Configuration</A></H3>
 <P>In order to demonstrate how this overlay works, we shall discuss a typical scenario which might be one master server and three Syncrepl slaves.</P>
 <P>On each replica, add this near the top of the <EM>slapd.conf</EM>(5) file (global), before any database definitions:</P>
 <PRE>
@@ -4702,22 +5075,25 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>You can clearly see the PROXYAUTHZ line on the master, indicating the proper identity assertion for the update on the master. Also note the slave immediately receiving the Syncrepl update from the master.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="Handling Chaining Errors">11.3.3. Handling Chaining Errors</A></H3>
+<H3><A NAME="Handling Chaining Errors">12.3.3. Handling Chaining Errors</A></H3>
 <P>By default, if chaining fails, the original referral is returned to the client under the assumption that the client might want to try and follow the referral.</P>
 <P>With the following directive however, if the chaining fails at the provider side, the actual error is returned to the client.</P>
 <PRE>
         chain-return-error TRUE
 </PRE>
-<H3><A NAME="Further Information">11.3.4. Further Information</A></H3>
+<H3><A NAME="Read-Back of Chained Modifications">12.3.4. Read-Back of Chained Modifications</A></H3>
+<P>Occasionally, applications want to read back the data that they just wrote. If a modification requested to a shadow server was silently chained to its producer, an immediate read could result in receiving data not yet synchronized. In those cases, clients should use the <B>dontusecopy</B> control to ensure they are directed to the authoritative source for that piece of data.</P>
+<P>This control usually causes a referral to the actual source of the data to be returned.  However, when the <EM>slapo-chain(5)</EM> overlay is used, it intercepts the referral being returned in response to the <B>dontusecopy</B> control, and tries to fetch the requested data.</P>
+<H3><A NAME="Further Information">12.3.5. Further Information</A></H3>
 <P><EM>slapo-chain(5)</EM></P>
-<H2><A NAME="Constraints">11.4. Constraints</A></H2>
-<H3><A NAME="Overview">11.4.1. Overview</A></H3>
+<H2><A NAME="Constraints">12.4. Constraints</A></H2>
+<H3><A NAME="Overview">12.4.1. Overview</A></H3>
 <P>This overlay enforces a regular expression constraint on all values of specified attributes during an LDAP modify request that contains add or modify commands. It is used to enforce a more rigorous syntax when the underlying attribute syntax is too general.</P>
-<H3><A NAME="Constraint Configuration">11.4.2. Constraint Configuration</A></H3>
+<H3><A NAME="Constraint Configuration">12.4.2. Constraint Configuration</A></H3>
 <P>Configuration via <EM>slapd.conf</EM>(5) would look like:</P>
 <PRE>
         overlay constraint
-        constraint_attribute mail regex ^[:alnum:]+ at mydomain.com$
+        constraint_attribute mail regex ^[[:alnum:]]+ at mydomain.com$
         constraint_attribute title uri
         ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
 </PRE>
@@ -4730,16 +5106,16 @@
        objectClass: olcOverlayConfig
        objectClass: olcConstraintConfig
        olcOverlay: constraint
-       olcConstraintAttribute: mail regex ^[:alnum:]+ at mydomain.com$
+       olcConstraintAttribute: mail regex ^[[:alnum:]]+ at mydomain.com$
        olcConstraintAttribute: title uri ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
 </PRE>
-<H3><A NAME="Further Information">11.4.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.4.3. Further Information</A></H3>
 <P><EM>slapo-constraint(5)</EM></P>
-<H2><A NAME="Dynamic Directory Services">11.5. Dynamic Directory Services</A></H2>
-<H3><A NAME="Overview">11.5.1. Overview</A></H3>
+<H2><A NAME="Dynamic Directory Services">12.5. Dynamic Directory Services</A></H2>
+<H3><A NAME="Overview">12.5.1. Overview</A></H3>
 <P>The <EM>dds</EM> overlay to <EM>slapd</EM>(8) implements dynamic objects as per <A HREF="http://www.rfc-editor.org/rfc/rfc2589.txt">RFC2589</A>. The name <EM>dds</EM> stands for Dynamic Directory Services. It allows to define dynamic objects, characterized by the <EM>dynamicObject</EM> objectClass.</P>
 <P>Dynamic objects have a limited lifetime, determined by a time-to-live (TTL) that can be refreshed by means of a specific refresh extended operation. This operation allows to set the Client Refresh Period (CRP), namely the period between refreshes that is required to preserve the dynamic object from expiration. The expiration time is computed by adding the requested TTL to the current time. When dynamic objects reach the end of their lifetime without being further refreshed, they are automatically <EM>deleted</EM>. There is no guarantee of immediate deletion, so clients should not count on it.</P>
-<H3><A NAME="Dynamic Directory Service Configuration">11.5.2. Dynamic Directory Service Configuration</A></H3>
+<H3><A NAME="Dynamic Directory Service Configuration">12.5.2. Dynamic Directory Service Configuration</A></H3>
 <P>A usage of dynamic objects might be to implement dynamic meetings; in this case, all the participants to the meeting are allowed to refresh the meeting object, but only the creator can delete it (otherwise it will be deleted when the TTL expires).</P>
 <P>If we add the overlay to an example database, specifying a Max TTL of 1 day, a min of 10 seconds, with a default TTL of 1 hour. We'll also specify an interval of 120 (less than 60s might be too small) seconds between expiration checks and a tolerance of 5 second (lifetime of a dynamic object will be <EM>entryTtl + tolerance</EM>).</P>
 <PRE>
@@ -4763,7 +5139,7 @@
        member: uid=ghenry,ou=People,dc=example,dc=com
        member: uid=hyc,ou=People,dc=example,dc=com
 </PRE>
-<H4><A NAME="Dynamic Directory Service ACLs">11.5.2.1. Dynamic Directory Service ACLs</A></H4>
+<H4><A NAME="Dynamic Directory Service ACLs">12.5.2.1. Dynamic Directory Service ACLs</A></H4>
 <P>Allow users to start a meeting and to join it; restrict refresh to the <EM>member</EM>; restrict delete to the creator:</P>
 <PRE>
        access to attrs=userPassword
@@ -4795,16 +5171,16 @@
        ldapexop -x -H ldap://ldaphost &quot;refresh&quot; &quot;cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=example,dc=com&quot; &quot;120&quot; -D &quot;uid=ghenry,ou=People,dc=example,dc=com&quot; -W
 </PRE>
 <P>Any user can join the meeting, but not add another attendee, but they can refresh the meeting. The ACLs above are quite straight forward to understand.</P>
-<H3><A NAME="Further Information">11.5.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.5.3. Further Information</A></H3>
 <P><EM>slapo-dds(5)</EM></P>
-<H2><A NAME="Dynamic Groups">11.6. Dynamic Groups</A></H2>
-<H3><A NAME="Overview">11.6.1. Overview</A></H3>
+<H2><A NAME="Dynamic Groups">12.6. Dynamic Groups</A></H2>
+<H3><A NAME="Overview">12.6.1. Overview</A></H3>
 <P>This overlay extends the Compare operation to detect members of a dynamic group. This overlay is now deprecated as all of its functions are available using the <A HREF="#Dynamic Lists">Dynamic Lists</A> overlay.</P>
-<H3><A NAME="Dynamic Group Configuration">11.6.2. Dynamic Group Configuration</A></H3>
-<H2><A NAME="Dynamic Lists">11.7. Dynamic Lists</A></H2>
-<H3><A NAME="Overview">11.7.1. Overview</A></H3>
+<H3><A NAME="Dynamic Group Configuration">12.6.2. Dynamic Group Configuration</A></H3>
+<H2><A NAME="Dynamic Lists">12.7. Dynamic Lists</A></H2>
+<H3><A NAME="Overview">12.7.1. Overview</A></H3>
 <P>This overlay allows expansion of dynamic groups and lists. Instead of having the group members or list attributes hard coded, this overlay allows us to define an LDAP search whose results will make up the group or list.</P>
-<H3><A NAME="Dynamic List Configuration">11.7.2. Dynamic List Configuration</A></H3>
+<H3><A NAME="Dynamic List Configuration">12.7.2. Dynamic List Configuration</A></H3>
 <P>This module can behave both as a dynamic list and dynamic group, depending on the configuration. The syntax is as follows:</P>
 <PRE>
        overlay dynlist
@@ -4851,14 +5227,14 @@
 <P><CENTER><IMG SRC="allusersgroup-en.png" ALIGN="center"></CENTER></P>
 <P ALIGN="Center">Figure X.Y: Dynamic Group for all users</P>
 <P>Note that a side effect of this scheme of dynamic groups is that the members need to be specified as full DNs. So, if you are planning in using this for <TT>posixGroup</TT>s, be sure to use RFC2307bis and some attribute which can hold distinguished names. The <TT>memberUid</TT> attribute used in the <TT>posixGroup</TT> object class can hold only names, not DNs, and is therefore not suitable for dynamic groups.</P>
-<H3><A NAME="Further Information">11.7.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.7.3. Further Information</A></H3>
 <P><EM>slapo-dynlist(5)</EM></P>
-<H2><A NAME="Reverse Group Membership Maintenance">11.8. Reverse Group Membership Maintenance</A></H2>
-<H3><A NAME="Overview">11.8.1. Overview</A></H3>
+<H2><A NAME="Reverse Group Membership Maintenance">12.8. Reverse Group Membership Maintenance</A></H2>
+<H3><A NAME="Overview">12.8.1. Overview</A></H3>
 <P>In some scenarios, it may be desirable for a client to be able to determine which groups an entry is a member of, without performing an additional search. Examples of this are applications using the <TERM>DIT</TERM> for access control based on group authorization.</P>
 <P>The <B>memberof</B> overlay updates an attribute (by default <B>memberOf</B>) whenever changes occur to the membership attribute (by default <B>member</B>) of entries of the objectclass (by default <B>groupOfNames</B>) configured to trigger updates.</P>
 <P>Thus, it provides maintenance of the list of groups an entry is a member of, when usual maintenance of groups is done by modifying the members on the group entry.</P>
-<H3><A NAME="Member Of Configuration">11.8.2. Member Of Configuration</A></H3>
+<H3><A NAME="Member Of Configuration">12.8.2. Member Of Configuration</A></H3>
 <P>The typical use of this overlay requires just enabling the overlay for a specific database. For example, with the following minimal slapd.conf:</P>
 <PRE>
         include /usr/share/openldap/schema/core.schema
@@ -4914,35 +5290,35 @@
  memberOf: cn=testgroup,ou=Group,dc=example,dc=com
 </PRE>
 <P>Note that the <B>memberOf</B> attribute is an operational attribute, so it must be requested explicitly.</P>
-<H3><A NAME="Further Information">11.8.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.8.3. Further Information</A></H3>
 <P><EM>slapo-memberof(5)</EM></P>
-<H2><A NAME="The Proxy Cache Engine">11.9. The Proxy Cache Engine</A></H2>
+<H2><A NAME="The Proxy Cache Engine">12.9. The Proxy Cache Engine</A></H2>
 <P><TERM>LDAP</TERM> servers typically hold one or more subtrees of a <TERM>DIT</TERM>. Replica (or shadow) servers hold shadow copies of entries held by one or more master servers.  Changes are propagated from the master server to replica (slave) servers using LDAP Sync replication.  An LDAP cache is a special type of replica which holds entries corresponding to search filters instead of subtrees.</P>
-<H3><A NAME="Overview">11.9.1. Overview</A></H3>
+<H3><A NAME="Overview">12.9.1. Overview</A></H3>
 <P>The proxy cache extension of slapd is designed to improve the responsiveness of the ldap and meta backends. It handles a search request (query) by first determining whether it is contained in any cached search filter. Contained requests are answered from the proxy cache's local database. Other requests are passed on to the underlying ldap or meta backend and processed as usual.</P>
 <P>E.g. <TT>(shoesize&gt;=9)</TT> is contained in <TT>(shoesize&gt;=8)</TT> and <TT>(sn=Richardson)</TT> is contained in <TT>(sn=Richards*)</TT></P>
 <P>Correct matching rules and syntaxes are used while comparing assertions for query containment. To simplify the query containment problem, a list of cacheable &quot;templates&quot; (defined below) is specified at configuration time. A query is cached or answered only if it belongs to one of these templates. The entries corresponding to cached queries are stored in the proxy cache local database while its associated meta information (filter, scope, base, attributes) is stored in main memory.</P>
 <P>A template is a prototype for generating LDAP search requests. Templates are described by a prototype search filter and a list of attributes which are required in queries generated from the template. The representation for prototype filter is similar to <A HREF="http://www.rfc-editor.org/rfc/rfc4515.txt">RFC4515</A>, except that the assertion values are missing. Examples of prototype filters are: (sn=),(&amp;(sn=)(givenname=)) which are instantiated by search filters (sn=Doe) and (&amp;(sn=Doe)(givenname=John)) respectively.</P>
 <P>The cache replacement policy removes the least recently used (LRU) query and entries belonging to only that query. Queries are allowed a maximum time to live (TTL) in the cache thus providing weak consistency. A background task periodically checks the cache for expired queries and removes them.</P>
 <P>The Proxy Cache paper (<A HREF="http://www.openldap.org/pub/kapurva/proxycaching.pdf">http://www.openldap.org/pub/kapurva/proxycaching.pdf</A>) provides design and implementation details.</P>
-<H3><A NAME="Proxy Cache Configuration">11.9.2. Proxy Cache Configuration</A></H3>
+<H3><A NAME="Proxy Cache Configuration">12.9.2. Proxy Cache Configuration</A></H3>
 <P>The cache configuration specific directives described below must appear after a <TT>overlay proxycache</TT> directive within a <TT>&quot;database meta&quot;</TT> or <TT>database ldap</TT> section of the server's <EM>slapd.conf</EM>(5) file.</P>
-<H4><A NAME="Setting cache parameters">11.9.2.1. Setting cache parameters</A></H4>
+<H4><A NAME="Setting cache parameters">12.9.2.1. Setting cache parameters</A></H4>
 <PRE>
  proxyCache &lt;DB&gt; &lt;maxentries&gt; &lt;nattrsets&gt; &lt;entrylimit&gt; &lt;period&gt;
 </PRE>
 <P>This directive enables proxy caching and sets general cache parameters.  The &lt;DB&gt; parameter specifies which underlying database is to be used to hold cached entries.  It should be set to <TT>bdb</TT> or <TT>hdb</TT>.  The &lt;maxentries&gt; parameter specifies the total number of entries which may be held in the cache.  The &lt;nattrsets&gt; parameter specifies the total number of attribute sets (as specified by the <TT>proxyAttrSet</TT> directive) that may be defined.  The &lt;entrylimit&gt; parameter specifies the maximum number of entries in a cacheable query.  The &lt;period&gt; specifies the consistency check period (in seconds).  In each period, queries with expired TTLs are removed.</P>
-<H4><A NAME="Defining attribute sets">11.9.2.2. Defining attribute sets</A></H4>
+<H4><A NAME="Defining attribute sets">12.9.2.2. Defining attribute sets</A></H4>
 <PRE>
  proxyAttrset &lt;index&gt; &lt;attrs...&gt;
 </PRE>
 <P>Used to associate a set of attributes to an index. Each attribute set is associated with an index number from 0 to &lt;numattrsets&gt;-1. These indices are used by the proxyTemplate directive to define cacheable templates.</P>
-<H4><A NAME="Specifying cacheable templates">11.9.2.3. Specifying cacheable templates</A></H4>
+<H4><A NAME="Specifying cacheable templates">12.9.2.3. Specifying cacheable templates</A></H4>
 <PRE>
  proxyTemplate &lt;prototype_string&gt; &lt;attrset_index&gt; &lt;TTL&gt;
 </PRE>
 <P>Specifies a cacheable template and the &quot;time to live&quot; (in sec) &lt;TTL&gt; for queries belonging to the template. A template is described by its prototype filter string and set of required attributes identified by &lt;attrset_index&gt;.</P>
-<H4><A NAME="Example">11.9.2.4. Example</A></H4>
+<H4><A NAME="Example">12.9.2.4. Example</A></H4>
 <P>An example <EM>slapd.conf</EM>(5) database section for a caching server which proxies for the <TT>&quot;dc=example,dc=com&quot;</TT> subtree held at server <TT>ldap.example.com</TT>.</P>
 <PRE>
         database        ldap
@@ -4961,9 +5337,9 @@
         index       objectClass eq
         index       cn,sn,uid,mail  pres,eq,sub
 </PRE>
-<H5><A NAME="Cacheable Queries">11.9.2.4.1. Cacheable Queries</A></H5>
+<H5><A NAME="Cacheable Queries">12.9.2.4.1. Cacheable Queries</A></H5>
 <P>A LDAP search query is cacheable when its filter matches one of the templates as defined in the &quot;proxyTemplate&quot; statements and when it references only the attributes specified in the corresponding attribute set. In the example above the attribute set number 0 defines that only the attributes: <TT>mail postaladdress telephonenumber</TT> are cached for the following proxyTemplates.</P>
-<H5><A NAME="Examples:">11.9.2.4.2. Examples:</A></H5>
+<H5><A NAME="Examples:">12.9.2.4.2. Examples:</A></H5>
 <PRE>
         Filter: (&amp;(sn=Richard*)(givenName=jack))
         Attrs: mail telephoneNumber
@@ -4979,10 +5355,10 @@
         Attrs: mail telephoneNumber
 </PRE>
 <P>is not cacheable, because the filter does not match the template ( logical OR &quot;|&quot; condition instead of logical AND &quot;&amp;&quot; )</P>
-<H3><A NAME="Further Information">11.9.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.9.3. Further Information</A></H3>
 <P><EM>slapo-pcache(5)</EM></P>
-<H2><A NAME="Password Policies">11.10. Password Policies</A></H2>
-<H3><A NAME="Overview">11.10.1. Overview</A></H3>
+<H2><A NAME="Password Policies">12.10. Password Policies</A></H2>
+<H3><A NAME="Overview">12.10.1. Overview</A></H3>
 <P>This overlay follows the specifications contained in the draft RFC titled draft-behera-ldap-password-policy-09. While the draft itself is expired, it has been implemented in several directory servers, including slapd. Nonetheless, it is important to note that it is a draft, meaning that it is subject to change and is a work-in-progress.</P>
 <P>The key abilities of the password policy overlay are as follows:</P>
 <UL>
@@ -4995,7 +5371,7 @@
 <LI>Set an administrative lock on an account
 <LI>Support multiple password policies on a default or a per-object basis.
 <LI>Perform arbitrary quality checks using an external loadable module. This is a non-standard extension of the draft RFC.</UL>
-<H3><A NAME="Password Policy Configuration">11.10.2. Password Policy Configuration</A></H3>
+<H3><A NAME="Password Policy Configuration">12.10.2. Password Policy Configuration</A></H3>
 <P>Instantiate the module in the database where it will be used, after adding the new ppolicy schema and loading the ppolicy module. The following example shows the ppolicy module being added to the database that handles the naming context &quot;dc=example,dc=com&quot;. In this example we are also specifying the DN of a policy object to use if none other is specified in a user's object.</P>
 <PRE>
        database bdb
@@ -5058,14 +5434,14 @@
 <P>1. The pwdPolicySubentry in a user's object - If a user's object has a pwdPolicySubEntry attribute specifying the DN of a policy object, then the policy defined by that object is applied.</P>
 <P>2. Default password policy - If there is no specific pwdPolicySubentry set for an object, and the password policy module was configured with the DN of a default policy object and if that object exists, then the policy defined in that object is applied.</P>
 <P>Please see <EM>slapo-ppolicy(5)</EM> for complete explanations of features and discussion of &quot;Password Management Issues&quot; at <A HREF="http://www.connexitor.com/forums/viewtopic.php?f=6&amp;t=25">http://www.connexitor.com/forums/viewtopic.php?f=6&amp;t=25</A></P>
-<H3><A NAME="Further Information">11.10.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.10.3. Further Information</A></H3>
 <P><EM>slapo-ppolicy(5)</EM></P>
-<H2><A NAME="Referential Integrity">11.11. Referential Integrity</A></H2>
-<H3><A NAME="Overview">11.11.1. Overview</A></H3>
+<H2><A NAME="Referential Integrity">12.11. Referential Integrity</A></H2>
+<H3><A NAME="Overview">12.11.1. Overview</A></H3>
 <P>This overlay can be used with a backend database such as slapd-bdb(5) to maintain the cohesiveness of a schema which utilizes reference attributes.</P>
 <P>Whenever a <EM>modrdn</EM> or <EM>delete</EM> is performed, that is, when an entry's DN is renamed or an entry is removed, the server will search the directory for references to this DN (in selected attributes: see below) and update them accordingly. If it was a <EM>delete</EM> operation, the reference is deleted. If it was a <EM>modrdn</EM> operation, then the reference is updated with the new DN.</P>
 <P>For example, a very common administration task is to maintain group membership lists, specially when users are removed from the directory. When an user account is deleted or renamed, all groups this user is a member of have to be updated. LDAP administrators usually have scripts for that. But we can use the <TT>refint</TT> overlay to automate this task. In this example, if the user is removed from the directory, the overlay will take care to remove the user from all the groups he/she was a member of. No more scripting for this.</P>
-<H3><A NAME="Referential Integrity Configuration">11.11.2. Referential Integrity Configuration</A></H3>
+<H3><A NAME="Referential Integrity Configuration">12.11.2. Referential Integrity Configuration</A></H3>
 <P>The configuration for this overlay is as follows:</P>
 <PRE>
        overlay refint
@@ -5088,14 +5464,14 @@
 <P ALIGN="Center">Figure X.Y: Maintaining referential integrity in groups</P>
 <P>Notice that if we rename (<TT>modrdn</TT>) the <TT>john</TT> entry to, say, <TT>jsmith</TT>, the refint overlay will also rename the reference in the <TT>member</TT> attribute, so the group membership stays correct.</P>
 <P>If we removed all users from the directory who are a member of this group, then the end result would be a single member in the group: <TT>cn=admin,dc=example,dc=com</TT>. This is the <TT>refint_nothing</TT> parameter kicking into action so that the schema is not violated.</P>
-<H3><A NAME="Further Information">11.11.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.11.3. Further Information</A></H3>
 <P><EM>slapo-refint(5)</EM></P>
-<H2><A NAME="Return Code">11.12. Return Code</A></H2>
-<H3><A NAME="Overview">11.12.1. Overview</A></H3>
+<H2><A NAME="Return Code">12.12. Return Code</A></H2>
+<H3><A NAME="Overview">12.12.1. Overview</A></H3>
 <P>This overlay is useful to test the behavior of clients when server-generated erroneous and/or unusual responses occur, for example; error codes, referrals, excessive response times and so on.</P>
 <P>This would be classed as a debugging tool whilst developing client software or additional Overlays.</P>
 <P>For detailed information, please see the <EM>slapo-retcode(5)</EM> man page.</P>
-<H3><A NAME="Return Code Configuration">11.12.2. Return Code Configuration</A></H3>
+<H3><A NAME="Return Code Configuration">12.12.2. Return Code Configuration</A></H3>
 <P>The retcode overlay utilizes the &quot;return code&quot; schema described in the man page. This schema is specifically designed for use with this overlay and is not intended to be used otherwise.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>The necessary schema is loaded automatically by the overlay.
@@ -5132,52 +5508,250 @@
        retcode-item    &quot;cn=strongerAuthRequired&quot;               0x08    text=&quot;same as strongAuthRequired&quot;
 </PRE>
 <P>Please see <TT>tests/data/retcode.conf</TT> for a complete <TT>retcode.conf</TT></P>
-<H3><A NAME="Further Information">11.12.3. Further Information</A></H3>
+<H3><A NAME="Further Information">12.12.3. Further Information</A></H3>
 <P><EM>slapo-retcode(5)</EM></P>
-<H2><A NAME="Rewrite/Remap">11.13. Rewrite/Remap</A></H2>
-<H3><A NAME="Overview">11.13.1. Overview</A></H3>
+<H2><A NAME="Rewrite/Remap">12.13. Rewrite/Remap</A></H2>
+<H3><A NAME="Overview">12.13.1. Overview</A></H3>
 <P>It performs basic DN/data rewrite and objectClass/attributeType mapping. Its usage is mostly intended to provide virtual views of existing data either remotely, in conjunction with the proxy backend described in <EM>slapd-ldap(5)</EM>, or locally, in conjunction with the relay backend described in <EM>slapd-relay(5)</EM>.</P>
 <P>This overlay is extremely configurable and advanced, therefore recommended reading is the <EM>slapo-rwm(5)</EM> man page.</P>
-<H3><A NAME="Rewrite/Remap Configuration">11.13.2. Rewrite/Remap Configuration</A></H3>
-<H3><A NAME="Further Information">11.13.3. Further Information</A></H3>
+<H3><A NAME="Rewrite/Remap Configuration">12.13.2. Rewrite/Remap Configuration</A></H3>
+<H3><A NAME="Further Information">12.13.3. Further Information</A></H3>
 <P><EM>slapo-rwm(5)</EM></P>
-<H2><A NAME="Sync Provider">11.14. Sync Provider</A></H2>
-<H3><A NAME="Overview">11.14.1. Overview</A></H3>
-<P>This overlay implements the provider-side support for syncrepl replication, including persistent search functionality</P>
-<H3><A NAME="Sync Provider Configuration">11.14.2. Sync Provider Configuration</A></H3>
-<H3><A NAME="Further Information">11.14.3. Further Information</A></H3>
-<P><EM>slapo-syncprov(5)</EM></P>
-<H2><A NAME="Translucent Proxy">11.15. Translucent Proxy</A></H2>
-<H3><A NAME="Overview">11.15.1. Overview</A></H3>
-<P>This overlay can be used with a backend database such as slapd-bdb (5) to create a &quot;translucent proxy&quot;.</P>
-<P>Content of entries retrieved from a remote LDAP server can be partially overridden by the database.</P>
-<H3><A NAME="Translucent Proxy Configuration">11.15.2. Translucent Proxy Configuration</A></H3>
-<H3><A NAME="Further Information">11.15.3. Further Information</A></H3>
+<H2><A NAME="Sync Provider">12.14. Sync Provider</A></H2>
+<H3><A NAME="Overview">12.14.1. Overview</A></H3>
+<P>This overlay implements the provider-side support for the LDAP Content Synchronization (<A HREF="http://www.rfc-editor.org/rfc/rfc4533.txt">RFC4533</A>) as well as syncrepl replication support, including persistent search functionality.</P>
+<H3><A NAME="Sync Provider Configuration">12.14.2. Sync Provider Configuration</A></H3>
+<P>There is very little configuration needed for this overlay, in fact for many situations merely loading the overlay will suffice.</P>
+<P>However, because the overlay creates a contextCSN attribute in the root entry of the database which is updated for every write operation performed against the database and only updated in memory, it is recommended to configure a checkpoint so that the contextCSN is written into the underlying database to minimize recovery time after an unclean shutdown:</P>
+<PRE>
+       overlay syncprov
+       syncprov-checkpoint 100 10
+</PRE>
+<P>For every 100 operations or 10 minutes, which ever is sooner, the contextCSN will be checkpointed.</P>
+<P>The four configuration directives available are <B>syncprov-checkpoint</B>, <B>syncprov-sessionlog</B>, <B>syncprov-nopresent</B> and <B>syncprov-reloadhint</B> which are covered in the man page discussing various other scenarios where this overlay can be used.</P>
+<H3><A NAME="Further Information">12.14.3. Further Information</A></H3>
+<P>The <EM>slapo-syncprov(5)</EM> man page and the <A HREF="#Configuring the different replication types">Configuring the different replication types</A> section</P>
+<H2><A NAME="Translucent Proxy">12.15. Translucent Proxy</A></H2>
+<H3><A NAME="Overview">12.15.1. Overview</A></H3>
+<P>This overlay can be used with a backend database such as <EM>slapd-bdb</EM>(5) to create a &quot;translucent proxy&quot;.</P>
+<P>Entries retrieved from a remote LDAP server may have some or all attributes overridden, or new attributes added, by entries in the local database before being presented to the client.</P>
+<P>A search operation is first populated with entries from the remote LDAP server, the attributes of which are then overridden with any attributes defined in the local database. Local overrides may be populated with the add, modify, and modrdn operations, the use of which is restricted to the root user of the translucent local database.</P>
+<P>A compare operation will perform a comparison with attributes defined in the local database record (if any) before any comparison is made with data in the remote database.</P>
+<H3><A NAME="Translucent Proxy Configuration">12.15.2. Translucent Proxy Configuration</A></H3>
+<P>There are various options available with this overlay, but for this example we will demonstrate adding new attributes to a remote entry and also searching against these newly added local attributes. For more information about overriding remote entries and search configuration, please see <EM>slapo-translucent(5)</EM></P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>The Translucent Proxy overlay will disable schema checking in the local database, so that an entry consisting of overlay attributes need not adhere to the complete schema.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>First we configure the overlay in the normal manner:</P>
+<PRE>
+       include     /usr/local/etc/openldap/schema/core.schema
+       include     /usr/local/etc/openldap/schema/cosine.schema
+       include     /usr/local/etc/openldap/schema/nis.schema
+       include     /usr/local/etc/openldap/schema/inetorgperson.schema
+
+       pidfile     ./slapd.pid
+       argsfile    ./slapd.args
+
+       modulepath  /usr/local/libexec/openldap
+       moduleload  back_bdb.la
+       moduleload  back_ldap.la
+       moduleload  translucent.la
+
+       database    bdb
+       suffix      &quot;dc=suretecsystems,dc=com&quot;
+       rootdn      &quot;cn=trans,dc=suretecsystems,dc=com&quot;
+       rootpw      secret
+       directory   ./openldap-data
+
+       index       objectClass eq
+
+       overlay     translucent
+       translucent_local carLicense
+
+       uri         ldap://192.168.X.X:389
+       lastmod     off
+       acl-bind    binddn=&quot;cn=admin,dc=suretecsystems,dc=com&quot; credentials=&quot;blahblah&quot;
+</PRE>
+<P>You will notice the overlay directive and a directive to say what attribute we want to be able to search against in the local database. We must also load the ldap backend which will connect to the remote directory server.</P>
+<P>Now we take an example LDAP group:</P>
+<PRE>
+       # itsupport, Groups, suretecsystems.com
+       dn: cn=itsupport,ou=Groups,dc=suretecsystems,dc=com
+       objectClass: posixGroup
+       objectClass: sambaGroupMapping
+       cn: itsupport
+       gidNumber: 1000
+       sambaSID: S-1-5-21-XXX
+       sambaGroupType: 2
+       displayName: itsupport
+       memberUid: ghenry
+       memberUid: joebloggs
+</PRE>
+<P>and create an LDIF file we can use to add our data to the local database, using some pretty strange choices of new attributes for demonstration purposes:</P>
+<PRE>
+       [ghenry at suretec test_configs]$ cat test-translucent-add.ldif
+       dn: cn=itsupport,ou=Groups,dc=suretecsystems,dc=com
+       businessCategory: frontend-override
+       carLicense: LIVID
+       employeeType: special
+       departmentNumber: 9999999
+       roomNumber: 41L-535
+</PRE>
+<P>Searching against the proxy gives:</P>
+<PRE>
+       [ghenry at suretec test_configs]$ ldapsearch -x -H ldap://127.0.0.1:9001 &quot;(cn=itsupport)&quot;
+       # itsupport, Groups, OxObjects, suretecsystems.com
+       dn: cn=itsupport,ou=Groups,ou=OxObjects,dc=suretecsystems,dc=com
+       objectClass: posixGroup
+       objectClass: sambaGroupMapping
+       cn: itsupport
+       gidNumber: 1003
+       SAMBASID: S-1-5-21-XXX
+       SAMBAGROUPTYPE: 2
+       displayName: itsupport
+       memberUid: ghenry
+       memberUid: joebloggs
+       roomNumber: 41L-535
+       departmentNumber: 9999999
+       employeeType: special
+       carLicense: LIVID
+       businessCategory: frontend-override
+</PRE>
+<P>Here we can see that the 5 new attributes are added to the remote entry before being returned to the our client.</P>
+<P>Because we have configured a local attribute to search against:</P>
+<PRE>
+       overlay     translucent
+       translucent_local carLicense
+</PRE>
+<P>we can also search for that to return the completely fabricated entry:</P>
+<PRE>
+       ldapsearch -x -H ldap://127.0.0.1:9001 (carLicense=LIVID)
+</PRE>
+<P>This is an extremely feature because you can then extend a remote directory server locally and also search against the local entries.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>Because the translucent overlay does not perform any DN rewrites, the local and remote database instances must have the same suffix. Other configurations will probably fail with No Such Object and other errors
+<HR WIDTH="80%" ALIGN="Left"></P>
+<H3><A NAME="Further Information">12.15.3. Further Information</A></H3>
 <P><EM>slapo-translucent(5)</EM></P>
-<H2><A NAME="Attribute Uniqueness">11.16. Attribute Uniqueness</A></H2>
-<H3><A NAME="Overview">11.16.1. Overview</A></H3>
-<P>This overlay can be used with a backend database such as slapd-bdb (5) to enforce the uniqueness of some or all attributes within a subtree.</P>
-<H3><A NAME="Attribute Uniqueness Configuration">11.16.2. Attribute Uniqueness Configuration</A></H3>
-<H3><A NAME="Further Information">11.16.3. Further Information</A></H3>
+<H2><A NAME="Attribute Uniqueness">12.16. Attribute Uniqueness</A></H2>
+<H3><A NAME="Overview">12.16.1. Overview</A></H3>
+<P>This overlay can be used with a backend database such as <EM>slapd-bdb(5)</EM> to enforce the uniqueness of some or all attributes within a subtree.</P>
+<H3><A NAME="Attribute Uniqueness Configuration">12.16.2. Attribute Uniqueness Configuration</A></H3>
+<P>This overlay is only effective on new data from the point the overlay is enabled. To check uniqueness for existing data, you can export and import your data again via the LDAP Add operation, which will not be suitable for large amounts of data, unlike <B>slapcat</B>.</P>
+<P>For the following example, if uniqueness were enforced for the <B>mail</B> attribute, the subtree would be searched for any other records which also have a <B>mail</B> attribute containing the same value presented with an <B>add</B>, <B>modify</B> or <B>modrdn</B> operation which are unique within the configured scope. If any are found, the request is rejected.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>If no attributes are specified, for example <B>ldap:///??sub?</B>, then the URI applies to all non-operational attributes. However, the keyword <B>ignore</B> can be specified to exclude certain non-operational attributes.
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>To search at the base dn of the current backend database ensuring uniqueness of the <B>mail</B> attribute, we simply add the following configuration:</P>
+<PRE>
+       overlay unique
+       unique_uri ldap:///?mail?sub?
+</PRE>
+<P>For an existing entry of:</P>
+<PRE>
+       dn: cn=gavin,dc=suretecsystems,dc=com
+       objectClass: top
+       objectClass: inetorgperson
+       cn: gavin
+       sn: henry
+       mail: ghenry at suretecsystems.com
+</PRE>
+<P>and we then try to add a new entry of:</P>
+<PRE>
+       dn: cn=robert,dc=suretecsystems,dc=com
+       objectClass: top
+       objectClass: inetorgperson
+       cn: robert
+       sn: jones
+       mail: ghenry at suretecsystems.com
+</PRE>
+<P>would result in an error like so:</P>
+<PRE>
+       adding new entry &quot;cn=robert,dc=example,dc=com&quot;
+       ldap_add: Constraint violation (19)
+               additional info: some attributes not unique
+</PRE>
+<P>The overlay can have multiple URIs specified within a domain, allowing complex selections of objects and also have multiple <B>unique_uri</B> statements or <B>olcUniqueURI</B> attributes which will create independent domains.</P>
+<P>For more information and details about the <B>strict</B> and <B>ignore</B> keywords, please see the <EM>slapo-unique(5)</EM> man page.</P>
+<H3><A NAME="Further Information">12.16.3. Further Information</A></H3>
 <P><EM>slapo-unique(5)</EM></P>
-<H2><A NAME="Value Sorting">11.17. Value Sorting</A></H2>
-<H3><A NAME="Overview">11.17.1. Overview</A></H3>
-<P>This overlay can be used to enforce a specific order for the values of an attribute when it is returned in a search.</P>
-<H3><A NAME="Value Sorting Configuration">11.17.2. Value Sorting Configuration</A></H3>
-<H3><A NAME="Further Information">11.17.3. Further Information</A></H3>
+<H2><A NAME="Value Sorting">12.17. Value Sorting</A></H2>
+<H3><A NAME="Overview">12.17.1. Overview</A></H3>
+<P>The Value Sorting overlay can be used with a backend database to sort the values of specific multi-valued attributes within a subtree. The sorting occurs whenever the attributes are returned in a search response.</P>
+<H3><A NAME="Value Sorting Configuration">12.17.2. Value Sorting Configuration</A></H3>
+<P>Sorting can be specified in ascending or descending order, using either numeric or alphanumeric sort methods. Additionally, a &quot;weighted&quot; sort can be specified, which uses a numeric weight prepended to the attribute values.</P>
+<P>The weighted sort is always performed in ascending order, but may be combined with the other methods for values that all have equal weights. The weight is specified by prepending an integer weight {&lt;weight&gt;} in front of each value of the attribute for which weighted sorting is desired. This weighting factor is stripped off and never returned in search results.</P>
+<P>Here are a few examples:</P>
+<PRE>
+       loglevel    sync stats
+
+       database    hdb
+       suffix      &quot;dc=suretecsystems,dc=com&quot;
+       directory   /usr/local/var/openldap-data
+
+       ......
+
+       overlay valsort
+       valsort-attr memberUid ou=Groups,dc=suretecsystems,dc=com alpha-ascend
+</PRE>
+<P>For example, ascend:</P>
+<PRE>
+       # sharedemail, Groups, suretecsystems.com
+       dn: cn=sharedemail,ou=Groups,dc=suretecsystems,dc=com
+       objectClass: posixGroup
+       objectClass: top
+       cn: sharedemail
+       gidNumber: 517
+       memberUid: admin
+       memberUid: dovecot
+       memberUid: laura
+       memberUid: suretec
+</PRE>
+<P>For weighted, we change our data to:</P>
+<PRE>
+       # sharedemail, Groups, suretecsystems.com
+       dn: cn=sharedemail,ou=Groups,dc=suretecsystems,dc=com
+       objectClass: posixGroup
+       objectClass: top
+       cn: sharedemail
+       gidNumber: 517
+       memberUid: {4}admin
+       memberUid: {2}dovecot
+       memberUid: {1}laura
+       memberUid: {3}suretec
+</PRE>
+<P>and change the config to:</P>
+<PRE>
+       overlay valsort
+       valsort-attr memberUid ou=Groups,dc=suretecsystems,dc=com weighted
+</PRE>
+<P>Searching now results in:</P>
+<PRE>
+       # sharedemail, Groups, OxObjects, suretecsystems.com
+       dn: cn=sharedemail,ou=Groups,ou=OxObjects,dc=suretecsystems,dc=com
+       objectClass: posixGroup
+       objectClass: top
+       cn: sharedemail
+       gidNumber: 517
+       memberUid: laura
+       memberUid: dovecot
+       memberUid: suretec
+       memberUid: admin
+</PRE>
+<H3><A NAME="Further Information">12.17.3. Further Information</A></H3>
 <P><EM>slapo-valsort(5)</EM></P>
-<H2><A NAME="Overlay Stacking">11.18. Overlay Stacking</A></H2>
-<H3><A NAME="Overview">11.18.1. Overview</A></H3>
+<H2><A NAME="Overlay Stacking">12.18. Overlay Stacking</A></H2>
+<H3><A NAME="Overview">12.18.1. Overview</A></H3>
 <P>Overlays can be stacked, which means that more than one overlay can be instantiated for each database, or for the <TT>frontend</TT>. As a consequence, each overlays function is called, if defined, when overlay execution is invoked. Multiple overlays are executed in reverse order (as a stack) with respect to their definition in slapd.conf (5), or with respect to their ordering in the config database, as documented in slapd-config (5).</P>
-<H3><A NAME="Example Scenarios">11.18.2. Example Scenarios</A></H3>
-<H4><A NAME="Samba">11.18.2.1. Samba</A></H4>
+<H3><A NAME="Example Scenarios">12.18.2. Example Scenarios</A></H3>
+<H4><A NAME="Samba">12.18.2.1. Samba</A></H4>
 <P></P>
 <HR>
-<H1><A NAME="Schema Specification">12. Schema Specification</A></H1>
+<H1><A NAME="Schema Specification">13. Schema Specification</A></H1>
 <P>This chapter describes how to extend the user schema used by <EM>slapd</EM>(8).  The chapter assumes the reader is familiar with the <TERM>LDAP</TERM>/<TERM>X.500</TERM> information model.</P>
 <P>The first section, <A HREF="#Distributed Schema Files">Distributed Schema Files</A> details optional schema definitions provided in the distribution and where to obtain other definitions. The second section, <A HREF="#Extending Schema">Extending Schema</A>, details how to define new schema items.</P>
 <P>This chapter does not discuss how to extend system schema used by <EM>slapd</EM>(8) as this requires source code modification.  System schema includes all operational attribute types or any object class which allows or requires an operational attribute (directly or indirectly).</P>
-<H2><A NAME="Distributed Schema Files">12.1. Distributed Schema Files</A></H2>
+<H2><A NAME="Distributed Schema Files">13.1. Distributed Schema Files</A></H2>
 <P>OpenLDAP Software is distributed with a set of schema specifications for your use.  Each set is defined in a file suitable for inclusion (using the <TT>include</TT> directive) in your <EM>slapd.conf</EM>(5) file.  These schema files are normally installed in the <TT>/usr/local/etc/openldap/schema</TT> directory.</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 8.1: Provided Schema Specifications</CAPTION>
@@ -5250,7 +5824,7 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>You should not modify any of the schema items defined in provided files.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H2><A NAME="Extending Schema">12.2. Extending Schema</A></H2>
+<H2><A NAME="Extending Schema">13.2. Extending Schema</A></H2>
 <P>Schema used by <EM>slapd</EM>(8) may be extended to support additional syntaxes, matching rules, attribute types, and object classes.  This chapter details how to add user application attribute types and object classes using the syntaxes and matching rules already supported by slapd.  slapd can also be extended to support additional syntaxes, matching rules and system schema, but this requires some programming and hence is not discussed here.</P>
 <P>There are five steps to defining new schema:</P>
 <OL>
@@ -5259,7 +5833,7 @@
 <LI>create local schema file
 <LI>define custom attribute types (if necessary)
 <LI>define custom object classes</OL>
-<H3><A NAME="Object Identifiers">12.2.1. Object Identifiers</A></H3>
+<H3><A NAME="Object Identifiers">13.2.1. Object Identifiers</A></H3>
 <P>Each schema element is identified by a globally unique <TERM>Object Identifier</TERM> (OID).  OIDs are also used to identify other objects.  They are commonly found in protocols described by <TERM>ASN.1</TERM>.  In particular, they are heavily used by the <TERM>Simple Network Management Protocol</TERM> (SNMP). As OIDs are hierarchical, your organization can obtain one OID and branch it as needed.  For example, if your organization were assigned OID <TT>1.1</TT>, you could branch the tree as follows:</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 8.2: Example OID hierarchy</CAPTION>
@@ -5338,12 +5912,12 @@
 <STRONG>Note: </STRONG>PENs obtained using this form may be used for any purpose including identifying LDAP schema elements.
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P>Alternatively, OID name space may be available from a national authority (e.g., <A HREF="http://www.ansi.org/">ANSI</A>, <A HREF="http://www.bsi-global.com/">BSI</A>).</P>
-<H3><A NAME="Naming Elements">12.2.2. Naming Elements</A></H3>
-<P>In addition to assigning a unique object identifier to each schema element, you should provide a least one textual name for each element.  Names should be registered with the <A HREF="http://www.iana.org/">IANA</A> or prefixed with &quot;x-&quot; to place in the &quot;private use&quot; name space.</P>
+<H3><A NAME="Naming Elements">13.2.2. Naming Elements</A></H3>
+<P>In addition to assigning a unique object identifier to each schema element, you should provide at least one textual name for each element.  Names should be registered with the <A HREF="http://www.iana.org/">IANA</A> or prefixed with &quot;x-&quot; to place in the &quot;private use&quot; name space.</P>
 <P>The name should be both descriptive and not likely to clash with names of other schema elements.  In particular, any name you choose should not clash with present or future Standard Track names (this is assured if you registered names or use names beginning with &quot;x-&quot;).</P>
 <P>It is noted that you can obtain your own registered name prefix so as to avoid having to register your names individually. See <A HREF="http://www.rfc-editor.org/rfc/rfc4520.txt">RFC4520</A> for details.</P>
 <P>In the examples below, we have used a short prefix '<TT>x-my-</TT>'. Such a short prefix would only be suitable for a very large, global organization.  In general, we recommend something like '<TT>x-de-Firm-</TT>' (German company) or '<TT>x-com-Example</TT>' (elements associated with organization associated with <TT>example.com</TT>).</P>
-<H3><A NAME="Local schema file">12.2.3. Local schema file</A></H3>
+<H3><A NAME="Local schema file">13.2.3. Local schema file</A></H3>
 <P>The <TT>objectclass</TT> and <TT>attributeTypes</TT> configuration file directives can be used to define schema rules on entries in the directory.  It is customary to create a file to contain definitions of your custom schema items.  We recommend you create a file <TT>local.schema</TT> in <TT>/usr/local/etc/openldap/schema/local.schema</TT> and then include this file in your <EM>slapd.conf</EM>(5) file immediately after other schema <TT>include</TT> directives.</P>
 <PRE>
         # include schema
@@ -5353,7 +5927,7 @@
         # include local schema
         include /usr/local/etc/openldap/schema/local.schema
 </PRE>
-<H3><A NAME="Attribute Type Specification">12.2.4. Attribute Type Specification</A></H3>
+<H3><A NAME="Attribute Type Specification">13.2.4. Attribute Type Specification</A></H3>
 <P>The <EM>attributetype</EM> directive is used to define a new attribute type.  The directive uses the same Attribute Type Description (as defined in <A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A>) used by the attributeTypes attribute found in the subschema subentry, e.g.:</P>
 <PRE>
         attributetype &lt;<A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A> Attribute Type Description&gt;
@@ -5397,7 +5971,7 @@
                 SUP name )
 </PRE>
 <P>Notice that each defines the attribute's OID, provides a short name, and a brief description.  Each name is an alias for the OID. <EM>slapd</EM>(8) returns the first listed name when returning results.</P>
-<P>The first attribute, <TT>name</TT>, holds values of <TT>directoryString</TT> (<TERM>UTF-8</TERM> encoded Unicode) syntax.  The syntax is specified by OID (1.3.6.1.4.1.1466.115.121.1.15 identifies the directoryString syntax).  A length recommendation of 32768 is specified.  Servers should support values of this length, but may support longer values The field does NOT specify a size constraint, so is ignored on servers (such as slapd) which don't impose such size limits.  In addition, the equality and substring matching uses case ignore rules.  Below are tables listing commonly used syntax and matching rules (<EM>slapd</EM>(8) supports these and many more).</P>
+<P>The first attribute, <TT>name</TT>, holds values of <TT>directoryString</TT> (<TERM>UTF-8</TERM> encoded Unicode) syntax.  The syntax is specified by OID (1.3.6.1.4.1.1466.115.121.1.15 identifies the directoryString syntax).  A length recommendation of 32768 is specified.  Servers should support values of this length, but may support longer values. The field does NOT specify a size constraint, so is ignored on servers (such as slapd) which don't impose such size limits.  In addition, the equality and substring matching uses case ignore rules.  Below are tables listing commonly used syntax and matching rules (<EM>slapd</EM>(8) supports these and many more).</P>
 <TABLE CLASS="columns" BORDER ALIGN='Center'>
 <CAPTION ALIGN=top>Table 8.3: Commonly Used Syntaxes</CAPTION>
 <TR CLASS="heading">
@@ -5662,7 +6236,7 @@
 </TR>
 <TR>
 <TD>
-<TT>octetStringOrderingStringMatch</TT>
+<TT>octetStringOrderingMatch</TT>
 </TD>
 <TD>
 ordering
@@ -5673,13 +6247,13 @@
 </TR>
 <TR>
 <TD>
-<TT>octetStringSubstringsStringMatch</TT>
+<TT>octetStringSubstringsMatch      ordering</TT>
 </TD>
 <TD>
-ordering
+octet st
 </TD>
 <TD>
-octet string
+ring
 </TD>
 </TR>
 <TR>
@@ -5698,7 +6272,7 @@
 <P>The second attribute, <TT>cn</TT>, is a subtype of <TT>name</TT> hence it inherits the syntax, matching rules, and usage of <TT>name</TT>. <TT>commonName</TT> is an alternative name.</P>
 <P>Neither attribute is restricted to a single value.  Both are meant for usage by user applications.  Neither is obsolete nor collective.</P>
 <P>The following subsections provide a couple of examples.</P>
-<H4><A NAME="x-my-UniqueName">12.2.4.1. x-my-UniqueName</A></H4>
+<H4><A NAME="x-my-UniqueName">13.2.4.1. x-my-UniqueName</A></H4>
 <P>Many organizations maintain a single unique name for each user. Though one could use <TT>displayName</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>), this attribute is really meant to be controlled by the user, not the organization.  We could just copy the definition of <TT>displayName</TT> from <TT>inetorgperson.schema</TT> and replace the OID, name, and description, e.g:</P>
 <PRE>
         attributetype ( 1.1.2.1.1 NAME 'x-my-UniqueName'
@@ -5714,7 +6288,7 @@
                 DESC 'unique name with my organization'
                 SUP name )
 </PRE>
-<H4><A NAME="x-my-Photo">12.2.4.2. x-my-Photo</A></H4>
+<H4><A NAME="x-my-Photo">13.2.4.2. x-my-Photo</A></H4>
 <P>Many organizations maintain a photo of each each user.  A <TT>x-my-Photo</TT> attribute type could be defined to hold a photo. Of course, one could use just use <TT>jpegPhoto</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>) (or a subtype) to hold the photo.  However, you can only do this if the photo is in <EM>JPEG File Interchange Format</EM>. Alternatively, an attribute type which uses the <EM>Octet String</EM> syntax can be defined, e.g.:</P>
 <PRE>
         attributetype ( 1.1.2.1.2 NAME 'x-my-Photo'
@@ -5730,7 +6304,7 @@
                 DESC 'URI and optional label referring to a photo'
                 SUP labeledURI )
 </PRE>
-<H3><A NAME="Object Class Specification">12.2.5. Object Class Specification</A></H3>
+<H3><A NAME="Object Class Specification">13.2.5. Object Class Specification</A></H3>
 <P>The <EM>objectclasses</EM> directive is used to define a new object class.  The directive uses the same Object Class Description (as defined in <A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A>) used by the objectClasses attribute found in the subschema subentry, e.g.:</P>
 <PRE>
         objectclass &lt;<A HREF="http://www.rfc-editor.org/rfc/rfc4512.txt">RFC4512</A> Object Class Description&gt;
@@ -5750,7 +6324,7 @@
                 whsp &quot;)&quot;
 </PRE>
 <P>where whsp is a space ('<TT> </TT>'), numericoid is a globally unique OID in dotted-decimal form (e.g. <TT>1.1.0</TT>), qdescrs is one or more names, and oids is one or more names and/or OIDs.</P>
-<H4><A NAME="x-my-PhotoObject">12.2.5.1. x-my-PhotoObject</A></H4>
+<H4><A NAME="x-my-PhotoObject">13.2.5.1. x-my-PhotoObject</A></H4>
 <P>To define an <EM>auxiliary</EM> object class which allows x-my-Photo to be added to any existing entry.</P>
 <PRE>
         objectclass ( 1.1.2.2.1 NAME 'x-my-PhotoObject'
@@ -5758,7 +6332,7 @@
                 AUXILIARY
                 MAY x-my-Photo )
 </PRE>
-<H4><A NAME="x-my-Person">12.2.5.2. x-my-Person</A></H4>
+<H4><A NAME="x-my-Person">13.2.5.2. x-my-Person</A></H4>
 <P>If your organization would like have a private <EM>structural</EM> object class to instantiate users, you can subclass one of the existing person classes, such as <TT>inetOrgPerson</TT> (<A HREF="http://www.rfc-editor.org/rfc/rfc2798.txt">RFC2798</A>), and add any additional attributes which you desire.</P>
 <PRE>
         objectclass ( 1.1.2.2.2 NAME 'x-my-Person'
@@ -5768,7 +6342,7 @@
                 MAY x-my-Photo )
 </PRE>
 <P>The object class inherits the required/allowed attribute types of <TT>inetOrgPerson</TT> but requires <TT>x-my-UniqueName</TT> and <TT>givenName</TT> and allows <TT>x-my-Photo</TT>.</P>
-<H3><A NAME="OID Macros">12.2.6. OID Macros</A></H3>
+<H3><A NAME="OID Macros">13.2.6. OID Macros</A></H3>
 <P>To ease the management and use of OIDs, <EM>slapd</EM>(8) supports <EM>Object Identifier</EM> macros.  The <TT>objectIdentifier</TT> directive is used to equate a macro (name) with a OID.  The OID may possibly be derived from a previously defined OID macro.   The <EM>slapd.conf</EM>(5) syntax is:</P>
 <PRE>
         objectIdentifier &lt;name&gt; { &lt;oid&gt; | &lt;name&gt;[:&lt;suffix&gt;] }
@@ -5790,21 +6364,21 @@
 </PRE>
 <P></P>
 <HR>
-<H1><A NAME="Security Considerations">13. Security Considerations</A></H1>
+<H1><A NAME="Security Considerations">14. Security Considerations</A></H1>
 <P>OpenLDAP Software is designed to run in a wide variety of computing environments from tightly-controlled closed networks to the global Internet.  Hence, OpenLDAP Software supports many different security mechanisms.  This chapter describes these mechanisms and discusses security considerations for using OpenLDAP Software.</P>
-<H2><A NAME="Network Security">13.1. Network Security</A></H2>
-<H3><A NAME="Selective Listening">13.1.1. Selective Listening</A></H3>
+<H2><A NAME="Network Security">14.1. Network Security</A></H2>
+<H3><A NAME="Selective Listening">14.1.1. Selective Listening</A></H3>
 <P>By default, <EM>slapd</EM>(8) will listen on both the IPv4 and IPv6 &quot;any&quot; addresses.  It is often desirable to have <EM>slapd</EM> listen on select address/port pairs.  For example, listening only on the IPv4 address <TT>127.0.0.1</TT> will disallow remote access to the directory server. E.g.:</P>
 <PRE>
         slapd -h ldap://127.0.0.1
 </PRE>
 <P>While the server can be configured to listen on a particular interface address, this doesn't necessarily restrict access to the server to only those networks accessible via that interface.   To selective restrict remote access, it is recommend that an <A HREF="#IP Firewall">IP Firewall</A> be used to restrict access.</P>
 <P>See <A HREF="#Command-line Options">Command-line Options</A> and <EM>slapd</EM>(8) for more information.</P>
-<H3><A NAME="IP Firewall">13.1.2. IP Firewall</A></H3>
+<H3><A NAME="IP Firewall">14.1.2. IP Firewall</A></H3>
 <P><TERM>IP</TERM> firewall capabilities of the server system can be used to restrict access based upon the client's IP address and/or network interface used to communicate with the client.</P>
 <P>Generally, <EM>slapd</EM>(8) listens on port 389/tcp for <A HREF="ldap://">ldap://</A> sessions and port 636/tcp for <A HREF="ldaps://">ldaps://</A>) sessions.  <EM>slapd</EM>(8) may be configured to listen on other ports.</P>
 <P>As specifics of how to configure IP firewall are dependent on the particular kind of IP firewall used, no examples are provided here. See the document associated with your IP firewall.</P>
-<H3><A NAME="TCP Wrappers">13.1.3. TCP Wrappers</A></H3>
+<H3><A NAME="TCP Wrappers">14.1.3. TCP Wrappers</A></H3>
 <P><EM>slapd</EM>(8) supports <TERM>TCP</TERM> Wrappers.  TCP Wrappers provide a rule-based access control system for controlling TCP/IP access to the server.  For example, the <EM>host_options</EM>(5) rule:</P>
 <PRE>
         slapd: 10.0.0.0/255.0.0.0 127.0.0.1 : ALLOW
@@ -5816,10 +6390,10 @@
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P>It is noted that TCP wrappers require the connection to be accepted. As significant processing is required just to deny a connection, it is generally advised that IP firewall protection be used instead of TCP wrappers.</P>
 <P>See <EM>hosts_access</EM>(5) for more information on TCP wrapper rules.</P>
-<H2><A NAME="Data Integrity and Confidentiality Protection">13.2. Data Integrity and Confidentiality Protection</A></H2>
+<H2><A NAME="Data Integrity and Confidentiality Protection">14.2. Data Integrity and Confidentiality Protection</A></H2>
 <P><TERM>Transport Layer Security</TERM> (TLS) can be used to provide data integrity and confidentiality protection.  OpenLDAP supports negotiation of <TERM>TLS</TERM> (<TERM>SSL</TERM>) via both StartTLS and <A HREF="ldaps://">ldaps://</A>. See the <A HREF="#Using TLS">Using TLS</A> chapter for more information.  StartTLS is the standard track mechanism.</P>
 <P>A number of <TERM>Simple Authentication and Security Layer</TERM> (SASL) mechanisms, such as <TERM>DIGEST-MD5</TERM> and <TERM>GSSAPI</TERM>, also provide data integrity and confidentiality protection.  See the <A HREF="#Using SASL">Using SASL</A> chapter for more information.</P>
-<H3><A NAME="Security Strength Factors">13.2.1. Security Strength Factors</A></H3>
+<H3><A NAME="Security Strength Factors">14.2.1. Security Strength Factors</A></H3>
 <P>The server uses <TERM>Security Strength Factor</TERM>s (SSF) to indicate the relative strength of protection.  A SSF of zero (0) indicates no protections are in place.  A SSF of one (1) indicates integrity protection are in place.  A SSF greater than one (&gt;1) roughly correlates to the effective encryption key length.  For example, <TERM>DES</TERM> is 56, <TERM>3DES</TERM> is 112, and <TERM>AES</TERM> 128, 192, or 256.</P>
 <P>A number of administrative controls rely on SSFs associated with TLS and SASL protection in place on an LDAP session.</P>
 <P><TT>security</TT> controls disallow operations when appropriate protections are not in place.  For example:</P>
@@ -5827,9 +6401,9 @@
         security ssf=1 update_ssf=112
 </PRE>
 <P>requires integrity protection for all operations and encryption protection, 3DES equivalent, for update operations (e.g. add, delete, modify, etc.).  See <EM>slapd.conf</EM>(5) for details.</P>
-<P>For fine-grained control, SSFs may be used in access controls. See <A HREF="#The access Configuration Directive">The access Configuration Directive</A> section of the <A HREF="#The slapd Configuration File">The slapd Configuration File</A> for more information.</P>
-<H2><A NAME="Authentication Methods">13.3. Authentication Methods</A></H2>
-<H3><A NAME="&quot;simple&quot; method">13.3.1. &quot;simple&quot; method</A></H3>
+<P>For fine-grained control, SSFs may be used in access controls. See the <A HREF="#Access Control">Access Control</A> section for more information.</P>
+<H2><A NAME="Authentication Methods">14.3. Authentication Methods</A></H2>
+<H3><A NAME="&quot;simple&quot; method">14.3.1. &quot;simple&quot; method</A></H3>
 <P>The LDAP &quot;simple&quot; method has three modes of operation:</P>
 <UL>
 <LI>anonymous,
@@ -5846,9 +6420,9 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>An unsuccessful bind always results in the session having an <EM>anonymous</EM> authorization association.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="SASL method">13.3.2. SASL method</A></H3>
+<H3><A NAME="SASL method">14.3.2. SASL method</A></H3>
 <P>The LDAP <TERM>SASL</TERM> method allows the use of any SASL authentication mechanism. The <A HREF="#Using SASL">Using SASL</A> section discusses the use of SASL.</P>
-<H2><A NAME="Password Storage">13.4. Password Storage</A></H2>
+<H2><A NAME="Password Storage">14.4. Password Storage</A></H2>
 <P>LDAP passwords are normally stored in the <EM>userPassword</EM> attribute. <A HREF="http://www.rfc-editor.org/rfc/rfc4519.txt">RFC4519</A> specifies that passwords are not stored in encrypted (or hashed) form.  This allows a wide range of password-based authentication mechanisms, such as <TT>DIGEST-MD5</TT> to be used. This is also the most interoperable storage scheme.</P>
 <P>However, it may be desirable to store a hash of password instead. <EM>slapd</EM>(8) supports a variety of storage schemes for the administrator to choose from.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
@@ -5860,14 +6434,14 @@
 </PRE>
 <P>The advantage of hashed passwords is that an attacker which discovers the hash does not have direct access to the actual password. Unfortunately, as dictionary and brute force attacks are generally quite easy for attackers to successfully mount, this advantage is marginal at best (this is why all modern Unix systems use shadow password files).</P>
 <P>The disadvantages of hashed storage is that they are non-standard, may cause interoperability problem, and generally preclude the use of stronger than Simple (or SASL/PLAIN) password-based authentication mechanisms such as <TT>DIGEST-MD5</TT>.</P>
-<H3><A NAME="SSHA password storage scheme">13.4.1. SSHA password storage scheme</A></H3>
+<H3><A NAME="SSHA password storage scheme">14.4.1. SSHA password storage scheme</A></H3>
 <P>This is the salted version of the SHA scheme. It is believed to be the most secure password storage scheme supported by <EM>slapd</EM>.</P>
 <P>These values represent the same password:</P>
 <PRE>
  userPassword: {SSHA}DkMTwBl+a/3DQTxCYEApdUtNXGgdUac3
  userPassword: {SSHA}d0Q0626PSH9VUld7yWpR0k6BlpQmtczb
 </PRE>
-<H3><A NAME="CRYPT password storage scheme">13.4.2. CRYPT password storage scheme</A></H3>
+<H3><A NAME="CRYPT password storage scheme">14.4.2. CRYPT password storage scheme</A></H3>
 <P>This scheme uses the operating system's <EM>crypt(3)</EM> hash function. It normally produces the traditional Unix-style 13 character hash, but on systems with <TT>glibc2</TT> it can also generate the more secure 34-byte MD5 hash.</P>
 <PRE>
  userPassword: {CRYPT}aUihad99hmev6
@@ -5877,35 +6451,35 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>Since this scheme uses the operating system's <EM>crypt(3)</EM> hash function, it is therefore operating system specific.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="MD5 password storage scheme">13.4.3. MD5 password storage scheme</A></H3>
+<H3><A NAME="MD5 password storage scheme">14.4.3. MD5 password storage scheme</A></H3>
 <P>This scheme simply takes the MD5 hash of the password and stores it in base64 encoded form:</P>
 <PRE>
  userPassword: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
 </PRE>
 <P>Although safer than cleartext storage, this is not a very secure scheme. The MD5 algorithm is fast, and because there is no salt the scheme is vulnerable to a dictionary attack.</P>
-<H3><A NAME="SMD5 password storage scheme">13.4.4. SMD5 password storage scheme</A></H3>
+<H3><A NAME="SMD5 password storage scheme">14.4.4. SMD5 password storage scheme</A></H3>
 <P>This improves on the basic MD5 scheme by adding salt (random data which means that there are many possible representations of a given plaintext password). For example, both of these values represent the same password:</P>
 <PRE>
  userPassword: {SMD5}4QWGWZpj9GCmfuqEvm8HtZhZS6E=
  userPassword: {SMD5}g2/J/7D5EO6+oPdklp5p8YtNFk4=
 </PRE>
-<H3><A NAME="SHA password storage scheme">13.4.5. SHA password storage scheme</A></H3>
+<H3><A NAME="SHA password storage scheme">14.4.5. SHA password storage scheme</A></H3>
 <P>Like the MD5 scheme, this simply feeds the password through an SHA hash process. SHA is thought to be more secure than MD5, but the lack of salt leaves the scheme exposed to dictionary attacks.</P>
 <PRE>
  userPassword: {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
 </PRE>
-<H3><A NAME="SASL password storage scheme">13.4.6. SASL password storage scheme</A></H3>
+<H3><A NAME="SASL password storage scheme">14.4.6. SASL password storage scheme</A></H3>
 <P>This is not really a password storage scheme at all. It uses the value of the <EM>userPassword</EM> attribute to delegate password verification to another process. See below for more information.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>This is not the same as using SASL to authenticate the LDAP session.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="KERBEROS password storage scheme">13.4.7. KERBEROS password storage scheme</A></H3>
+<H3><A NAME="KERBEROS password storage scheme">14.4.7. KERBEROS password storage scheme</A></H3>
 <P>This is not really a password storage scheme at all. It uses the value of the <EM>userPassword</EM> attribute to delegate password verification to Kerberos.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>This is not the same as using Kerberos authentication of the LDAP session.
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P>This scheme could be said to defeat the advantages of Kerberos by causing the Kerberos password to be exposed to the <EM>slapd</EM> server (and possibly on the network as well).</P>
-<H2><A NAME="Pass-Through authentication">13.5. Pass-Through authentication</A></H2>
+<H2><A NAME="Pass-Through authentication">14.5. Pass-Through authentication</A></H2>
 <P>Since OpenLDAP 2.0 <EM>slapd</EM> has had the ability to delegate password verification to a separate process. This uses the <EM>sasl_checkpass(3)</EM> function so it can use any back-end server that Cyrus SASL supports for checking passwords. The choice is very wide, as one option is to use <EM>saslauthd(8)</EM> which in turn can use local files, Kerberos, an IMAP server, another LDAP server, or anything supported by the PAM mechanism.</P>
 <P>The server must be built with the <TT>--enable-spasswd</TT> configuration option to enable pass-through authentication.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
@@ -5921,7 +6495,7 @@
 <STRONG>Note: </STRONG>There is no support for changing passwords in the backend via <EM>slapd</EM>.
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P>It would be wise to use access control to prevent users from changing their passwords through LDAP where they have pass-through authentication enabled.</P>
-<H3><A NAME="Configuring slapd to use an authentication provider">13.5.1. Configuring slapd to use an authentication provider</A></H3>
+<H3><A NAME="Configuring slapd to use an authentication provider">14.5.1. Configuring slapd to use an authentication provider</A></H3>
 <P>Where an entry has a &quot;{SASL}&quot; password value, OpenLDAP delegates the whole process of validating that entry's password to Cyrus SASL. All the configuration is therefore done in SASL config files.</P>
 <P>The first file to be considered is confusingly named <EM>slapd.conf</EM> and is typically found in the SASL library directory, often <TT>/usr/lib/sasl2/slapd.conf</TT> This file governs the use of SASL when talking LDAP to <EM>slapd</EM> as well as the use of SASL backends for pass-through authentication. See <TT>options.html</TT> in the <A HREF="http://asg.web.cmu.edu/sasl/sasl-library.html">Cyrus SASL</A> docs for full details. Here is a simple example for a server that will use <EM>saslauthd</EM> to verify passwords:</P>
 <PRE>
@@ -5929,7 +6503,7 @@
  pwcheck_method: saslauthd
  saslauthd_path: /var/run/sasl2/mux
 </PRE>
-<H3><A NAME="Configuring saslauthd">13.5.2. Configuring saslauthd</A></H3>
+<H3><A NAME="Configuring saslauthd">14.5.2. Configuring saslauthd</A></H3>
 <P><EM>saslauthd</EM> is capable of using many different authentication services: see <EM>saslauthd(8)</EM> for details. A common requirement is to delegate some or all authentication to another LDAP server. Here is a sample <TT>saslauthd.conf</TT> that uses Microsoft Active Directory (AD):</P>
 <PRE>
  ldap_servers: ldap://dc1.example.com/ ldap://dc2.example.com/
@@ -5945,7 +6519,7 @@
  saslauthd -a ldap -r
 </PRE>
 <P>This means that the &quot;username at realm&quot; string from the <EM>userPassword</EM> attribute ends up being used to search AD for &quot;userPrincipalName=username at realm&quot; - the password is then verified by attempting to bind to AD using the entry found by the search and the password supplied by the LDAP client.</P>
-<H3><A NAME="Testing pass-through authentication">13.5.3. Testing pass-through authentication</A></H3>
+<H3><A NAME="Testing pass-through authentication">14.5.3. Testing pass-through authentication</A></H3>
 <P>It is usually best to start with the back-end authentication provider and work through <EM>saslauthd</EM> and <EM>slapd</EM> towards the LDAP client.</P>
 <P>In the AD example above, first check that the DN and password that <EM>saslauthd</EM> will use when it connects to AD are valid:</P>
 <PRE>
@@ -5984,22 +6558,22 @@
 <P>It should now be possible to bind to OpenLDAP using the DN of that entry and the password of the AD user.</P>
 <P></P>
 <HR>
-<H1><A NAME="Using SASL">14. Using SASL</A></H1>
+<H1><A NAME="Using SASL">15. Using SASL</A></H1>
 <P>OpenLDAP clients and servers are capable of authenticating via the <TERM>Simple Authentication and Security Layer</TERM> (<TERM>SASL</TERM>) framework, which is detailed in <A HREF="http://www.rfc-editor.org/rfc/rfc4422.txt">RFC4422</A>.   This chapter describes how to make use of SASL in OpenLDAP.</P>
 <P>There are several industry standard authentication mechanisms that can be used with SASL, including <TERM>GSSAPI</TERM> for <TERM>Kerberos</TERM> V, <TERM>DIGEST-MD5</TERM>, and <TERM>PLAIN</TERM> and <TERM>EXTERNAL</TERM> for use with <TERM>Transport Layer Security</TERM> (TLS).</P>
 <P>The standard client tools provided with OpenLDAP Software, such as <EM>ldapsearch</EM>(1) and <EM>ldapmodify</EM>(1), will by default attempt to authenticate the user to the <TERM>LDAP</TERM> directory server using SASL.  Basic authentication service can be set up by the LDAP administrator with a few steps, allowing users to be authenticated to the slapd server as their LDAP entry.  With a few extra steps, some users and services can be allowed to exploit SASL's proxy authorization feature, allowing them to authenticate themselves and then switch their identity to that of another user or service.</P>
 <P>This chapter assumes you have read <EM>Cyrus SASL for System Administrators</EM>, provided with the <A HREF="http://asg.web.cmu.edu/sasl/sasl-library.html">Cyrus SASL</A> package (in <TT>doc/sysadmin.html</TT>) and have a working Cyrus SASL installation.  You should use the Cyrus SASL <TT>sample_client</TT> and <TT>sample_server</TT> to test your SASL installation before attempting to make use of it with OpenLDAP Software.</P>
 <P>Note that in the following text the term <EM>user</EM> is used to describe a person or application entity who is connecting to the LDAP server via an LDAP client, such as <EM>ldapsearch</EM>(1).  That is, the term <EM>user</EM> not only applies to both an individual using an LDAP client, but to an application entity which issues LDAP client operations without direct user control.  For example, an e-mail server which uses LDAP operations to access information held in an LDAP server is an application entity.</P>
-<H2><A NAME="SASL Security Considerations">14.1. SASL Security Considerations</A></H2>
+<H2><A NAME="SASL Security Considerations">15.1. SASL Security Considerations</A></H2>
 <P>SASL offers many different authentication mechanisms.  This section briefly outlines security considerations.</P>
 <P>Some mechanisms, such as PLAIN and LOGIN, offer no greater security over LDAP <EM>simple</EM> authentication.  Like LDAP <EM>simple</EM> authentication, such mechanisms should not be used unless you have adequate security protections in place.  It is recommended that these mechanisms be used only in conjunction with <TERM>Transport Layer Security</TERM> (TLS).  Use of PLAIN and LOGIN are not discussed further in this document.</P>
 <P>The DIGEST-MD5 mechanism is the mandatory-to-implement authentication mechanism for LDAPv3.  Though DIGEST-MD5 is not a strong authentication mechanism in comparison with trusted third party authentication systems (such as <TERM>Kerberos</TERM> or public key systems), it does offer significant protections against a number of attacks.  Unlike the <TERM>CRAM-MD5</TERM> mechanism, it prevents chosen plaintext attacks.  DIGEST-MD5 is favored over the use of plaintext password mechanisms.  The CRAM-MD5 mechanism is deprecated in favor of DIGEST-MD5.  Use of <A HREF="#DIGEST-MD5">DIGEST-MD5</A> is discussed below.</P>
 <P>The GSSAPI mechanism utilizes <TERM>GSS-API</TERM> <TERM>Kerberos</TERM> V to provide secure authentication services.  The KERBEROS_V4 mechanism is available for those using Kerberos IV.  Kerberos is viewed as a secure, distributed authentication system suitable for both small and large enterprises.  Use of <A HREF="#GSSAPI">GSSAPI</A> and <A HREF="#KERBEROS_V4">KERBEROS_V4</A> are discussed below.</P>
 <P>The EXTERNAL mechanism utilizes authentication services provided by lower level network services such as <TERM>TLS</TERM> (TLS).  When used in conjunction with <TERM>TLS</TERM> <TERM>X.509</TERM>-based public key technology, EXTERNAL offers strong authentication.  Use of EXTERNAL is discussed in the <A HREF="#Using TLS">Using TLS</A> chapter.</P>
 <P>There are other strong authentication mechanisms to choose from, including <TERM>OTP</TERM> (one time passwords) and <TERM>SRP</TERM> (secure remote passwords).  These mechanisms are not discussed in this document.</P>
-<H2><A NAME="SASL Authentication">14.2. SASL Authentication</A></H2>
+<H2><A NAME="SASL Authentication">15.2. SASL Authentication</A></H2>
 <P>Getting basic SASL authentication running involves a few steps. The first step configures your slapd server environment so that it can communicate with client programs using the security system in place at your site. This usually involves setting up a service key, a public key, or other form of secret. The second step concerns mapping authentication identities to LDAP <TERM>DN</TERM>'s, which depends on how entries are laid out in your directory. An explanation of the first step will be given in the next section using Kerberos V4 as an example mechanism. The steps necessary for your site's authentication mechanism will be similar, but a guide to every mechanism available under SASL is beyond the scope of this chapter. The second step is described in the section <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A>.</P>
-<H3><A NAME="GSSAPI">14.2.1. GSSAPI</A></H3>
+<H3><A NAME="GSSAPI">15.2.1. GSSAPI</A></H3>
 <P>This section describes the use of the SASL GSSAPI mechanism and Kerberos V with OpenLDAP.  It will be assumed that you have Kerberos V deployed, you are familiar with the operation of the system, and that your users are trained in its use.  This section also assumes you have familiarized yourself with the use of the GSSAPI mechanism by reading <EM>Configuring GSSAPI and Cyrus SASL</EM> (provided with Cyrus SASL in the <TT>doc/gssapi</TT> file) and successfully experimented with the Cyrus provided <TT>sample_server</TT> and <TT>sample_client</TT> applications.  General information about Kerberos is available at <A HREF="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</A>.</P>
 <P>To use the GSSAPI mechanism with <EM>slapd</EM>(8) one must create a service key with a principal for <EM>ldap</EM> service within the realm for the host on which the service runs.  For example, if you run <EM>slapd</EM> on <TT>directory.example.com</TT> and your realm is <TT>EXAMPLE.COM</TT>, you need to create a service key with the principal:</P>
 <PRE>
@@ -6020,7 +6594,7 @@
         uid=ursula/admin,cn=foreign.realm,cn=gssapi,cn=auth
 </PRE>
 <P>The authentication request DN can be used directly ACLs and <TT>groupOfNames</TT> &quot;member&quot; attributes, since it is of legitimate LDAP DN format.  Or alternatively, the authentication DN could be mapped before use.  See the section <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> for details.</P>
-<H3><A NAME="KERBEROS_V4">14.2.2. KERBEROS_V4</A></H3>
+<H3><A NAME="KERBEROS_V4">15.2.2. KERBEROS_V4</A></H3>
 <P>This section describes the use of the SASL KERBEROS_V4 mechanism with OpenLDAP.  It will be assumed that you are familiar with the workings of the Kerberos IV security system, and that your site has Kerberos IV deployed.  Your users should be familiar with authentication policy, how to receive credentials in a Kerberos ticket cache, and how to refresh expired credentials.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>KERBEROS_V4 and Kerberos IV are deprecated in favor of GSSAPI and Kerberos V.
@@ -6043,7 +6617,7 @@
         uid=adamsom,cn=example.com,cn=kerberos_v4,cn=auth
 </PRE>
 <P>This authentication request DN can be used directly ACLs or, alternatively, mapped prior to use.  See the section <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> for details.</P>
-<H3><A NAME="DIGEST-MD5">14.2.3. DIGEST-MD5</A></H3>
+<H3><A NAME="DIGEST-MD5">15.2.3. DIGEST-MD5</A></H3>
 <P>This section describes the use of the SASL DIGEST-MD5 mechanism using secrets stored either in the directory itself or in Cyrus SASL's own database. DIGEST-MD5 relies on the client and the server sharing a &quot;secret&quot;, usually a password. The server generates a challenge and the client a response proving that it knows the shared secret. This is much more secure than simply sending the secret over the wire.</P>
 <P>Cyrus SASL supports several shared-secret mechanisms. To do this, it needs access to the plaintext password (unlike mechanisms which pass plaintext passwords over the wire, where the server can store a hashed version of the password).</P>
 <P>The server's copy of the shared-secret may be stored in Cyrus SASL's own <EM>sasldb</EM> database, in an external system accessed via <EM>saslauthd</EM>, or in LDAP database itself.  In either case it is very important to apply file access controls and LDAP access controls to prevent exposure of the passwords.  The configuration and commands discussed in this section assume the use of Cyrus SASL 2.1.</P>
@@ -6066,7 +6640,7 @@
         uid=&lt;username&gt;,cn=digest-md5,cn=auth
 </PRE>
 <P>See <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> below for information on optional mapping of identities.</P>
-<P>With suitable mappings in place, users can specify SASL IDs when performing LDAP operations and sldb}} and the directory itself will be used to verify the authentication.  For example, the user identified by the directory entry:</P>
+<P>With suitable mappings in place, users can specify SASL IDs when performing LDAP operations, and the password stored in <EM>sasldb</EM> or in the directory itself will be used to verify the authentication. For example, the user identified by the directory entry:</P>
 <PRE>
        dn: cn=Andrew Findlay+uid=u000997,dc=example,dc=com
        objectclass: inetOrgPerson
@@ -6082,7 +6656,7 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>in each of the above cases, no authorization identity (e.g. <TT>-X</TT>) was provided.   Unless you are attempting <A HREF="#SASL Proxy Authorization">SASL Proxy Authorization</A>, no authorization identity should be specified. The server will infer an authorization identity from authentication identity (as described below).
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="Mapping Authentication Identities">14.2.4. Mapping Authentication Identities</A></H3>
+<H3><A NAME="Mapping Authentication Identities">15.2.4. Mapping Authentication Identities</A></H3>
 <P>The authentication mechanism in the slapd server will use SASL library calls to obtain the authenticated user's &quot;username&quot;, based on whatever underlying authentication mechanism was used.  This username is in the namespace of the authentication mechanism, and not in the normal LDAP namespace. As stated in the sections above, that username is reformatted into an authentication request DN of the form</P>
 <PRE>
         uid=&lt;username&gt;,cn=&lt;realm&gt;,cn=&lt;mechanism&gt;,cn=auth
@@ -6104,7 +6678,7 @@
 <P>The authentication request DN is compared to the search pattern using the regular expression functions <EM>regcomp</EM>() and <EM>regexec</EM>(), and if it matches, it is rewritten as the replacement pattern. If there are multiple <TT>authz-regexp</TT> directives, only the first whose search pattern matches the authentication identity is used. The string that is output from the replacement pattern should be the authentication DN of the user or an LDAP URL.  If replacement string produces a DN, the entry named by this DN need not be held by this server.  If the replace string produces an LDAP URL, that LDAP URL must evaluate to one and only one entry held by this server.</P>
 <P>The search pattern can contain any of the regular expression characters listed in <EM>regexec</EM>(3C). The main characters of note are dot &quot;.&quot;, asterisk &quot;*&quot;, and the open and close parenthesis &quot;(&quot; and &quot;)&quot;.  Essentially, the dot matches any character, the asterisk allows zero or more repeats of the immediately preceding character or pattern, and terms in parenthesis are remembered for the replacement pattern.</P>
 <P>The replacement pattern will produce either a DN or URL referring to the user.  Anything from the authentication request DN that matched a string in parenthesis in the search pattern is stored in the variable &quot;$1&quot;. That variable &quot;$1&quot; can appear in the replacement pattern, and will be replaced by the string from the authentication request DN. If there were multiple sets of parentheses in the search pattern, the variables $2, $3, etc are used.</P>
-<H3><A NAME="Direct Mapping">14.2.5. Direct Mapping</A></H3>
+<H3><A NAME="Direct Mapping">15.2.5. Direct Mapping</A></H3>
 <P>Where possible, direct mapping of the authentication request DN to the user's DN is generally recommended.  Aside from avoiding the expense of searching for the user's DN, it allows mapping to DNs which refer to entries not held by this server.</P>
 <P>Suppose the authentication request DN is written as:</P>
 <PRE>
@@ -6128,7 +6702,7 @@
 </PRE>
 <P>Be careful about setting the search pattern too leniently, however, since it may mistakenly allow persons to become authenticated as a DN to which they should not have access.  It is better to write several strict directives than one lenient directive which has security holes.  If there is only one authentication mechanism in place at your site, and zero or one realms in use, you might be able to map between authentication identities and LDAP DN's with a single <TT>authz-regexp</TT> directive.</P>
 <P>Don't forget to allow for the case where the realm is omitted as well as the case with an explicitly specified realm. This may well require a separate <TT>authz-regexp</TT> directive for each case, with the explicit-realm entry being listed first.</P>
-<H3><A NAME="Search-based mappings">14.2.6. Search-based mappings</A></H3>
+<H3><A NAME="Search-based mappings">15.2.6. Search-based mappings</A></H3>
 <P>There are a number of cases where mapping to a LDAP URL may be appropriate.  For instance, some sites may have person objects located in multiple areas of the LDAP tree, such as if there were an <TT>ou=accounting</TT> tree and an <TT>ou=engineering</TT> tree, with persons interspersed between them.  Or, maybe the desired mapping must be based upon information in the user's information. Consider the need to map the above authentication request DN to user whose entry is as follows:</P>
 <PRE>
         dn: cn=Mark Adamson,ou=People,dc=Example,dc=COM
@@ -6170,10 +6744,10 @@
 <P>Note that the explicitly-named realms are handled first, to avoid the realm name becoming part of the UID.  Also note the use of scope and filters to limit matching to desirable entries.</P>
 <P>Note as well that <TT>authz-regexp</TT> internal search are subject to access controls.  Specifically, the authentication identity must have <TT>auth</TT> access.</P>
 <P>See <EM>slapd.conf</EM>(5) for more detailed information.</P>
-<H2><A NAME="SASL Proxy Authorization">14.3. SASL Proxy Authorization</A></H2>
+<H2><A NAME="SASL Proxy Authorization">15.3. SASL Proxy Authorization</A></H2>
 <P>The SASL offers a feature known as <EM>proxy authorization</EM>, which allows an authenticated user to request that they act on the behalf of another user.  This step occurs after the user has obtained an authentication DN, and involves sending an authorization identity to the server. The server will then make a decision on whether or not to allow the authorization to occur. If it is allowed, the user's LDAP connection is switched to have a binding DN derived from the authorization identity, and the LDAP session proceeds with the access of the new authorization DN.</P>
 <P>The decision to allow an authorization to proceed depends on the rules and policies of the site where LDAP is running, and thus cannot be made by SASL alone. The SASL library leaves it up to the server to make the decision. The LDAP administrator sets the guidelines of who can authorize to what identity by adding information into the LDAP database entries. By default, the authorization features are disabled, and must be explicitly configured by the LDAP administrator before use.</P>
-<H3><A NAME="Uses of Proxy Authorization">14.3.1. Uses of Proxy Authorization</A></H3>
+<H3><A NAME="Uses of Proxy Authorization">15.3.1. Uses of Proxy Authorization</A></H3>
 <P>This sort of service is useful when one entity needs to act on the behalf of many other users. For example, users may be directed to a web page to make changes to their personal information in their LDAP entry. The users authenticate to the web server to establish their identity, but the web server CGI cannot authenticate to the LDAP server as that user to make changes for them. Instead, the web server authenticates itself to the LDAP server as a service identity, say,</P>
 <PRE>
         cn=WebUpdate,dc=example,dc=com
@@ -6181,7 +6755,7 @@
 <P>and then it will SASL authorize to the DN of the user. Once so authorized, the CGI makes changes to the LDAP entry of the user, and as far as the slapd server can tell for its ACLs, it is the user themself on the other end of the connection. The user could have connected to the LDAP server directly and authenticated as themself, but that would require the user to have more knowledge of LDAP clients, knowledge which the web page provides in an easier format.</P>
 <P>Proxy authorization can also be used to limit access to an account that has greater access to the database. Such an account, perhaps even the root DN specified in <EM>slapd.conf</EM>(5), can have a strict list of people who can authorize to that DN. Changes to the LDAP database could then be only allowed by that DN, and in order to become that DN, users must first authenticate as one of the persons on the list. This allows for better auditing of who made changes to the LDAP database.  If people were allowed to authenticate directly to the privileged account, possibly through the <TT>rootpw</TT> <EM>slapd.conf</EM>(5) directive or through a <TT>userPassword</TT> attribute, then auditing becomes more difficult.</P>
 <P>Note that after a successful proxy authorization, the original authentication DN of the LDAP connection is overwritten by the new DN from the authorization request. If a service program is able to authenticate itself as its own authentication DN and then authorize to other DN's, and it is planning on switching to several different identities during one LDAP session, it will need to authenticate itself each time before authorizing to another DN (or use a different proxy authorization mechanism).  The slapd server does not keep record of the service program's ability to switch to other DN's. On authentication mechanisms like Kerberos this will not require multiple connections being made to the Kerberos server, since the user's TGT and &quot;ldap&quot; session key are valid for multiple uses for the several hours of the ticket lifetime.</P>
-<H3><A NAME="SASL Authorization Identities">14.3.2. SASL Authorization Identities</A></H3>
+<H3><A NAME="SASL Authorization Identities">15.3.2. SASL Authorization Identities</A></H3>
 <P>The SASL authorization identity is sent to the LDAP server via the <TT>-X</TT> switch for <EM>ldapsearch</EM>(1) and other tools, or in the <TT>*authzid</TT> parameter to the <EM>lutil_sasl_defaults</EM>() call. The identity can be in one of two forms, either</P>
 <PRE>
         u:&lt;username&gt;
@@ -6196,7 +6770,7 @@
 </PRE>
 <P>That authorization request DN is then run through the same <TT>authz-regexp</TT> process to convert it into a legitimate authorization DN from the database. If it cannot be converted due to a failed search from an LDAP URL, the authorization request fails with &quot;inappropriate access&quot;.  Otherwise, the DN string is now a legitimate authorization DN ready to undergo approval.</P>
 <P>If the authorization identity was provided in the second form, with a <TT>&quot;dn:&quot;</TT> prefix, the string after the prefix is already in authorization DN form, ready to undergo approval.</P>
-<H3><A NAME="Proxy Authorization Rules">14.3.3. Proxy Authorization Rules</A></H3>
+<H3><A NAME="Proxy Authorization Rules">15.3.3. Proxy Authorization Rules</A></H3>
 <P>Once slapd has the authorization DN, the actual approval process begins. There are two attributes that the LDAP administrator can put into LDAP entries to allow authorization:</P>
 <PRE>
         authzTo
@@ -6210,7 +6784,7 @@
         authzTo: ldap:///dc=example,dc=com??sub?(objectclass=person)
 </PRE>
 <P>then any user who authenticated as <TT>cn=WebUpdate,dc=example,dc=com</TT> could authorize to any other LDAP entry under the search base <TT>dc=example,dc=com</TT> which has an objectClass of <TT>Person</TT>.</P>
-<H4><A NAME="Notes on Proxy Authorization Rules">14.3.3.1. Notes on Proxy Authorization Rules</A></H4>
+<H4><A NAME="Notes on Proxy Authorization Rules">15.3.3.1. Notes on Proxy Authorization Rules</A></H4>
 <P>An LDAP URL in a <TT>authzTo</TT> or <TT>authzFrom</TT> attribute will return a set of DNs.  Each DN returned will be checked.  Searches which return a large set can cause the authorization process to take an uncomfortably long time. Also, searches should be performed on attributes that have been indexed by slapd.</P>
 <P>To help produce more sweeping rules for <TT>authzFrom</TT> and <TT>authzTo</TT>, the values of these attributes are allowed to be DNs with regular expression characters in them. This means a source rule like</P>
 <PRE>
@@ -6218,37 +6792,37 @@
 </PRE>
 <P>would allow that authenticated user to authorize to any DN that matches the regular expression pattern given. This regular expression comparison can be evaluated much faster than an LDAP search for <TT>(uid=*)</TT>.</P>
 <P>Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression characters). Anything that does not begin with &quot;<TT>ldap://</TT>&quot; is taken as a DN. It is not permissible to enter another authorization identity of the form &quot;<TT>u:&lt;username&gt;</TT>&quot; as an authorization rule.</P>
-<H4><A NAME="Policy Configuration">14.3.3.2. Policy Configuration</A></H4>
+<H4><A NAME="Policy Configuration">15.3.3.2. Policy Configuration</A></H4>
 <P>The decision of which type of rules to use, <TT>authzFrom</TT> or <TT>authzTo</TT>, will depend on the site's situation. For example, if the set of people who may become a given identity can easily be written as a search filter, then a single destination rule could be written. If the set of people is not easily defined by a search filter, and the set of people is small, it may be better to write a source rule in the entries of each of those people who should be allowed to perform the proxy authorization.</P>
 <P>By default, processing of proxy authorization rules is disabled. The <TT>authz-policy</TT> directive must be set in the <EM>slapd.conf</EM>(5) file to enable authorization. This directive can be set to <TT>none</TT> for no rules (the default), <TT>to</TT> for source rules, <TT>from</TT> for destination rules, or <TT>both</TT> for both source and destination rules.</P>
 <P>Source rules are extremely powerful. If ordinary users have access to write the <TT>authzTo</TT> attribute in their own entries, then they can write rules that would allow them to authorize as anyone else.  As such, when using source rules, the <TT>authzTo</TT> attribute should be protected with an ACL that only allows privileged users to set its values.</P>
 <P></P>
 <HR>
-<H1><A NAME="Using TLS">15. Using TLS</A></H1>
+<H1><A NAME="Using TLS">16. Using TLS</A></H1>
 <P>OpenLDAP clients and servers are capable of using the <TERM>Transport Layer Security</TERM> (<TERM>TLS</TERM>) framework to provide integrity and confidentiality protections and to support LDAP authentication using the <TERM>SASL</TERM> <TERM>EXTERNAL</TERM> mechanism. TLS is defined in <A HREF="http://www.rfc-editor.org/rfc/rfc4346.txt">RFC4346</A>.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>For generating certifcates, please reference <A HREF="http://www.openldap.org/faq/data/cache/185.html">http://www.openldap.org/faq/data/cache/185.html</A>
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H2><A NAME="TLS Certificates">15.1. TLS Certificates</A></H2>
+<H2><A NAME="TLS Certificates">16.1. TLS Certificates</A></H2>
 <P>TLS uses <TERM>X.509</TERM> certificates to carry client and server identities.  All servers are required to have valid certificates, whereas client certificates are optional.  Clients must have a valid certificate in order to authenticate via SASL EXTERNAL. For more information on creating and managing certificates, see the <A HREF="http://www.openssl.org/">OpenSSL</A> documentation.</P>
-<H3><A NAME="Server Certificates">15.1.1. Server Certificates</A></H3>
+<H3><A NAME="Server Certificates">16.1.1. Server Certificates</A></H3>
 <P>The <TERM>DN</TERM> of a server certificate must use the <TT>CN</TT> attribute to name the server, and the <TT>CN</TT> must carry the server's fully qualified domain name. Additional alias names and wildcards may be present in the <TT>subjectAltName</TT> certificate extension.  More details on server certificate names are in <A HREF="http://www.rfc-editor.org/rfc/rfc4513.txt">RFC4513</A>.</P>
-<H3><A NAME="Client Certificates">15.1.2. Client Certificates</A></H3>
+<H3><A NAME="Client Certificates">16.1.2. Client Certificates</A></H3>
 <P>The DN of a client certificate can be used directly as an authentication DN. Since X.509 is a part of the <TERM>X.500</TERM> standard and LDAP is also based on X.500, both use the same DN formats and generally the DN in a user's X.509 certificate should be identical to the DN of their LDAP entry. However, sometimes the DNs may not be exactly the same, and so the mapping facility described in <A HREF="#Mapping Authentication Identities">Mapping Authentication Identities</A> can be applied to these DNs as well.</P>
-<H2><A NAME="TLS Configuration">15.2. TLS Configuration</A></H2>
+<H2><A NAME="TLS Configuration">16.2. TLS Configuration</A></H2>
 <P>After obtaining the required certificates, a number of options must be configured on both the client and the server to enable TLS and make use of the certificates.  At a minimum, the clients must be configured with the name of the file containing all of the <TERM>Certificate Authority</TERM> (CA) certificates it will trust. The server must be configured with the <TERM>CA</TERM> certificates and also its own server certificate and private key.</P>
 <P>Typically a single CA will have issued the server certificate and all of the trusted client certificates, so the server only needs to trust that one signing CA. However, a client may wish to connect to a variety of secure servers managed by different organizations, with server certificates generated by many different CAs. As such, a client is likely to need a list of many different trusted CAs in its configuration.</P>
-<H3><A NAME="Server Configuration">15.2.1. Server Configuration</A></H3>
+<H3><A NAME="Server Configuration">16.2.1. Server Configuration</A></H3>
 <P>The configuration directives for slapd belong in the global directives section of <EM>slapd.conf</EM>(5).</P>
-<H4><A NAME="TLSCACertificateFile &lt;filename&gt;">15.2.1.1. TLSCACertificateFile &lt;filename&gt;</A></H4>
+<H4><A NAME="TLSCACertificateFile &lt;filename&gt;">16.2.1.1. TLSCACertificateFile &lt;filename&gt;</A></H4>
 <P>This directive specifies the <TERM>PEM</TERM>-format file containing certificates for the CA's that slapd will trust. The certificate for the CA that signed the server certificate must be included among these certificates. If the signing CA was not a top-level (root) CA, certificates for the entire sequence of CA's from the signing CA to the top-level CA should be present. Multiple certificates are simply appended to the file; the order is not significant.</P>
-<H4><A NAME="TLSCACertificatePath &lt;path&gt;">15.2.1.2. TLSCACertificatePath &lt;path&gt;</A></H4>
+<H4><A NAME="TLSCACertificatePath &lt;path&gt;">16.2.1.2. TLSCACertificatePath &lt;path&gt;</A></H4>
 <P>This directive specifies the path of a directory that contains individual <TERM>CA</TERM> certificates in separate files.  In addition, this directory must be specially managed using the OpenSSL <EM>c_rehash</EM> utility. When using this feature, the OpenSSL library will attempt to locate certificate files based on a hash of their name and serial number. The <EM>c_rehash</EM> utility is used to generate symbolic links with the hashed names that point to the actual certificate files. As such, this option can only be used with a filesystem that actually supports symbolic links. In general, it is simpler to use the <TT>TLSCACertificateFile</TT> directive instead.</P>
-<H4><A NAME="TLSCertificateFile &lt;filename&gt;">15.2.1.3. TLSCertificateFile &lt;filename&gt;</A></H4>
+<H4><A NAME="TLSCertificateFile &lt;filename&gt;">16.2.1.3. TLSCertificateFile &lt;filename&gt;</A></H4>
 <P>This directive specifies the file that contains the slapd server certificate. Certificates are generally public information and require no special protection.</P>
-<H4><A NAME="TLSCertificateKeyFile &lt;filename&gt;">15.2.1.4. TLSCertificateKeyFile &lt;filename&gt;</A></H4>
+<H4><A NAME="TLSCertificateKeyFile &lt;filename&gt;">16.2.1.4. TLSCertificateKeyFile &lt;filename&gt;</A></H4>
 <P>This directive specifies the file that contains the private key that matches the certificate stored in the <TT>TLSCertificateFile</TT> file. Private keys themselves are sensitive data and are usually password encrypted for protection. However, the current implementation doesn't support encrypted keys so the key must not be encrypted and the file itself must be protected carefully.</P>
-<H4><A NAME="TLSCipherSuite &lt;cipher-suite-spec&gt;">15.2.1.5. TLSCipherSuite &lt;cipher-suite-spec&gt;</A></H4>
+<H4><A NAME="TLSCipherSuite &lt;cipher-suite-spec&gt;">16.2.1.5. TLSCipherSuite &lt;cipher-suite-spec&gt;</A></H4>
 <P>This directive configures what ciphers will be accepted and the preference order. <TT>&lt;cipher-suite-spec&gt;</TT> should be a cipher specification for OpenSSL. You can use the command</P>
 <PRE>
         openssl ciphers -v ALL
@@ -6259,40 +6833,40 @@
         gnutls-cli -l
 </PRE>
 <P>Besides the individual cipher names, the specifiers <TT>HIGH</TT>, <TT>MEDIUM</TT>, <TT>LOW</TT>, <TT>EXPORT</TT>, and <TT>EXPORT40</TT> may be helpful, along with <TT>TLSv1</TT>, <TT>SSLv3</TT>, and <TT>SSLv2</TT>.</P>
-<H4><A NAME="TLSRandFile &lt;filename&gt;">15.2.1.6. TLSRandFile &lt;filename&gt;</A></H4>
+<H4><A NAME="TLSRandFile &lt;filename&gt;">16.2.1.6. TLSRandFile &lt;filename&gt;</A></H4>
 <P>This directive specifies the file to obtain random bits from when <TT>/dev/urandom</TT> is not available. If the system provides <TT>/dev/urandom</TT> then this option is not needed, otherwise a source of random data must be configured.  Some systems (e.g. Linux) provide <TT>/dev/urandom</TT> by default, while others (e.g. Solaris) require the installation of a patch to provide it, and others may not support it at all. In the latter case, EGD or PRNGD should be installed, and this directive should specify the name of the EGD/PRNGD socket. The environment variable <TT>RANDFILE</TT> can also be used to specify the filename. Also, in the absence of these options, the <TT>.rnd</TT> file in the slapd user's home directory may be used if it exists. To use the <TT>.rnd</TT> file, just create the file and copy a few hundred bytes of arbitrary data into the file. The file is only used to provide a seed for the pseudo-random number generator, and it doesn't need very much data to work.</P>
-<H4><A NAME="TLSEphemeralDHParamFile &lt;filename&gt;">15.2.1.7. TLSEphemeralDHParamFile &lt;filename&gt;</A></H4>
+<H4><A NAME="TLSEphemeralDHParamFile &lt;filename&gt;">16.2.1.7. TLSEphemeralDHParamFile &lt;filename&gt;</A></H4>
 <P>This directive specifies the file that contains parameters for Diffie-Hellman ephemeral key exchange.  This is required in order to use a DSA certificate on the server side (i.e. <TT>TLSCertificateKeyFile</TT> points to a DSA key).  Multiple sets of parameters can be included in the file; all of them will be processed.  Parameters can be generated using the following command</P>
 <PRE>
         openssl dhparam [-dsaparam] -out &lt;filename&gt; &lt;numbits&gt;
 </PRE>
-<H4><A NAME="TLSVerifyClient { never | allow | try | demand }">15.2.1.8. TLSVerifyClient { never | allow | try | demand }</A></H4>
+<H4><A NAME="TLSVerifyClient { never | allow | try | demand }">16.2.1.8. TLSVerifyClient { never | allow | try | demand }</A></H4>
 <P>This directive specifies what checks to perform on client certificates in an incoming TLS session, if any. This option is set to <TT>never</TT> by default, in which case the server never asks the client for a certificate. With a setting of <TT>allow</TT> the server will ask for a client certificate; if none is provided the session proceeds normally. If a certificate is provided but the server is unable to verify it, the certificate is ignored and the session proceeds normally, as if no certificate had been provided. With a setting of <TT>try</TT> the certificate is requested, and if none is provided, the session proceeds normally. If a certificate is provided and it cannot be verified, the session is immediately terminated. With a setting of <TT>demand</TT> the certificate is requested and a valid certificate must be provided, otherwise the session is immediately terminated.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>The server must request a client certificate in order to use the SASL EXTERNAL authentication mechanism with a TLS session. As such, a non-default <TT>TLSVerifyClient</TT> setting must be configured before SASL EXTERNAL authentication may be attempted, and the SASL EXTERNAL mechanism will only be offered to the client if a valid client certificate was received.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="Client Configuration">15.2.2. Client Configuration</A></H3>
+<H3><A NAME="Client Configuration">16.2.2. Client Configuration</A></H3>
 <P>Most of the client configuration directives parallel the server directives. The names of the directives are different, and they go into <EM>ldap.conf</EM>(5) instead of <EM>slapd.conf</EM>(5), but their functionality is mostly the same. Also, while most of these options may be configured on a system-wide basis, they may all be overridden by individual users in their <EM>.ldaprc</EM> files.</P>
 <P>The LDAP Start TLS operation is used in LDAP to initiate TLS negotiation.  All OpenLDAP command line tools support a <TT>-Z</TT> and <TT>-ZZ</TT> flag to indicate whether a Start TLS operation is to be issued.  The latter flag indicates that the tool is to cease processing if TLS cannot be started while the former allows the command to continue.</P>
 <P>In LDAPv2 environments, TLS is normally started using the LDAP Secure URI scheme (<TT>ldaps://</TT>) instead of the normal LDAP URI scheme (<TT>ldap://</TT>).  OpenLDAP command line tools allow either scheme to used with the <TT>-H</TT> flag and with the <TT>URI</TT> <EM>ldap.conf</EM>(5) option.</P>
-<H4><A NAME="TLS_CACERT &lt;filename&gt;">15.2.2.1. TLS_CACERT &lt;filename&gt;</A></H4>
+<H4><A NAME="TLS_CACERT &lt;filename&gt;">16.2.2.1. TLS_CACERT &lt;filename&gt;</A></H4>
 <P>This is equivalent to the server's <TT>TLSCACertificateFile</TT> option. As noted in the <A HREF="#TLS Configuration">TLS Configuration</A> section, a client typically may need to know about more CAs than a server, but otherwise the same considerations apply.</P>
-<H4><A NAME="TLS_CACERTDIR &lt;path&gt;">15.2.2.2. TLS_CACERTDIR &lt;path&gt;</A></H4>
+<H4><A NAME="TLS_CACERTDIR &lt;path&gt;">16.2.2.2. TLS_CACERTDIR &lt;path&gt;</A></H4>
 <P>This is equivalent to the server's <TT>TLSCACertificatePath</TT> option. The specified directory must be managed with the OpenSSL <EM>c_rehash</EM> utility as well.</P>
-<H4><A NAME="TLS_CERT &lt;filename&gt;">15.2.2.3. TLS_CERT &lt;filename&gt;</A></H4>
+<H4><A NAME="TLS_CERT &lt;filename&gt;">16.2.2.3. TLS_CERT &lt;filename&gt;</A></H4>
 <P>This directive specifies the file that contains the client certificate. This is a user-only directive and can only be specified in a user's <EM>.ldaprc</EM> file.</P>
-<H4><A NAME="TLS_KEY &lt;filename&gt;">15.2.2.4. TLS_KEY &lt;filename&gt;</A></H4>
+<H4><A NAME="TLS_KEY &lt;filename&gt;">16.2.2.4. TLS_KEY &lt;filename&gt;</A></H4>
 <P>This directive specifies the file that contains the private key that matches the certificate stored in the <TT>TLS_CERT</TT> file. The same constraints mentioned for <TT>TLSCertificateKeyFile</TT> apply here. This is also a user-only directive.</P>
-<H4><A NAME="TLS_RANDFILE &lt;filename&gt;">15.2.2.5. TLS_RANDFILE &lt;filename&gt;</A></H4>
+<H4><A NAME="TLS_RANDFILE &lt;filename&gt;">16.2.2.5. TLS_RANDFILE &lt;filename&gt;</A></H4>
 <P>This directive is the same as the server's <TT>TLSRandFile</TT> option.</P>
-<H4><A NAME="TLS_REQCERT { never | allow | try | demand }">15.2.2.6. TLS_REQCERT { never | allow | try | demand }</A></H4>
+<H4><A NAME="TLS_REQCERT { never | allow | try | demand }">16.2.2.6. TLS_REQCERT { never | allow | try | demand }</A></H4>
 <P>This directive is equivalent to the server's <TT>TLSVerifyClient</TT> option. However, for clients the default value is <TT>demand</TT> and there generally is no good reason to change this setting.</P>
 <P></P>
 <HR>
-<H1><A NAME="Constructing a Distributed Directory Service">16. Constructing a Distributed Directory Service</A></H1>
+<H1><A NAME="Constructing a Distributed Directory Service">17. Constructing a Distributed Directory Service</A></H1>
 <P>For many sites, running one or more <EM>slapd</EM>(8) that hold an entire subtree of data is sufficient. But often it is desirable to have one <EM>slapd</EM> refer to other directory services for a certain part of the tree (which may or may not be running <EM>slapd</EM>).</P>
 <P><EM>slapd</EM> supports <EM>subordinate</EM> and <EM>superior</EM> knowledge information. Subordinate knowledge information is held in <TT>referral</TT> objects (<A HREF="http://www.rfc-editor.org/rfc/rfc3296.txt">RFC3296</A>).</P>
-<H2><A NAME="Subordinate Knowledge Information">16.1. Subordinate Knowledge Information</A></H2>
+<H2><A NAME="Subordinate Knowledge Information">17.1. Subordinate Knowledge Information</A></H2>
 <P>Subordinate knowledge information may be provided to delegate a subtree. Subordinate knowledge information is maintained in the directory as a special <EM>referral</EM> object at the delegate point. The referral object acts as a delegation point, gluing two services together. This mechanism allows for hierarchical directory services to be constructed.</P>
 <P>A referral object has a structural object class of <TT>referral</TT> and has the same <TERM>Distinguished Name</TERM> as the delegated subtree.  Generally, the referral object will also provide the auxiliary object class <TT>extensibleObject</TT>. This allows the entry to contain appropriate <TERM>Relative Distinguished Name</TERM> values.  This is best demonstrated by example.</P>
 <P>If the server <TT>a.example.net</TT> holds <TT>dc=example,dc=net</TT> and wished to delegate the subtree <TT>ou=subtree,dc=example,dc=net</TT> to another server <TT>b.example.net</TT>, the following named referral object would be added to <TT>a.example.net</TT>:</P>
@@ -6305,7 +6879,7 @@
 </PRE>
 <P>The server uses this information to generate referrals and search continuations to subordinate servers.</P>
 <P>For those familiar with <TERM>X.500</TERM>, a <EM>named referral</EM> object is similar to an X.500 knowledge reference held in a <EM>subr</EM> <TERM>DSE</TERM>.</P>
-<H2><A NAME="Superior Knowledge Information">16.2. Superior Knowledge Information</A></H2>
+<H2><A NAME="Superior Knowledge Information">17.2. Superior Knowledge Information</A></H2>
 <P>Superior knowledge information may be specified using the <TT>referral</TT> directive.  The value is a list of <TERM>URI</TERM>s referring to superior directory services.  For servers without immediate superiors, such as for <TT>a.example.net</TT> in the example above, the server can be configured to use a directory service with <EM>global knowledge</EM>, such as the <EM>OpenLDAP Root Service</EM> (<A HREF="http://www.openldap.org/faq/index.cgi?file=393">http://www.openldap.org/faq/index.cgi?file=393</A>).</P>
 <PRE>
         referral        ldap://root.openldap.org/
@@ -6316,7 +6890,7 @@
 </PRE>
 <P>The server uses this information to generate referrals for operations acting upon entries not within or subordinate to any of the naming contexts held by the server.</P>
 <P>For those familiar with <TERM>X.500</TERM>, this use of the <TT>ref</TT> attribute is similar to an X.500 knowledge reference held in a <EM>Supr</EM> <TERM>DSE</TERM>.</P>
-<H2><A NAME="The ManageDsaIT Control">16.3. The ManageDsaIT Control</A></H2>
+<H2><A NAME="The ManageDsaIT Control">17.3. The ManageDsaIT Control</A></H2>
 <P>Adding, modifying, and deleting referral objects is generally done using <EM>ldapmodify</EM>(1) or similar tools which support the ManageDsaIT control.  The ManageDsaIT control informs the server that you intend to manage the referral object as a regular entry.  This keeps the server from sending a referral result for requests which interrogate or update referral objects.</P>
 <P>The ManageDsaIT control should not be specified when managing regular entries.</P>
 <P>The <TT>-M</TT> option of <EM>ldapmodify</EM>(1) (and other tools) enables ManageDsaIT.  For example:</P>
@@ -6333,268 +6907,37 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>the use of referrals to construct a Distributed Directory Service is extremely clumsy and not well supported by common clients. If an existing installation has already been built using referrals, the use of the <EM>chain</EM> overlay to hide the referrals will greatly improve the usability of the Directory system. A better approach would be to use explicitly defined local and proxy databases in <EM>subordinate</EM> configurations to provide a seamless view of the Distributed Directory.
 <HR WIDTH="80%" ALIGN="Left"></P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>LDAP operations, even subtree searches, normally access only one database. That can be changed by gluing databases together with the <B>subordinate</B>/<B>olcSubordinate</B> keyword. Please see <EM>slapd.conf</EM>(5) and <EM>slapd-config</EM>(5).
+<HR WIDTH="80%" ALIGN="Left"></P>
 <P></P>
 <HR>
-<H1><A NAME="Replication">17. Replication</A></H1>
+<H1><A NAME="Replication">18. Replication</A></H1>
 <P>Replicated directories are a fundamental requirement for delivering a resilient enterprise deployment.</P>
-<P><A HREF="http://www.openldap.org/">OpenLDAP</A> has various configuration options for creating a replicated directory. The following sections will discuss these.</P>
-<H2><A NAME="Push Based">17.1. Push Based</A></H2>
-<H3><A NAME="Replacing Slurpd">17.1.1. Replacing Slurpd</A></H3>
-<P><EM>Slurpd</EM> replication has been deprecated in favor of Syncrepl replication and has been completely removed from OpenLDAP 2.4.</P>
-<P><EM>Why was it replaced?</EM></P>
-<P>The <EM>slurpd</EM> daemon was the original replication mechanism inherited from UMich's LDAP and operates in push mode: the master pushes changes to the slaves. It has been replaced for many reasons, in brief:</P>
-<UL>
-<LI>It is not reliable
-<LI>It is extremely sensitive to the ordering of records in the replog
-<LI>It can easily go out of sync, at which point manual intervention is required to resync the slave database with the master directory
-<LI>It isn't very tolerant of unavailable servers. If a slave goes down for a long time, the replog may grow to a size that's too large for slurpd to process</UL>
-<P><EM>What was it replaced with?</EM></P>
-<P>Syncrepl</P>
-<P><EM>Why is Syncrepl better?</EM></P>
-<UL>
-<LI>Syncrepl is self-synchronizing; you can start with a database in any state from totally empty to fully synced and it will automatically do the right thing to achieve and maintain synchronization
-<LI>Syncrepl can operate in either direction
-<LI>Data updates can be minimal or maximal</UL>
-<P><EM>How do I implement a pushed based replication system using Syncrepl?</EM></P>
-<P>The easiest way is to point an LDAP backend (<A HREF="#Backends">Backends</A> and <EM>slapd-ldap(8)</EM>) to your slave directory and setup Syncrepl to point to your Master database.</P>
-<P>If you imagine Syncrepl pulling down changes from the Master server, and then pushing those changes out to your slave servers via <EM>slapd-ldap(8)</EM>. This is called Syncrepl Proxy Mode. You can also use Syncrepl Multi-proxy mode:</P>
-<P><CENTER><IMG SRC="push-based-complete.png" ALIGN="center"></CENTER></P>
-<P ALIGN="Center">Figure X.Y: Replacing slurpd</P>
-<P>The following example is for a self-contained push-based replication solution:</P>
-<PRE>
-        #######################################################################
-        # Standard OpenLDAP Master/Provider
-        #######################################################################
-
-        include     /usr/local/etc/openldap/schema/core.schema
-        include     /usr/local/etc/openldap/schema/cosine.schema
-        include     /usr/local/etc/openldap/schema/nis.schema
-        include     /usr/local/etc/openldap/schema/inetorgperson.schema
-
-        include     /usr/local/etc/openldap/slapd.acl
-
-        modulepath  /usr/local/libexec/openldap
-        moduleload  back_hdb.la
-        moduleload  syncprov.la
-        moduleload  back_monitor.la
-        moduleload  back_ldap.la
-
-        pidfile     /usr/local/var/slapd.pid
-        argsfile    /usr/local/var/slapd.args
-
-        loglevel    sync stats
-
-        database    hdb
-        suffix      &quot;dc=suretecsystems,dc=com&quot;
-        directory   /usr/local/var/openldap-data
-
-        checkpoint      1024 5
-        cachesize       10000
-        idlcachesize    10000
-
-        index       objectClass eq
-        # rest of indexes
-        index       default     sub
-
-        rootdn          &quot;cn=admin,dc=suretecsystems,dc=com&quot;
-        rootpw          testing
-
-        # syncprov specific indexing
-        index entryCSN eq
-        index entryUUID eq
-
-        # syncrepl Provider for primary db
-        overlay syncprov
-        syncprov-checkpoint 1000 60
-
-        # Let the replica DN have limitless searches
-        limits dn.exact=&quot;cn=replicator,dc=suretecsystems,dc=com&quot; time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
-
-        database    monitor
-
-        database    config
-        rootpw          testing
-
-        ##############################################################################
-        # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
-        ##############################################################################
-
-        database        ldap
-        # ignore conflicts with other databases, as we need to push out to same suffix
-        hidden              on
-        suffix          &quot;dc=suretecsystems,dc=com&quot;
-        rootdn          &quot;cn=slapd-ldap&quot;
-        uri             ldap://localhost:9012/
-
-        lastmod         on
-
-        # We don't need any access to this DSA
-        restrict        all
-
-        acl-bind        bindmethod=simple
-                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
-                        credentials=testing
-
-        syncrepl        rid=001
-                        provider=ldap://localhost:9011/
-                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
-                        bindmethod=simple
-                        credentials=testing
-                        searchbase=&quot;dc=suretecsystems,dc=com&quot;
-                        type=refreshAndPersist
-                        retry=&quot;5 5 300 5&quot;
-
-        overlay         syncprov
-</PRE>
-<P>A replica configuration for this type of setup could be:</P>
-<PRE>
-        #######################################################################
-        # Standard OpenLDAP Slave without Syncrepl
-        #######################################################################
-
-        include     /usr/local/etc/openldap/schema/core.schema
-        include     /usr/local/etc/openldap/schema/cosine.schema
-        include     /usr/local/etc/openldap/schema/nis.schema
-        include     /usr/local/etc/openldap/schema/inetorgperson.schema
-
-        include     /usr/local/etc/openldap/slapd.acl
-
-        modulepath  /usr/local/libexec/openldap
-        moduleload  back_hdb.la
-        moduleload  syncprov.la
-        moduleload  back_monitor.la
-        moduleload  back_ldap.la
-
-        pidfile     /usr/local/var/slapd.pid
-        argsfile    /usr/local/var/slapd.args
-
-        loglevel    sync stats
-
-        database    hdb
-        suffix      &quot;dc=suretecsystems,dc=com&quot;
-        directory   /usr/local/var/openldap-slave/data
-
-        checkpoint      1024 5
-        cachesize       10000
-        idlcachesize    10000
-
-        index       objectClass eq
-        # rest of indexes
-        index       default     sub
-
-        rootdn          &quot;cn=admin,dc=suretecsystems,dc=com&quot;
-        rootpw          testing
-
-        # Let the replica DN have limitless searches
-        limits dn.exact=&quot;cn=replicator,dc=suretecsystems,dc=com&quot; time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
-
-        updatedn &quot;cn=replicator,dc=suretecsystems,dc=com&quot;
-
-        # Refer updates to the master
-        updateref   ldap://localhost:9011
-
-        database    monitor
-
-        database    config
-        rootpw          testing
-</PRE>
-<P>You can see we use the <EM>updatedn</EM> directive here and example ACLs (<TT>usr/local/etc/openldap/slapd.acl</TT>) for this could be:</P>
-<PRE>
-        # Give the replica DN unlimited read access.  This ACL may need to be
-        # merged with other ACL statements.
-
-        access to *
-             by dn.base=&quot;cn=replicator,dc=suretecsystems,dc=com&quot; write
-             by * break
-
-        access to dn.base=&quot;&quot;
-                by * read
-
-        access to dn.base=&quot;cn=Subschema&quot;
-                by * read
-
-        access to dn.subtree=&quot;cn=Monitor&quot;
-            by dn.exact=&quot;uid=admin,dc=suretecsystems,dc=com&quot; write
-            by users read
-            by * none
-
-        access to *
-                by self write
-                by * read
-</PRE>
-<P>In order to support more replicas, just add more <EM>database ldap</EM> sections and increment the <EM>syncrepl rid</EM> number accordingly.</P>
-<P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>You must populate the Master and Slave directories with the same data, unlike when using normal Syncrepl
-<HR WIDTH="80%" ALIGN="Left"></P>
-<P>If you do not have access to modify the master directory configuration you can configure a standalone ldap proxy, which might look like:</P>
-<P><CENTER><IMG SRC="push-based-standalone.png" ALIGN="center"></CENTER></P>
-<P ALIGN="Center">Figure X.Y: Replacing slurpd with a standalone version</P>
-<P>The following configuration is an example of a standalone LDAP Proxy:</P>
-<PRE>
-        include     /usr/local/etc/openldap/schema/core.schema
-        include     /usr/local/etc/openldap/schema/cosine.schema
-        include     /usr/local/etc/openldap/schema/nis.schema
-        include     /usr/local/etc/openldap/schema/inetorgperson.schema
-
-        include     /usr/local/etc/openldap/slapd.acl
-
-        modulepath  /usr/local/libexec/openldap
-        moduleload  syncprov.la
-        moduleload  back_ldap.la
-
-        ##############################################################################
-        # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
-        ##############################################################################
-
-        database        ldap
-        # ignore conflicts with other databases, as we need to push out to same suffix
-        hidden              on
-        suffix          &quot;dc=suretecsystems,dc=com&quot;
-        rootdn          &quot;cn=slapd-ldap&quot;
-        uri             ldap://localhost:9012/
-
-        lastmod         on
-
-        # We don't need any access to this DSA
-        restrict        all
-
-        acl-bind        bindmethod=simple
-                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
-                        credentials=testing
-
-        syncrepl        rid=001
-                        provider=ldap://localhost:9011/
-                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
-                        bindmethod=simple
-                        credentials=testing
-                        searchbase=&quot;dc=suretecsystems,dc=com&quot;
-                        type=refreshAndPersist
-                        retry=&quot;5 5 300 5&quot;
-
-        overlay         syncprov
-</PRE>
-<P>As you can see, you can let your imagination go wild using Syncrepl and <EM>slapd-ldap(8)</EM> tailoring your replication to fit your specific network topology.</P>
-<H2><A NAME="Pull Based">17.2. Pull Based</A></H2>
-<H3><A NAME="LDAP Sync Replication">17.2.1. LDAP Sync Replication</A></H3>
-<P>The <TERM>LDAP Sync</TERM> Replication engine, <TERM>syncrepl</TERM> for short, is a consumer-side replication engine that enables the consumer <TERM>LDAP</TERM> server to maintain a shadow copy of a <TERM>DIT</TERM> fragment. A syncrepl engine resides at the consumer-side as one of the <EM>slapd</EM>(8) threads. It creates and maintains a consumer replica by connecting to the replication provider to perform the initial DIT content load followed either by periodic content polling or by timely updates upon content changes.</P>
-<P>Syncrepl uses the LDAP Content Synchronization (or LDAP Sync for short) protocol as the replica synchronization protocol.  It provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store.</P>
+<P><A HREF="http://www.openldap.org/">OpenLDAP</A> has various configuration options for creating a replicated directory. In previous releases, replication was discussed in terms of a <EM>master</EM> server and some number of <EM>slave</EM> servers. A master accepted directory updates from other clients, and a slave only accepted updates from a (single) master. The replication structure was rigidly defined and any particular database could only fulfill a single role, either master or slave.</P>
+<P>As OpenLDAP now supports a wide variety of replication topologies, these terms have been deprecated in favor of <EM>provider</EM> and <EM>consumer</EM>: A provider replicates directory updates to consumers; consumers receive replication updates from providers. Unlike the rigidly defined master/slave relationships, provider/consumer roles are quite fluid: replication updates received in a consumer can be further propagated by that consumer to other servers, so a consumer can also act simultaneously as a provider. Also, a consumer need not be an actual LDAP server; it may be just an LDAP client.</P>
+<P>The following sections will describe the replication technology and discuss the various replication options that are available.</P>
+<H2><A NAME="Replication Technology">18.1. Replication Technology</A></H2>
+<H3><A NAME="LDAP Sync Replication">18.1.1. LDAP Sync Replication</A></H3>
+<P>The <TERM>LDAP Sync</TERM> Replication engine, <TERM>syncrepl</TERM> for short, is a consumer-side replication engine that enables the consumer <TERM>LDAP</TERM> server to maintain a shadow copy of a <TERM>DIT</TERM> fragment. A syncrepl engine resides at the consumer and executes as one of the <EM>slapd</EM>(8) threads. It creates and maintains a consumer replica by connecting to the replication provider to perform the initial DIT content load followed either by periodic content polling or by timely updates upon content changes.</P>
+<P>Syncrepl uses the LDAP Content Synchronization protocol (or LDAP Sync for short) as the replica synchronization protocol.  LDAP Sync provides a stateful replication which supports both pull-based and push-based synchronization and does not mandate the use of a history store. In pull-based replication the consumer periodically polls the provider for updates. In push-based replication the consumer listens for updates that are sent by the provider in realtime. Since the protocol does not require a history store, the provider does not need to maintain any log of updates it has received.  (Note that the syncrepl engine is extensible and additional replication protocols may be supported in the future.)</P>
 <P>Syncrepl keeps track of the status of the replication content by maintaining and exchanging synchronization cookies. Because the syncrepl consumer and provider maintain their content status, the consumer can poll the provider content to perform incremental synchronization by asking for the entries required to make the consumer replica up-to-date with the provider content. Syncrepl also enables convenient management of replicas by maintaining replica status.  The consumer replica can be constructed from a consumer-side or a provider-side backup at any synchronization status. Syncrepl can automatically resynchronize the consumer replica up-to-date with the current provider content.</P>
 <P>Syncrepl supports both pull-based and push-based synchronization. In its basic refreshOnly synchronization mode, the provider uses pull-based synchronization where the consumer servers need not be tracked and no history information is maintained.  The information required for the provider to process periodic polling requests is contained in the synchronization cookie of the request itself.  To optimize the pull-based synchronization, syncrepl utilizes the present phase of the LDAP Sync protocol as well as its delete phase, instead of falling back on frequent full reloads. To further optimize the pull-based synchronization, the provider can maintain a per-scope session log as a history store. In its refreshAndPersist mode of synchronization, the provider uses a push-based synchronization. The provider keeps track of the consumer servers that have requested a persistent search and sends them necessary updates as the provider replication content gets modified.</P>
 <P>With syncrepl, a consumer server can create a replica without changing the provider's configurations and without restarting the provider server, if the consumer server has appropriate access privileges for the DIT fragment to be replicated. The consumer server can stop the replication also without the need for provider-side changes and restart.</P>
-<P>Syncrepl supports both partial and sparse replications.  The shadow DIT fragment is defined by a general search criteria consisting of base, scope, filter, and attribute list.  The replica content is also subject to the access privileges of the bind identity of the syncrepl replication connection.</P>
-<H4><A NAME="The LDAP Content Synchronization Protocol">17.2.1.1. The LDAP Content Synchronization Protocol</A></H4>
+<P>Syncrepl supports partial, sparse, and fractional replications.  The shadow DIT fragment is defined by a general search criteria consisting of base, scope, filter, and attribute list.  The replica content is also subject to the access privileges of the bind identity of the syncrepl replication connection.</P>
+<H4><A NAME="The LDAP Content Synchronization Protocol">18.1.1.1. The LDAP Content Synchronization Protocol</A></H4>
 <P>The LDAP Sync protocol allows a client to maintain a synchronized copy of a DIT fragment. The LDAP Sync operation is defined as a set of controls and other protocol elements which extend the LDAP search operation. This section introduces the LDAP Content Sync protocol only briefly.  For more information, refer to <A HREF="http://www.rfc-editor.org/rfc/rfc4533.txt">RFC4533</A>.</P>
-<P>The LDAP Sync protocol supports both polling and listening for changes by defining two respective synchronization operations: <EM>refreshOnly</EM> and <EM>refreshAndPersist</EM>.  Polling is implemented by the <EM>refreshOnly</EM> operation.  The client copy is synchronized to the server copy at the time of polling.  The server finishes the search operation by returning <EM>SearchResultDone</EM> at the end of the search operation as in the normal search.  The listening is implemented by the <EM>refreshAndPersist</EM> operation.  Instead of finishing the search after returning all entries currently matching the search criteria, the synchronization search remains persistent in the server. Subsequent updates to the synchronization content in the server cause additional entry updates to be sent to the client.</P>
+<P>The LDAP Sync protocol supports both polling and listening for changes by defining two respective synchronization operations: <EM>refreshOnly</EM> and <EM>refreshAndPersist</EM>.  Polling is implemented by the <EM>refreshOnly</EM> operation. The consumer polls the provider using an LDAP Search request with an LDAP Sync control attached. The consumer copy is synchronized to the provider copy at the time of polling using the information returned in the search.  The provider finishes the search operation by returning <EM>SearchResultDone</EM> at the end of the search operation as in the normal search.  Listening is implemented by the <EM>refreshAndPersist</EM> operation. As the name implies, it begins with a search, like refreshOnly. Instead of finishing the search after returning all entries currently matching the search criteria, the synchronization search remains persistent in the provider. Subsequent updates to the synchronization content in the provider cause additional entry updates to be sent to the consumer.</P>
 <P>The <EM>refreshOnly</EM> operation and the refresh stage of the <EM>refreshAndPersist</EM> operation can be performed with a present phase or a delete phase.</P>
-<P>In the present phase, the server sends the client the entries updated within the search scope since the last synchronization. The server sends all requested attributes, be it changed or not, of the updated entries.  For each unchanged entry which remains in the scope, the server sends a present message consisting only of the name of the entry and the synchronization control representing state present. The present message does not contain any attributes of the entry. After the client receives all update and present entries, it can reliably determine the new client copy by adding the entries added to the server, by replacing the entries modified at the server, and by deleting entries in the client copy which have not been updated nor specified as being present at the server.</P>
-<P>The transmission of the updated entries in the delete phase is the same as in the present phase. The server sends all the requested attributes of the entries updated within the search scope since the last synchronization to the client. In the delete phase, however, the server sends a delete message for each entry deleted from the search scope, instead of sending present messages.  The delete message consists only of the name of the entry and the synchronization control representing state delete.  The new client copy can be determined by adding, modifying, and removing entries according to the synchronization control attached to the <EM>SearchResultEntry</EM> message.</P>
-<P>In the case that the LDAP Sync server maintains a history store and can determine which entries are scoped out of the client copy since the last synchronization time, the server can use the delete phase. If the server does not maintain any history store, cannot determine the scoped-out entries from the history store, or the history store does not cover the outdated synchronization state of the client, the server should use the present phase.  The use of the present phase is much more efficient than a full content reload in terms of the synchronization traffic.  To reduce the synchronization traffic further, the LDAP Sync protocol also provides several optimizations such as the transmission of the normalized <TT>entryUUID</TT>s and the transmission of multiple <TT>entryUUIDs</TT> in a single <EM>syncIdSet</EM> message.</P>
-<P>At the end of the <EM>refreshOnly</EM> synchronization, the server sends a synchronization cookie to the client as a state indicator of the client copy after the synchronization is completed.  The client will present the received cookie when it requests the next incremental synchronization to the server.</P>
-<P>When <EM>refreshAndPersist</EM> synchronization is used, the server sends a synchronization cookie at the end of the refresh stage by sending a Sync Info message with TRUE refreshDone.  It also sends a synchronization cookie by attaching it to <EM>SearchResultEntry</EM> generated in the persist stage of the synchronization search. During the persist stage, the server can also send a Sync Info message containing the synchronization cookie at any time the server wants to update the client-side state indicator.  The server also updates a synchronization indicator of the client at the end of the persist stage.</P>
+<P>In the present phase, the provider sends the consumer the entries updated within the search scope since the last synchronization. The provider sends all requested attributes, be they changed or not, of the updated entries.  For each unchanged entry which remains in the scope, the provider sends a present message consisting only of the name of the entry and the synchronization control representing state present. The present message does not contain any attributes of the entry. After the consumer receives all update and present entries, it can reliably determine the new consumer copy by adding the entries added to the provider, by replacing the entries modified at the provider, and by deleting entries in the consumer copy which have not been updated nor specified as being present at the provider.</P>
+<P>The transmission of the updated entries in the delete phase is the same as in the present phase. The provider sends all the requested attributes of the entries updated within the search scope since the last synchronization to the consumer. In the delete phase, however, the provider sends a delete message for each entry deleted from the search scope, instead of sending present messages.  The delete message consists only of the name of the entry and the synchronization control representing state delete.  The new consumer copy can be determined by adding, modifying, and removing entries according to the synchronization control attached to the <EM>SearchResultEntry</EM> message.</P>
+<P>In the case that the LDAP Sync provider maintains a history store and can determine which entries are scoped out of the consumer copy since the last synchronization time, the provider can use the delete phase. If the provider does not maintain any history store, cannot determine the scoped-out entries from the history store, or the history store does not cover the outdated synchronization state of the consumer, the provider should use the present phase.  The use of the present phase is much more efficient than a full content reload in terms of the synchronization traffic.  To reduce the synchronization traffic further, the LDAP Sync protocol also provides several optimizations such as the transmission of the normalized <TT>entryUUID</TT>s and the transmission of multiple <TT>entryUUIDs</TT> in a single <EM>syncIdSet</EM> message.</P>
+<P>At the end of the <EM>refreshOnly</EM> synchronization, the provider sends a synchronization cookie to the consumer as a state indicator of the consumer copy after the synchronization is completed.  The consumer will present the received cookie when it requests the next incremental synchronization to the provider.</P>
+<P>When <EM>refreshAndPersist</EM> synchronization is used, the provider sends a synchronization cookie at the end of the refresh stage by sending a Sync Info message with refreshDone=TRUE.  It also sends a synchronization cookie by attaching it to <EM>SearchResultEntry</EM> messages generated in the persist stage of the synchronization search. During the persist stage, the provider can also send a Sync Info message containing the synchronization cookie at any time the provider wants to update the consumer-side state indicator.</P>
 <P>In the LDAP Sync protocol, entries are uniquely identified by the <TT>entryUUID</TT> attribute value. It can function as a reliable identifier of the entry. The DN of the entry, on the other hand, can be changed over time and hence cannot be considered as the reliable identifier.  The <TT>entryUUID</TT> is attached to each <EM>SearchResultEntry</EM> or <EM>SearchResultReference</EM> as a part of the synchronization control.</P>
-<H4><A NAME="Syncrepl Details">17.2.1.2. Syncrepl Details</A></H4>
+<H4><A NAME="Syncrepl Details">18.1.1.2. Syncrepl Details</A></H4>
 <P>The syncrepl engine utilizes both the <EM>refreshOnly</EM> and the <EM>refreshAndPersist</EM> operations of the LDAP Sync protocol.  If a syncrepl specification is included in a database definition, <EM>slapd</EM>(8) launches a syncrepl engine as a <EM>slapd</EM>(8) thread and schedules its execution. If the <EM>refreshOnly</EM> operation is specified, the syncrepl engine will be rescheduled at the interval time after a synchronization operation is completed.  If the <EM>refreshAndPersist</EM> operation is specified, the engine will remain active and process the persistent synchronization messages from the provider.</P>
-<P>The syncrepl engine utilizes both the present phase and the delete phase of the refresh synchronization. It is possible to configure a per-scope session log in the provider server which stores the <TT>entryUUID</TT>s of a finite number of entries deleted from a replication content.  Multiple replicas of single provider content share the same per-scope session log. The syncrepl engine uses the delete phase if the session log is present and the state of the consumer server is recent enough that no session log entries are truncated after the last synchronization of the client.  The syncrepl engine uses the present phase if no session log is configured for the replication content or if the consumer replica is too outdated to be covered by the session log.  The current design of the session log store is memory based, so the information contained in the session log is not persistent over multiple provider invocations. It is not currently supported to access the session log store by using LDAP operations. It is also not currently supported to impose access control to the session log.</P>
+<P>The syncrepl engine utilizes both the present phase and the delete phase of the refresh synchronization. It is possible to configure a session log in the provider which stores the <TT>entryUUID</TT>s of a finite number of entries deleted from a database. Multiple replicas share the same session log. The syncrepl engine uses the delete phase if the session log is present and the state of the consumer server is recent enough that no session log entries are truncated after the last synchronization of the client.  The syncrepl engine uses the present phase if no session log is configured for the replication content or if the consumer replica is too outdated to be covered by the session log.  The current design of the session log store is memory based, so the information contained in the session log is not persistent over multiple provider invocations. It is not currently supported to access the session log store by using LDAP operations. It is also not currently supported to impose access control to the session log.</P>
 <P>As a further optimization, even in the case the synchronization search is not associated with any session log, no entries will be transmitted to the consumer server when there has been no update in the replication context.</P>
 <P>The syncrepl engine, which is a consumer-side replication engine, can work with any backends. The LDAP Sync provider can be configured as an overlay on any backend, but works best with the <EM>back-bdb</EM> or <EM>back-hdb</EM> backend.</P>
 <P>The LDAP Sync provider maintains a <TT>contextCSN</TT> for each database as the current synchronization state indicator of the provider content.  It is the largest <TT>entryCSN</TT> in the provider context such that no transactions for an entry having smaller <TT>entryCSN</TT> value remains outstanding.  The <TT>contextCSN</TT> could not just be set to the largest issued <TT>entryCSN</TT> because <TT>entryCSN</TT> is obtained before a transaction starts and transactions are not committed in the issue order.</P>
@@ -6605,60 +6948,88 @@
 <P>Because a general search filter can be used in the syncrepl specification, some entries in the context may be omitted from the synchronization content.  The syncrepl engine creates a glue entry to fill in the holes in the replica context if any part of the replica content is subordinate to the holes. The glue entries will not be returned in the search result unless <EM>ManageDsaIT</EM> control is provided.</P>
 <P>Also as a consequence of the search filter used in the syncrepl specification, it is possible for a modification to remove an entry from the replication scope even though the entry has not been deleted on the provider. Logically the entry must be deleted on the consumer but in <EM>refreshOnly</EM> mode the provider cannot detect and propagate this change without the use of the session log.</P>
 <P>For configuration, please see the <A HREF="#Syncrepl">Syncrepl</A> section.</P>
-<H3><A NAME="Delta-syncrepl replication">17.2.2. Delta-syncrepl replication</A></H3>
+<H2><A NAME="Deployment Alternatives">18.2. Deployment Alternatives</A></H2>
+<P>While the LDAP Sync specification only defines a narrow scope for replication, the OpenLDAP implementation is extremely flexible and supports a variety of operating modes to handle other scenarios not explicitly addressed in the spec.</P>
+<H3><A NAME="Delta-syncrepl replication">18.2.1. Delta-syncrepl replication</A></H3>
 <UL>
-<LI>Disadvantages of Syncrepl replication:</UL>
-<P>OpenLDAP's syncrepl replication is an object-based replication mechanism. When any attribute value in a replicated object is changed on the provider, each consumer fetches and processes the complete changed object {B:both changed and unchanged attribute values} during replication. This works well, but has drawbacks in some situations.</P>
-<P>For example, suppose you have a database consisting of 100,000 objects of 1 KB each. Further, suppose you routinely run a batch job to change the value of a single two-byte attribute value that appears in each of the 100,000 objects on the master. Not counting LDAP and TCP/IP protocol overhead, each time you run this job each consumer will transfer and process {B:1 GB} of data to process {B:200KB of changes! }</P>
+<LI>Disadvantages of LDAP Sync replication:</UL>
+<P>LDAP Sync replication is an object-based replication mechanism. When any attribute value in a replicated object is changed on the provider, each consumer fetches and processes the complete changed object, including <B>both the changed and unchanged attribute values</B> during replication. One advantage of this approach is that when multiple changes occur to a single object, the precise sequence of those changes need not be preserved; only the final state of the entry is significant. But this approach may have drawbacks when the usage pattern involves single changes to multiple objects.</P>
+<P>For example, suppose you have a database consisting of 100,000 objects of 1 KB each. Further, suppose you routinely run a batch job to change the value of a single two-byte attribute value that appears in each of the 100,000 objects on the master. Not counting LDAP and TCP/IP protocol overhead, each time you run this job each consumer will transfer and process <B>1 GB</B> of data to process <B>200KB of changes!</B></P>
 <P>99.98% of the data that is transmitted and processed in a case like this will be redundant, since it represents values that did not change. This is a waste of valuable transmission and processing bandwidth and can cause an unacceptable replication backlog to develop. While this situation is extreme, it serves to demonstrate a very real problem that is encountered in some LDAP deployments.</P>
 <UL>
 <LI>Where Delta-syncrepl comes in:</UL>
-<P>Delta-syncrepl, a changelog-based variant of syncrepl, is designed to address situations like the one described above. Delta-syncrepl works by maintaining a changelog of a selectable depth on the provider. The replication consumer on each consumer checks the changelog for the changes it needs and, as long as the changelog contains the needed changes, the delta-syncrepl consumer fetches them from the changelog and applies them to its database. If, however, a replica is too far out of sync (or completely empty), conventional syncrepl is used to bring it up to date and replication then switches to the delta-syncrepl mode.</P>
+<P>Delta-syncrepl, a changelog-based variant of syncrepl, is designed to address situations like the one described above. Delta-syncrepl works by maintaining a changelog of a selectable depth on the provider. The replication consumer checks the changelog for the changes it needs and, as long as the changelog contains the needed changes, the consumer fetches the changes from the changelog and applies them to its database. If, however, a replica is too far out of sync (or completely empty), conventional syncrepl is used to bring it up to date and replication then switches back to the delta-syncrepl mode.</P>
 <P>For configuration, please see the <A HREF="#Delta-syncrepl">Delta-syncrepl</A> section.</P>
-<H2><A NAME="Mixture of both Pull and Push based">17.3. Mixture of both Pull and Push based</A></H2>
-<H3><A NAME="N-Way Multi-Master replication">17.3.1. N-Way Multi-Master replication</A></H3>
-<P>Multi-Master replication is a replication technique using Syncrepl to replicate data to multiple Master Directory servers.</P>
+<H3><A NAME="N-Way Multi-Master replication">18.2.2. N-Way Multi-Master replication</A></H3>
+<P>Multi-Master replication is a replication technique using Syncrepl to replicate data to multiple provider (&quot;Master&quot;) Directory servers.</P>
+<H4><A NAME="Valid Arguments for Multi-Master replication">18.2.2.1. Valid Arguments for Multi-Master replication</A></H4>
 <UL>
-<LI>Advantages of Multi-Master replication:<UL>
-<LI>If any master fails, other masters will continue to accept updates
+<LI>If any provider fails, other providers will continue to accept updates
 <LI>Avoids a single point of failure
-<LI>Masters can be located in several physical sites i.e. distributed across the network/globe.
+<LI>Providers can be located in several physical sites i.e. distributed across the network/globe.
 <LI>Good for Automatic failover/High Availability</UL>
-<LI>Disadvantages of Multi-Master replication:<UL>
+<H4><A NAME="Invalid Arguments for Multi-Master replication">18.2.2.2. Invalid Arguments for Multi-Master replication</A></H4>
+<P>(These are often claimed to be advantages of Multi-Master replication but those claims are false):</P>
+<UL>
 <LI>It has <B>NOTHING</B> to do with load balancing
+<LI>Providers <B>must</B> propagate writes to <B>all</B> the other servers, which means the network traffic and write load spreads across all of the servers the same as for single-master.
+<LI>Server utilization and performance are at best identical for Multi-Master and Single-Master replication; at worst Single-Master is superior because indexing can be tuned differently to optimize for the different usage patterns between the provider and the consumers.</UL>
+<H4><A NAME="Arguments against Multi-Master replication">18.2.2.3. Arguments against Multi-Master replication</A></H4>
+<UL>
+<LI>Breaks the data consistency guarantees of the directory model
 <LI><A HREF="http://www.openldap.org/faq/data/cache/1240.html">http://www.openldap.org/faq/data/cache/1240.html</A>
-<LI>If connectivity with a master is lost because of a network partition, then &quot;automatic failover&quot; can just compound the problem
+<LI>If connectivity with a provider is lost because of a network partition, then &quot;automatic failover&quot; can just compound the problem
 <LI>Typically, a particular machine cannot distinguish between losing contact with a peer because that peer crashed, or because the network link has failed
-<LI>If a network is partitioned and multiple clients start writing to each of the &quot;masters&quot; then reconciliation will be a pain; it may be best to simply deny writes to the clients that are partitioned from the single master
-<LI>Masters <B>must</B> propagate writes to <B>all</B> the other servers, which means the network traffic and write load is constant and spreads across all of the servers</UL></UL>
+<LI>If a network is partitioned and multiple clients start writing to each of the &quot;masters&quot; then reconciliation will be a pain; it may be best to simply deny writes to the clients that are partitioned from the single provider</UL>
 <P>For configuration, please see the <A HREF="#N-Way Multi-Master">N-Way Multi-Master</A> section below</P>
-<H3><A NAME="MirrorMode replication">17.3.2. MirrorMode replication</A></H3>
-<P>MirrorMode is a hybrid configuration that provides all of the consistency guarantees of single-master replication, while also providing the high availability of multi-master. In MirrorMode two masters are set up to replicate from each other (as a multi-master configuration) but an external frontend is employed to direct all writes to only one of the two servers. The second master will only be used for writes if the first master crashes, at which point the frontend will switch to directing all writes to the second master. When a crashed master is repaired and restarted it will automatically catch up to any changes on the running master and resync.</P>
-<H4><A NAME="Arguments for MirrorMode">17.3.2.1. Arguments for MirrorMode</A></H4>
+<H3><A NAME="MirrorMode replication">18.2.3. MirrorMode replication</A></H3>
+<P>MirrorMode is a hybrid configuration that provides all of the consistency guarantees of single-master replication, while also providing the high availability of multi-master. In MirrorMode two providers are set up to replicate from each other (as a multi-master configuration), but an external frontend is employed to direct all writes to only one of the two servers. The second provider will only be used for writes if the first provider crashes, at which point the frontend will switch to directing all writes to the second provider. When a crashed provider is repaired and restarted it will automatically catch up to any changes on the running provider and resync.</P>
+<H4><A NAME="Arguments for MirrorMode">18.2.3.1. Arguments for MirrorMode</A></H4>
 <UL>
 <LI>Provides a high-availability (HA) solution for directory writes (replicas handle reads)
-<LI>As long as one Master is operational, writes can safely be accepted
-<LI>Master nodes replicate from each other, so they are always up to date and can be ready to take over (hot standby)
-<LI>Syncrepl also allows the master nodes to re-synchronize after any downtime
-<LI>Delta-Syncrepl can be used</UL>
-<H4><A NAME="Arguments against MirrorMode">17.3.2.2. Arguments against MirrorMode</A></H4>
+<LI>As long as one provider is operational, writes can safely be accepted
+<LI>Provider nodes replicate from each other, so they are always up to date and can be ready to take over (hot standby)
+<LI>Syncrepl also allows the provider nodes to re-synchronize after any downtime</UL>
+<H4><A NAME="Arguments against MirrorMode">18.2.3.2. Arguments against MirrorMode</A></H4>
 <UL>
-<LI>MirrorMode is not what is termed as a Multi-Master solution. This is because writes have to go to one of the mirror nodes at a time
-<LI>MirrorMode can be termed as Active-Active Hot-Standby, therefor an external server (slapd in proxy mode) or device (hardware load balancer) to manage which master is currently active
-<LI>While syncrepl can recover from a completely empty database, slapadd is much faster
-<LI>Does not provide faster or more scalable write performance (neither could any Multi-Master solution)
+<LI>MirrorMode is not what is termed as a Multi-Master solution. This is because writes have to go to just one of the mirror nodes at a time
+<LI>MirrorMode can be termed as Active-Active Hot-Standby, therefore an external server (slapd in proxy mode) or device (hardware load balancer) is needed to manage which provider is currently active
 <LI>Backups are managed slightly differently<UL>
 <LI>If backing up the Berkeley database itself and periodically backing up the transaction log files, then the same member of the mirror pair needs to be used to collect logfiles until the next database backup is taken
-<LI>To ensure that both databases are consistent, each database might have to be put in read-only mode while performing a slapcat.
-<LI>When using slapcat, the generated LDIF files can be rather large. This can happen with a non-MirrorMode deployment also.</UL></UL>
+<LI>To ensure that both databases are consistent, each database might have to be put in read-only mode while performing a slapcat.</UL>
+<LI>Delta-Syncrepl is not yet supported</UL>
 <P>For configuration, please see the <A HREF="#MirrorMode">MirrorMode</A> section below</P>
-<H2><A NAME="Configuring the different replication types">17.4. Configuring the different replication types</A></H2>
-<H3><A NAME="Syncrepl">17.4.1. Syncrepl</A></H3>
-<H4><A NAME="Syncrepl configuration">17.4.1.1. Syncrepl configuration</A></H4>
-<P>Because syncrepl is a consumer-side replication engine, the syncrepl specification is defined in <EM>slapd.conf</EM>(5) of the consumer server, not in the provider server's configuration file.  The initial loading of the replica content can be performed either by starting the syncrepl engine with no synchronization cookie or by populating the consumer replica by adding an <TERM>LDIF</TERM> file dumped as a backup at the provider.</P>
+<H3><A NAME="Syncrepl Proxy Mode">18.2.4. Syncrepl Proxy Mode</A></H3>
+<P>While the LDAP Sync protocol supports both pull- and push-based replication, the push mode (refreshAndPersist) must still be initiated from the consumer before the provider can begin pushing changes. In some network configurations, particularly where firewalls restrict the direction in which connections can be made, a provider-initiated push mode may be needed.</P>
+<P>This mode can be configured with the aid of the LDAP Backend (<A HREF="#Backends">Backends</A> and <EM>slapd-ldap(8)</EM>). Instead of running the syncrepl engine on the actual consumer, a slapd-ldap proxy is set up near (or collocated with) the provider that points to the consumer, and the syncrepl engine runs on the proxy.</P>
+<P>For configuration, please see the <A HREF="#Syncrepl Proxy">Syncrepl Proxy</A> section.</P>
+<H4><A NAME="Replacing Slurpd">18.2.4.1. Replacing Slurpd</A></H4>
+<P>The old <EM>slurpd</EM> mechanism only operated in provider-initiated push mode.  Slurpd replication was deprecated in favor of Syncrepl replication and has been completely removed from OpenLDAP 2.4.</P>
+<P>The slurpd daemon was the original replication mechanism inherited from UMich's LDAP and operated in push mode: the master pushed changes to the slaves. It was replaced for many reasons, in brief:</P>
+<UL>
+<LI>It was not reliable<UL>
+<LI>It was extremely sensitive to the ordering of records in the replog
+<LI>It could easily go out of sync, at which point manual intervention was required to resync the slave database with the master directory
+<LI>It wasn't very tolerant of unavailable servers. If a slave went down for a long time, the replog could grow to a size that was too large for slurpd to process</UL>
+<LI>It only worked in push mode
+<LI>It required stopping and restarting the master to add new slaves
+<LI>It only supported single master replication</UL>
+<P>Syncrepl has none of those weaknesses:</P>
+<UL>
+<LI>Syncrepl is self-synchronizing; you can start with a consumer database in any state from totally empty to fully synced and it will automatically do the right thing to achieve and maintain synchronization<UL>
+<LI>It is completely insensitive to the order in which changes occur
+<LI>It guarantees convergence between the consumer and the provider content without manual intervention
+<LI>It can resynchronize regardless of how long a consumer stays out of contact with the provider</UL>
+<LI>Syncrepl can operate in either direction
+<LI>Consumers can be added at any time without touching anything on the provider
+<LI>Multi-master replication is supported</UL>
+<H2><A NAME="Configuring the different replication types">18.3. Configuring the different replication types</A></H2>
+<H3><A NAME="Syncrepl">18.3.1. Syncrepl</A></H3>
+<H4><A NAME="Syncrepl configuration">18.3.1.1. Syncrepl configuration</A></H4>
+<P>Because syncrepl is a consumer-side replication engine, the syncrepl specification is defined in <EM>slapd.conf</EM>(5) of the consumer server, not in the provider server's configuration file.  The initial loading of the replica content can be performed either by starting the syncrepl engine with no synchronization cookie or by populating the consumer replica by loading an <TERM>LDIF</TERM> file dumped as a backup at the provider.</P>
 <P>When loading from a backup, it is not required to perform the initial loading from the up-to-date backup of the provider content. The syncrepl engine will automatically synchronize the initial consumer replica to the current provider content. As a result, it is not required to stop the provider server in order to avoid the replica inconsistency caused by the updates to the provider content during the content backup and loading process.</P>
 <P>When replicating a large scale directory, especially in a bandwidth constrained environment, it is advised to load the consumer replica from a backup instead of performing a full initial load using syncrepl.</P>
-<H4><A NAME="Set up the provider slapd">17.4.1.2. Set up the provider slapd</A></H4>
+<H4><A NAME="Set up the provider slapd">18.3.1.2. Set up the provider slapd</A></H4>
 <P>The provider is implemented as an overlay, so the overlay itself must first be configured in <EM>slapd.conf</EM>(5) before it can be used. The provider has only two configuration directives, for setting checkpoints on the <TT>contextCSN</TT> and for configuring the session log.  Because the LDAP Sync search is subject to access control, proper access control privileges should be set up for the replicated content.</P>
 <P>The <TT>contextCSN</TT> checkpoint is configured by the</P>
 <PRE>
@@ -6683,7 +7054,7 @@
         syncprov-checkpoint 100 10
         syncprov-sessionlog 100
 </PRE>
-<H4><A NAME="Set up the consumer slapd">17.4.1.3. Set up the consumer slapd</A></H4>
+<H4><A NAME="Set up the consumer slapd">18.3.1.3. Set up the consumer slapd</A></H4>
 <P>The syncrepl replication is specified in the database section of <EM>slapd.conf</EM>(5) for the replica context.  The syncrepl engine is backend independent and the directive can be defined with any database type.</P>
 <PRE>
         database hdb
@@ -6706,18 +7077,19 @@
                 credentials=secret
 </PRE>
 <P>In this example, the consumer will connect to the provider <EM>slapd</EM>(8) at port 389 of <A HREF="ldap://provider.example.com">ldap://provider.example.com</A> to perform a polling (<EM>refreshOnly</EM>) mode of synchronization once a day.  It will bind as <TT>cn=syncuser,dc=example,dc=com</TT> using simple authentication with password &quot;secret&quot;.  Note that the access control privilege of <TT>cn=syncuser,dc=example,dc=com</TT> should be set appropriately in the provider to retrieve the desired replication content. Also the search limits must be high enough on the provider to allow the syncuser to retrieve a complete copy of the requested content.  The consumer uses the rootdn to write to its database so it always has full permissions to write all content.</P>
-<P>The synchronization search in the above example will search for the entries whose objectClass is organizationalPerson in the entire subtree rooted at <TT>dc=example,dc=com</TT>. The requested attributes are <TT>cn</TT>, <TT>sn</TT>, <TT>ou</TT>, <TT>telephoneNumber</TT>, <TT>title</TT>, and <TT>l</TT>. The schema checking is turned off, so that the consumer <EM>slapd</EM>(8) will not enforce entry schema checking when it process updates from the provider <EM>slapd</EM>(8).</P>
+<P>The synchronization search in the above example will search for the entries whose objectClass is organizationalPerson in the entire subtree rooted at <TT>dc=example,dc=com</TT>. The requested attributes are <TT>cn</TT>, <TT>sn</TT>, <TT>ou</TT>, <TT>telephoneNumber</TT>, <TT>title</TT>, and <TT>l</TT>. The schema checking is turned off, so that the consumer <EM>slapd</EM>(8) will not enforce entry schema checking when it processes updates from the provider <EM>slapd</EM>(8).</P>
 <P>For more detailed information on the syncrepl directive, see the <A HREF="#syncrepl">syncrepl</A> section of <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapter of this admin guide.</P>
-<H4><A NAME="Start the provider and the consumer slapd">17.4.1.4. Start the provider and the consumer slapd</A></H4>
+<H4><A NAME="Start the provider and the consumer slapd">18.3.1.4. Start the provider and the consumer slapd</A></H4>
 <P>The provider <EM>slapd</EM>(8) is not required to be restarted. <EM>contextCSN</EM> is automatically generated as needed: it might be originally contained in the <TERM>LDIF</TERM> file, generated by <EM>slapadd</EM> (8), generated upon changes in the context, or generated when the first LDAP Sync search arrives at the provider.  If an LDIF file is being loaded which did not previously contain the <EM>contextCSN</EM>, the <EM>-w</EM> option should be used with <EM>slapadd</EM> (8) to cause it to be generated. This will allow the server to startup a little quicker the first time it runs.</P>
 <P>When starting a consumer <EM>slapd</EM>(8), it is possible to provide a synchronization cookie as the <EM>-c cookie</EM> command line option in order to start the synchronization from a specific state.  The cookie is a comma separated list of name=value pairs. Currently supported syncrepl cookie fields are <EM>csn=&lt;csn&gt;</EM> and <EM>rid=&lt;rid&gt;</EM>. <EM>&lt;csn&gt;</EM> represents the current synchronization state of the consumer replica.  <EM>&lt;rid&gt;</EM> identifies a consumer replica locally within the consumer server. It is used to relate the cookie to the syncrepl definition in <EM>slapd.conf</EM>(5) which has the matching replica identifier.  The <EM>&lt;rid&gt;</EM> must have no more than 3 decimal digits.  The command line cookie overrides the synchronization cookie stored in the consumer replica database.</P>
-<H3><A NAME="Delta-syncrepl">17.4.2. Delta-syncrepl</A></H3>
-<H4><A NAME="Delta-syncrepl Master configuration">17.4.2.1. Delta-syncrepl Master configuration</A></H4>
+<H3><A NAME="Delta-syncrepl">18.3.2. Delta-syncrepl</A></H3>
+<H4><A NAME="Delta-syncrepl Provider configuration">18.3.2.1. Delta-syncrepl Provider configuration</A></H4>
 <P>Setting up delta-syncrepl requires configuration changes on both the master and replica servers:</P>
 <PRE>
-     # Give the replica DN unlimited read access.  This ACL may need to be
-     # merged with other ACL statements.
-
+     # Give the replica DN unlimited read access.  This ACL needs to be
+     # merged with other ACL statements, and/or moved within the scope
+     # of a database.  The &quot;by * break&quot; portion causes evaluation of
+     # subsequent rules.  See slapd.access(5) for details.
      access to *
         by dn.base=&quot;cn=replicator,dc=symas,dc=com&quot; read
         by * break
@@ -6775,10 +7147,10 @@
      # Let the replica DN have limitless searches
      limits dn.exact=&quot;cn=replicator,dc=symas,dc=com&quot; time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
 </PRE>
-<P>For more information, always consult the relevant man pages (slapo-accesslog and slapd.conf)</P>
-<H4><A NAME="Delta-syncrepl Replica configuration">17.4.2.2. Delta-syncrepl Replica configuration</A></H4>
+<P>For more information, always consult the relevant man pages (<EM>slapo-accesslog</EM>(5) and <EM>slapd.conf</EM>(5))</P>
+<H4><A NAME="Delta-syncrepl Consumer configuration">18.3.2.2. Delta-syncrepl Consumer configuration</A></H4>
 <PRE>
-     # Primary replica database configuration
+     # Replica database configuration
      database hdb
      suffix &quot;dc=symas,dc=com&quot;
      rootdn &quot;cn=manager,dc=symas,dc=com&quot;
@@ -6806,8 +7178,8 @@
      # Refer updates to the master
      updateref               ldap://ldapmaster.symas.com
 </PRE>
-<P>The above configuration assumes that you have a replicator identity defined in your database that can be used to bind to the master with. In addition, all of the databases (primary master, primary replica, and the accesslog storage database) should also have properly tuned <EM>DB_CONFIG</EM> files that meet your needs.</P>
-<H3><A NAME="N-Way Multi-Master">17.4.3. N-Way Multi-Master</A></H3>
+<P>The above configuration assumes that you have a replicator identity defined in your database that can be used to bind to the provider. In addition, all of the databases (primary, replica, and the accesslog storage database) should also have properly tuned <EM>DB_CONFIG</EM> files that meet your needs.</P>
+<H3><A NAME="N-Way Multi-Master">18.3.3. N-Way Multi-Master</A></H3>
 <P>For the following example we will be using 3 Master nodes. Keeping in line with <B>test050-syncrepl-multimaster</B> of the OpenLDAP test suite, we will be configuring <EM>slapd(8)</EM> via <B>cn=config</B></P>
 <P>This sets up the config database:</P>
 <PRE>
@@ -6883,6 +7255,7 @@
      olcDbDirectory: ./db
      olcRootDN: $MANAGERDN
      olcRootPW: $PASSWD
+     olcLimits: dn.exact=&quot;$MANAGERDN&quot; time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
      olcSyncRepl: rid=004 provider=$URI1 binddn=&quot;$MANAGERDN&quot; bindmethod=simple
        credentials=$PASSWD searchbase=&quot;$BASEDN&quot; type=refreshOnly
        interval=00:00:00:10 retry=&quot;5 5 300 5&quot; timeout=1
@@ -6901,19 +7274,19 @@
      olcOverlay: syncprov
 </PRE>
 <P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>You must have all your server set to the same time via <A HREF="http://www.ntp.org/">http://www.ntp.org/</A>
+<STRONG>Note: </STRONG>You must have all your servers set to the same time via <A HREF="http://www.ntp.org/">http://www.ntp.org/</A>
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="MirrorMode">17.4.4. MirrorMode</A></H3>
+<H3><A NAME="MirrorMode">18.3.4. MirrorMode</A></H3>
 <P>MirrorMode configuration is actually very easy. If you have ever setup a normal slapd syncrepl provider, then the only change is the following two directives:</P>
 <PRE>
        mirrormode  on
        serverID    1
 </PRE>
 <P><HR WIDTH="80%" ALIGN="Left">
-<STRONG>Note: </STRONG>You need to make sure that the <EM>serverID</EM> of each mirror node pair is different and add it as a global configuration option.
+<STRONG>Note: </STRONG>You need to make sure that the <EM>serverID</EM> of each mirror node is different and add it as a global configuration option.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H4><A NAME="Mirror Node Configuration">17.4.4.1. Mirror Node Configuration</A></H4>
-<P>This is the same as the <A HREF="#Set up the provider slapd">Set up the provider slapd</A> section.</P>
+<H4><A NAME="Mirror Node Configuration">18.3.4.1. Mirror Node Configuration</A></H4>
+<P>The first step is to configure the syncrepl provider the same as in the <A HREF="#Set up the provider slapd">Set up the provider slapd</A> section.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>Delta-syncrepl is not yet supported with MirrorMode.
 <HR WIDTH="80%" ALIGN="Left"></P>
@@ -6924,9 +7297,9 @@
        serverID    1
        # database section
 
-       # syncrepl directives
+       # syncrepl directive
        syncrepl      rid=001
-                     provider=ldap://ldap-ridr1.example.com
+                     provider=ldap://ldap-sid2.example.com
                      bindmethod=simple
                      binddn=&quot;cn=mirrormode,dc=example,dc=com&quot;
                      credentials=mirrormode
@@ -6935,16 +7308,6 @@
                      type=refreshAndPersist
                      retry=&quot;60 +&quot;
 
-       syncrepl      rid=002
-                     provider=ldap://ldap-rid2.example.com
-                     bindmethod=simple
-                     binddn=&quot;cn=mirrormode,dc=example,dc=com&quot;
-                     credentials=mirrormode
-                     searchbase=&quot;dc=example,dc=com&quot;
-                     schemachecking=on
-                     type=refreshAndPersist
-                     retry=&quot;60 +&quot;
-
        mirrormode on
 </PRE>
 <P>MirrorMode node 2:</P>
@@ -6953,9 +7316,9 @@
        serverID    2
        # database section
 
-       # syncrepl directives
+       # syncrepl directive
        syncrepl      rid=001
-                     provider=ldap://ldap-ridr1.example.com
+                     provider=ldap://ldap-sid1.example.com
                      bindmethod=simple
                      binddn=&quot;cn=mirrormode,dc=example,dc=com&quot;
                      credentials=mirrormode
@@ -6964,33 +7327,240 @@
                      type=refreshAndPersist
                      retry=&quot;60 +&quot;
 
-       syncrepl      rid=002
-                     provider=ldap://ldap-rid2.example.com
-                     bindmethod=simple
-                     binddn=&quot;cn=mirrormode,dc=example,dc=com&quot;
-                     credentials=mirrormode
-                     searchbase=&quot;dc=example,dc=com&quot;
-                     schemachecking=on
-                     type=refreshAndPersist
-                     retry=&quot;60 +&quot;
-
        mirrormode on
 </PRE>
-<P>It's simple really; each MirrorMode node is setup <B>exactly</B> the same, except that the <EM>serverID</EM> is unique.</P>
-<H5><A NAME="Failover Configuration">17.4.4.1.1. Failover Configuration</A></H5>
+<P>It's simple really; each MirrorMode node is setup <B>exactly</B> the same, except that the <EM>serverID</EM> is unique, and each consumer is pointed to the other server.</P>
+<H5><A NAME="Failover Configuration">18.3.4.1.1. Failover Configuration</A></H5>
 <P>There are generally 2 choices for this; 1.  Hardware proxies/load-balancing or dedicated proxy software, 2. using a Back-LDAP proxy as a syncrepl provider</P>
 <P>A typical enterprise example might be:</P>
 <P><CENTER><IMG SRC="dual_dc.png" ALIGN="center"></CENTER></P>
 <P ALIGN="Center">Figure X.Y: MirrorMode in a Dual Data Center Configuration</P>
-<H5><A NAME="Normal Consumer Configuration">17.4.4.1.2. Normal Consumer Configuration</A></H5>
+<H5><A NAME="Normal Consumer Configuration">18.3.4.1.2. Normal Consumer Configuration</A></H5>
 <P>This is exactly the same as the <A HREF="#Set up the consumer slapd">Set up the consumer slapd</A> section. It can either setup in normal <A HREF="#syncrepl replication">syncrepl replication</A> mode, or in <A HREF="#delta-syncrepl replication">delta-syncrepl replication</A> mode.</P>
-<H4><A NAME="MirrorMode Summary">17.4.4.2. MirrorMode Summary</A></H4>
-<P>Hopefully you will now have a directory architecture that provides all of the consistency guarantees of single-master replication, whilst also providing the high availability of multi-master replication.</P>
+<H4><A NAME="MirrorMode Summary">18.3.4.2. MirrorMode Summary</A></H4>
+<P>You will now have a directory architecture that provides all of the consistency guarantees of single-master replication, while also providing the high availability of multi-master replication.</P>
+<H3><A NAME="Syncrepl Proxy">18.3.5. Syncrepl Proxy</A></H3>
+<P><CENTER><IMG SRC="push-based-complete.png" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure X.Y: Replacing slurpd</P>
+<P>The following example is for a self-contained push-based replication solution:</P>
+<PRE>
+        #######################################################################
+        # Standard OpenLDAP Master/Provider
+        #######################################################################
+
+        include     /usr/local/etc/openldap/schema/core.schema
+        include     /usr/local/etc/openldap/schema/cosine.schema
+        include     /usr/local/etc/openldap/schema/nis.schema
+        include     /usr/local/etc/openldap/schema/inetorgperson.schema
+
+        include     /usr/local/etc/openldap/slapd.acl
+
+        modulepath  /usr/local/libexec/openldap
+        moduleload  back_hdb.la
+        moduleload  syncprov.la
+        moduleload  back_monitor.la
+        moduleload  back_ldap.la
+
+        pidfile     /usr/local/var/slapd.pid
+        argsfile    /usr/local/var/slapd.args
+
+        loglevel    sync stats
+
+        database    hdb
+        suffix      &quot;dc=suretecsystems,dc=com&quot;
+        directory   /usr/local/var/openldap-data
+
+        checkpoint      1024 5
+        cachesize       10000
+        idlcachesize    10000
+
+        index       objectClass eq
+        # rest of indexes
+        index       default     sub
+
+        rootdn          &quot;cn=admin,dc=suretecsystems,dc=com&quot;
+        rootpw          testing
+
+        # syncprov specific indexing
+        index entryCSN eq
+        index entryUUID eq
+
+        # syncrepl Provider for primary db
+        overlay syncprov
+        syncprov-checkpoint 1000 60
+
+        # Let the replica DN have limitless searches
+        limits dn.exact=&quot;cn=replicator,dc=suretecsystems,dc=com&quot; time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
+
+        database    monitor
+
+        database    config
+        rootpw          testing
+
+        ##############################################################################
+        # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
+        ##############################################################################
+
+        database        ldap
+        # ignore conflicts with other databases, as we need to push out to same suffix
+        hidden              on
+        suffix          &quot;dc=suretecsystems,dc=com&quot;
+        rootdn          &quot;cn=slapd-ldap&quot;
+        uri             ldap://localhost:9012/
+
+        lastmod         on
+
+        # We don't need any access to this DSA
+        restrict        all
+
+        acl-bind        bindmethod=simple
+                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
+                        credentials=testing
+
+        syncrepl        rid=001
+                        provider=ldap://localhost:9011/
+                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
+                        bindmethod=simple
+                        credentials=testing
+                        searchbase=&quot;dc=suretecsystems,dc=com&quot;
+                        type=refreshAndPersist
+                        retry=&quot;5 5 300 5&quot;
+
+        overlay         syncprov
+</PRE>
+<P>A replica configuration for this type of setup could be:</P>
+<PRE>
+        #######################################################################
+        # Standard OpenLDAP Slave without Syncrepl
+        #######################################################################
+
+        include     /usr/local/etc/openldap/schema/core.schema
+        include     /usr/local/etc/openldap/schema/cosine.schema
+        include     /usr/local/etc/openldap/schema/nis.schema
+        include     /usr/local/etc/openldap/schema/inetorgperson.schema
+
+        include     /usr/local/etc/openldap/slapd.acl
+
+        modulepath  /usr/local/libexec/openldap
+        moduleload  back_hdb.la
+        moduleload  syncprov.la
+        moduleload  back_monitor.la
+        moduleload  back_ldap.la
+
+        pidfile     /usr/local/var/slapd.pid
+        argsfile    /usr/local/var/slapd.args
+
+        loglevel    sync stats
+
+        database    hdb
+        suffix      &quot;dc=suretecsystems,dc=com&quot;
+        directory   /usr/local/var/openldap-slave/data
+
+        checkpoint      1024 5
+        cachesize       10000
+        idlcachesize    10000
+
+        index       objectClass eq
+        # rest of indexes
+        index       default     sub
+
+        rootdn          &quot;cn=admin,dc=suretecsystems,dc=com&quot;
+        rootpw          testing
+
+        # Let the replica DN have limitless searches
+        limits dn.exact=&quot;cn=replicator,dc=suretecsystems,dc=com&quot; time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
+
+        updatedn &quot;cn=replicator,dc=suretecsystems,dc=com&quot;
+
+        # Refer updates to the master
+        updateref   ldap://localhost:9011
+
+        database    monitor
+
+        database    config
+        rootpw          testing
+</PRE>
+<P>You can see we use the <EM>updatedn</EM> directive here and example ACLs (<TT>usr/local/etc/openldap/slapd.acl</TT>) for this could be:</P>
+<PRE>
+        # Give the replica DN unlimited read access.  This ACL may need to be
+        # merged with other ACL statements.
+
+        access to *
+             by dn.base=&quot;cn=replicator,dc=suretecsystems,dc=com&quot; write
+             by * break
+
+        access to dn.base=&quot;&quot;
+                by * read
+
+        access to dn.base=&quot;cn=Subschema&quot;
+                by * read
+
+        access to dn.subtree=&quot;cn=Monitor&quot;
+            by dn.exact=&quot;uid=admin,dc=suretecsystems,dc=com&quot; write
+            by users read
+            by * none
+
+        access to *
+                by self write
+                by * read
+</PRE>
+<P>In order to support more replicas, just add more <EM>database ldap</EM> sections and increment the <EM>syncrepl rid</EM> number accordingly.</P>
+<P><HR WIDTH="80%" ALIGN="Left">
+<STRONG>Note: </STRONG>You must populate the Master and Slave directories with the same data, unlike when using normal Syncrepl
+<HR WIDTH="80%" ALIGN="Left"></P>
+<P>If you do not have access to modify the master directory configuration you can configure a standalone ldap proxy, which might look like:</P>
+<P><CENTER><IMG SRC="push-based-standalone.png" ALIGN="center"></CENTER></P>
+<P ALIGN="Center">Figure X.Y: Replacing slurpd with a standalone version</P>
+<P>The following configuration is an example of a standalone LDAP Proxy:</P>
+<PRE>
+        include     /usr/local/etc/openldap/schema/core.schema
+        include     /usr/local/etc/openldap/schema/cosine.schema
+        include     /usr/local/etc/openldap/schema/nis.schema
+        include     /usr/local/etc/openldap/schema/inetorgperson.schema
+
+        include     /usr/local/etc/openldap/slapd.acl
+
+        modulepath  /usr/local/libexec/openldap
+        moduleload  syncprov.la
+        moduleload  back_ldap.la
+
+        ##############################################################################
+        # Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
+        ##############################################################################
+
+        database        ldap
+        # ignore conflicts with other databases, as we need to push out to same suffix
+        hidden              on
+        suffix          &quot;dc=suretecsystems,dc=com&quot;
+        rootdn          &quot;cn=slapd-ldap&quot;
+        uri             ldap://localhost:9012/
+
+        lastmod         on
+
+        # We don't need any access to this DSA
+        restrict        all
+
+        acl-bind        bindmethod=simple
+                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
+                        credentials=testing
+
+        syncrepl        rid=001
+                        provider=ldap://localhost:9011/
+                        binddn=&quot;cn=replicator,dc=suretecsystems,dc=com&quot;
+                        bindmethod=simple
+                        credentials=testing
+                        searchbase=&quot;dc=suretecsystems,dc=com&quot;
+                        type=refreshAndPersist
+                        retry=&quot;5 5 300 5&quot;
+
+        overlay         syncprov
+</PRE>
+<P>As you can see, you can let your imagination go wild using Syncrepl and <EM>slapd-ldap(8)</EM> tailoring your replication to fit your specific network topology.</P>
 <P></P>
 <HR>
-<H1><A NAME="Maintenance">18. Maintenance</A></H1>
+<H1><A NAME="Maintenance">19. Maintenance</A></H1>
 <P>System Administration is all about maintenance, so it is only fair that we discuss how to correctly maintain an OpenLDAP deployment.</P>
-<H2><A NAME="Directory Backups">18.1. Directory Backups</A></H2>
+<H2><A NAME="Directory Backups">19.1. Directory Backups</A></H2>
 <P>Backup strategies largely depend on the amount of change in the database and how much of that change an administrator might be willing to lose in a catastrophic failure. There are two basic methods that can be used:</P>
 <P>1. Backup the Berkeley database itself and periodically back up the transaction log files:</P>
 <P>Berkeley DB produces transaction logs that can be used to reconstruct changes from a given point in time. For example, if an administrator were willing to only lose one hour's worth of changes, they could take down the server in the middle of the night, copy the Berkeley database files offsite, and bring the server back online. Then, on an hourly basis, they could force a database checkpoint, capture the log files that have been generated in the past hour, and copy them offsite. The accumulated log files, in combination with the previous database backup, could be used with db_recover to reconstruct the database up to the time the last collection of log files was copied offsite. This method affords good protection, with minimal space overhead.</P>
@@ -7002,7 +7572,7 @@
 </PRE>
 <P>For back-bdb and back-hdb, this command may be ran while slapd(8) is running.</P>
 <P>MORE on actual Berkeley DB backups later covering db_recover etc.</P>
-<H2><A NAME="Berkeley DB Logs">18.2. Berkeley DB Logs</A></H2>
+<H2><A NAME="Berkeley DB Logs">19.2. Berkeley DB Logs</A></H2>
 <P>Berkeley DB log files grow, and the administrator has to deal with it. The procedure is known as log file archival or log file rotation.</P>
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>The actual log file rotation is handled by the Berkeley DB engine.
@@ -7029,25 +7599,44 @@
 <LI>to keep data files and log files on different mediums (i.e. disks) to improve performance and/or reliability;
 <LI>to fine-tune some specific options (such as shared memory region sizes);
 <LI>to set the log file limit (please read Log file limits before doing this).</UL>
-<P>To figure out the best-practice BDB backup scenario, the reader is highly recommended to read the whole Chapter 9: Berkeley DB Transactional Data Store Applications. This chapter is a set of small pages with examples in C language. Non-programming people can skip this examples without loss of knowledge.</P>
-<H2><A NAME="Checkpointing">18.3. Checkpointing</A></H2>
+<P>To figure out the best-practice BDB backup scenario, the reader is highly recommended to read the whole Chapter 9: Berkeley DB Transactional Data Store Applications. This chapter is a set of small pages with examples in C language. Non-programming people can skip these examples without loss of knowledge.</P>
+<H2><A NAME="Checkpointing">19.3. Checkpointing</A></H2>
 <P>MORE/TIDY</P>
 <P>If you put &quot;checkpoint 1024 5&quot; in slapd.conf (to checkpoint after 1024kb or 5 minutes, for example), this does not checkpoint every 5 minutes as you may think. The explanation from Howard is:</P>
 <P>'In OpenLDAP 2.1 and 2.2 the checkpoint directive acts as follows - *when there is a write operation*, and more than &lt;check&gt; minutes have occurred since the last checkpoint, perform the checkpoint. If more than &lt;check&gt; minutes pass after a write without any other write operations occurring, no checkpoint is performed, so it's possible to lose the last write that occurred.''</P>
 <P>In other words, a write operation occurring less than &quot;check&quot; minutes after the last checkpoint will not be checkpointed until the next write occurs after &quot;check&quot; minutes have passed since the checkpoint.</P>
 <P>This has been modified in 2.3 to indeed checkpoint every so often; in the meantime a workaround is to invoke &quot;db_checkpoint&quot; from a cron script every so often, say 5 minutes.</P>
-<H2><A NAME="Migration">18.4. Migration</A></H2>
-<P>Exporting to a new system......</P>
+<H2><A NAME="Migration">19.4. Migration</A></H2>
+<P>The simplest steps needed to migrate between versions or upgrade, depending on your deployment type are:</P>
+<UL>
+&nbsp;</UL><OL>
+<LI><B>Stop the current server when convenient</B>
+<BR>
+&nbsp;
+<LI><B>slapcat the current data out</B>
+<BR>
+&nbsp;
+<LI><B>Clear out the current data directory (/usr/local/var/openldap-data/) leaving DB_CONFIG in place</B>
+<BR>
+&nbsp;
+<LI><B>Perform the software upgrades</B>
+<BR>
+&nbsp;
+<LI><B>slapadd the exported data back into the directory</B>
+<BR>
+&nbsp;
+<LI><B>Start the server</B></OL>
+<P>Obviously this doesn't cater for any complicated deployments like <A HREF="#MirrorMode">MirrorMode</A> or <A HREF="#N-Way Multi-Master">N-Way Multi-Master</A>, but following the above sections and using either commercial support or community support should help. Also check the <A HREF="#Troubleshooting">Troubleshooting</A> section.</P>
 <P></P>
 <HR>
-<H1><A NAME="Monitoring">19. Monitoring</A></H1>
+<H1><A NAME="Monitoring">20. Monitoring</A></H1>
 <P><EM>slapd</EM>(8) supports an optional <TERM>LDAP</TERM> monitoring interface you can use to obtain information regarding the current state of your <EM>slapd</EM> instance.  For instance, the interface allows you to determine how many clients are connected to the server currently. The monitoring information is provided by a specialized backend, the <EM>monitor</EM> backend.  A manual page, <EM>slapd-monitor</EM>(5) is available.</P>
 <P>When the monitoring interface is enabled, LDAP clients may be used to access information provided by the <EM>monitor</EM> backend, subject to access and other controls.</P>
 <P>When enabled, the <EM>monitor</EM> backend dynamically generates and returns objects in response to search requests in the <EM>cn=Monitor</EM> subtree.  Each object contains information about a particular aspect of the server.  The information is held in a combination of user applications and operational attributes.   This information can be access with <EM>ldapsearch(1)</EM>, with any general-purpose LDAP browser, or with specialized monitoring tools.  The <A HREF="#Accessing Monitoring Information">Accessing Monitoring Information</A> section provides a brief tutorial on how to use <EM>ldapsearch</EM>(1) to access monitoring information, while the <A HREF="#Monitor information">Monitor information</A> section details monitoring information base and its organization.</P>
 <P>While support for the monitor backend is included in default builds of slapd(8), this support requires some configuration to become active.  This may be done using either <TT>cn=config</TT> or <EM>slapd.conf</EM>(5).  The former is discussed in the <A HREF="#Monitor configuration via cn=config">Monitor configuration via cn=config</A> section of this of this chapter.  The latter is discussed in the <A HREF="#Monitor configuration via slapd.conf(5)">Monitor configuration via slapd.conf(5)</A> section of this chapter.  These sections assume monitor backend is built into <EM>slapd</EM> (e.g., <TT>--enable-monitor=yes</TT>, the default).  If the monitor backend was built as a module (e.g., <TT>--enable-monitor=mod</TT>, this module must loaded.  Loading of modules is discussed in the <A HREF="#Configuring slapd">Configuring slapd</A> and <A HREF="#The slapd Configuration File">The slapd Configuration File</A> chapters.</P>
-<H2><A NAME="Monitor configuration via cn=config(5)">19.1. Monitor configuration via cn=config(5)</A></H2>
+<H2><A NAME="Monitor configuration via cn=config(5)">20.1. Monitor configuration via cn=config(5)</A></H2>
 <P><EM>This section has yet to be written.</EM></P>
-<H2><A NAME="Monitor configuration via slapd.conf(5)">19.2. Monitor configuration via slapd.conf(5)</A></H2>
+<H2><A NAME="Monitor configuration via slapd.conf(5)">20.2. Monitor configuration via slapd.conf(5)</A></H2>
 <P>Configuration of the slapd.conf(5) to support LDAP monitoring is quite simple.</P>
 <P>First, ensure <EM>core.schema</EM> schema configuration file is included by your <EM>slapd.conf</EM>(5) file.  The <EM>monitor</EM> backend requires it.</P>
 <P>Second, instantiate the <EM>monitor backend</EM> by adding a <EM>database monitor</EM> directive below your existing database sections.  For instance:</P>
@@ -7069,7 +7658,7 @@
                 -b 'cn=Monitor' -s base 1.1
 </PRE>
 <P>Note that unlike general purpose database backends, the database suffix is hardcoded.  It's always <TT>cn=Monitor</TT>.  So no <EM>suffix</EM> directive should be provided.  Also note that general purpose database backends, the monitor backend cannot be instantiated multiple times.  That is, there can only be one (or zero) occurrences of <TT>database monitor</TT> in the server's configuration.</P>
-<H2><A NAME="Accessing Monitoring Information">19.3. Accessing Monitoring Information</A></H2>
+<H2><A NAME="Accessing Monitoring Information">20.3. Accessing Monitoring Information</A></H2>
 <P>As previously discussed, when enabled, the <EM>monitor</EM> backend dynamically generates and returns objects in response to search requests in the <EM>cn=Monitor</EM> subtree.  Each object contains information about a particular aspect of the server.  The information is held in a combination of user applications and operational attributes.  This information can be access with <EM>ldapsearch(1)</EM>, with any general-purpose LDAP browser, or with specialized monitoring tools.</P>
 <P>This section provides a provides a brief tutorial on how to use <EM>ldapsearch</EM>(1) to access monitoring information.</P>
 <P>To inspect any particular monitor object, one performs search operation on the object with a baseObject scope and a <TT>(objectClass=*)</TT> filter.  As the monitoring information is contained in a combination of user applications and operational attributes, the return all user applications attributes (e.g., <TT>'*'</TT>) and all operational attributes (e.g., <TT>'+'</TT>) should be requested.   For instance, to read the <TT>cn=Monitor</TT> object itself, the <EM>ldapsearch</EM>(1) command (modified to fit your configuration) can be used:</P>
@@ -7117,7 +7706,7 @@
         ldapsearch -x -D 'cn=Manager,dc=example,dc=com' -W -b 'cn=Monitor' -s sub 1.1
 </PRE>
 <P>If you run this command you will discover that there are many objects in the <EM>cn=Monitor</EM> subtree.  The following section describes some of the commonly available monitoring objects.</P>
-<H2><A NAME="Monitor Information">19.4. Monitor Information</A></H2>
+<H2><A NAME="Monitor Information">20.4. Monitor Information</A></H2>
 <P>The <EM>monitor</EM> backend provides a wealth of information useful for monitoring the slapd(8) contained in set of monitor objects. Each object contains information about a particular aspect of the server, such as a backends, a connection, or a thread. Some objects serve as containers for other objects and used to construct a hierarchy of objects.</P>
 <P>In this hierarchy, the most superior object is {cn=Monitor}. While this object primarily serves as a container for other objects, most of which are containers, this object provides information about this server.  In particular, it provides the slapd(8) version string.  Example:</P>
 <PRE>
@@ -7127,7 +7716,7 @@
 <P><HR WIDTH="80%" ALIGN="Left">
 <STRONG>Note: </STRONG>Examples in this section (and its subsections) have been trimmed to show only key information.
 <HR WIDTH="80%" ALIGN="Left"></P>
-<H3><A NAME="Backends">19.4.1. Backends</A></H3>
+<H3><A NAME="Backends">20.4.1. Backends</A></H3>
 <P>The <TT>cn=Backends,cn=Monitor</TT> object, itself, provides a list of available backends.  The list of available backends all builtin backends, as well as backends loaded by modules.  For example:</P>
 <PRE>
         dn: cn=Backends,cn=Monitor
@@ -7220,7 +7809,7 @@
 </TR>
 </TABLE>
 
-<H3><A NAME="Connections">19.4.2. Connections</A></H3>
+<H3><A NAME="Connections">20.4.2. Connections</A></H3>
 <P>The main entry is empty; it should contain some statistics on the number of connections.</P>
 <P>Dynamic child entries are created for each open connection, with stats on the activity on that connection (the format will be detailed later). There are two special child entries that show the number of total and current connections respectively.</P>
 <P>For example:</P>
@@ -7242,7 +7831,7 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: FALSE
 </PRE>
-<H3><A NAME="Databases">19.4.3. Databases</A></H3>
+<H3><A NAME="Databases">20.4.3. Databases</A></H3>
 <P>The main entry contains the naming context of each configured database; the child entries contain, for each database, the type and the naming context.</P>
 <P>For example:</P>
 <PRE>
@@ -7256,7 +7845,7 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: FALSE
 </PRE>
-<H3><A NAME="Listener">19.4.4. Listener</A></H3>
+<H3><A NAME="Listener">20.4.4. Listener</A></H3>
 <P>It contains the description of the devices the server is currently listening on:</P>
 <PRE>
    dn: cn=Listener 0,cn=Listeners,cn=Monitor
@@ -7266,7 +7855,7 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: FALSE
 </PRE>
-<H3><A NAME="Log">19.4.5. Log</A></H3>
+<H3><A NAME="Log">20.4.5. Log</A></H3>
 <P>It contains the currently active log items.  The <EM>Log</EM> subsystem allows user modify operations on the <EM>description</EM> attribute, whose values <EM>MUST</EM> be in the list of admittable log switches:</P>
 <PRE>
    Trace
@@ -7284,7 +7873,7 @@
    Sync
 </PRE>
 <P>These values can be added, replaced or deleted; they affect what messages are sent to the syslog device. Custom values could be added by custom modules.</P>
-<H3><A NAME="Operations">19.4.6. Operations</A></H3>
+<H3><A NAME="Operations">20.4.6. Operations</A></H3>
 <P>It shows some statistics on the operations performed by the server:</P>
 <PRE>
    Initiated
@@ -7304,7 +7893,7 @@
    Extended
 </PRE>
 <P>There are too many types to list example here, so please try for yourself using <A HREF="#Monitor search example">Monitor search example</A></P>
-<H3><A NAME="Overlays">19.4.7. Overlays</A></H3>
+<H3><A NAME="Overlays">20.4.7. Overlays</A></H3>
 <P>The main entry contains the type of overlays available at run-time; the child entries, for each overlay, contain the type of the overlay.</P>
 <P>It should also contain the modules that have been loaded if dynamic overlays are enabled:</P>
 <PRE>
@@ -7318,9 +7907,9 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: TRUE
 </PRE>
-<H3><A NAME="SASL">19.4.8. SASL</A></H3>
+<H3><A NAME="SASL">20.4.8. SASL</A></H3>
 <P>Currently empty.</P>
-<H3><A NAME="Statistics">19.4.9. Statistics</A></H3>
+<H3><A NAME="Statistics">20.4.9. Statistics</A></H3>
 <P>It shows some statistics on the data sent by the server:</P>
 <PRE>
    Bytes
@@ -7338,7 +7927,7 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: FALSE
 </PRE>
-<H3><A NAME="Threads">19.4.10. Threads</A></H3>
+<H3><A NAME="Threads">20.4.10. Threads</A></H3>
 <P>It contains the maximum number of threads enabled at startup and the current backload.</P>
 <P>e.g.</P>
 <PRE>
@@ -7350,7 +7939,7 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: FALSE
 </PRE>
-<H3><A NAME="Time">19.4.11. Time</A></H3>
+<H3><A NAME="Time">20.4.11. Time</A></H3>
 <P>It contains two child entries with the start time and the current time of the server.</P>
 <P>e.g.</P>
 <P>Start time:</P>
@@ -7371,9 +7960,9 @@
    subschemaSubentry: cn=Subschema
    hasSubordinates: FALSE
 </PRE>
-<H3><A NAME="TLS">19.4.12. TLS</A></H3>
+<H3><A NAME="TLS">20.4.12. TLS</A></H3>
 <P>Currently empty.</P>
-<H3><A NAME="Waiters">19.4.13. Waiters</A></H3>
+<H3><A NAME="Waiters">20.4.13. Waiters</A></H3>
 <P>It contains the number of current read waiters.</P>
 <P>e.g.</P>
 <P>Read waiters:</P>
@@ -7397,16 +7986,16 @@
 <P>Add new monitored things here and discuss, referencing man pages and present examples</P>
 <P></P>
 <HR>
-<H1><A NAME="Tuning">20. Tuning</A></H1>
+<H1><A NAME="Tuning">21. Tuning</A></H1>
 <P>This is perhaps one of the most important chapters in the guide, because if you have not tuned <EM>slapd</EM>(8) correctly or grasped how to design your directory and environment, you can expect very poor performance.</P>
 <P>Reading, understanding and experimenting using the instructions and information in the following sections, will enable you to fully understand how to tailor your directory server to your specific requirements.</P>
 <P>It should be noted that the following information has been collected over time from our community based FAQ. So obviously the benefit of this real world experience and advice should be of great value to the reader.</P>
-<H2><A NAME="Performance Factors">20.1. Performance Factors</A></H2>
+<H2><A NAME="Performance Factors">21.1. Performance Factors</A></H2>
 <P>Various factors can play a part in how your directory performs on your chosen hardware and environment. We will attempt to discuss these here.</P>
-<H3><A NAME="Memory">20.1.1. Memory</A></H3>
+<H3><A NAME="Memory">21.1.1. Memory</A></H3>
 <P>Scale your cache to use available memory and increase system memory if you can.</P>
 <P>See <A HREF="#Caching">Caching</A></P>
-<H3><A NAME="Disks">20.1.2. Disks</A></H3>
+<H3><A NAME="Disks">21.1.2. Disks</A></H3>
 <P>Use fast subsystems. Put each database and logs on separate disks configurable via <EM>DB_CONFIG</EM>:</P>
 <PRE>
        # Data Directory
@@ -7415,17 +8004,17 @@
        # Transaction Log settings
        set_lg_dir /logs
 </PRE>
-<H3><A NAME="Network Topology">20.1.3. Network Topology</A></H3>
+<H3><A NAME="Network Topology">21.1.3. Network Topology</A></H3>
 <P>http://www.openldap.org/faq/data/cache/363.html</P>
 <P>Drawing here.</P>
-<H3><A NAME="Directory Layout Design">20.1.4. Directory Layout Design</A></H3>
+<H3><A NAME="Directory Layout Design">21.1.4. Directory Layout Design</A></H3>
 <P>Reference to other sections and good/bad drawing here.</P>
-<H3><A NAME="Expected Usage">20.1.5. Expected Usage</A></H3>
+<H3><A NAME="Expected Usage">21.1.5. Expected Usage</A></H3>
 <P>Discussion.</P>
-<H2><A NAME="Indexes">20.2. Indexes</A></H2>
-<H3><A NAME="Understanding how a search works">20.2.1. Understanding how a search works</A></H3>
+<H2><A NAME="Indexes">21.2. Indexes</A></H2>
+<H3><A NAME="Understanding how a search works">21.2.1. Understanding how a search works</A></H3>
 <P>If you're searching on a filter that has been indexed, then the search reads the index and pulls exactly the entries that are referenced by the index. If the filter term has not been indexed, then the search must read every single entry in the target scope and test to see if each entry matches the filter. Obviously indexing can save a lot of work when it's used correctly.</P>
-<H3><A NAME="What to index">20.2.2. What to index</A></H3>
+<H3><A NAME="What to index">21.2.2. What to index</A></H3>
 <P>You should create indices to match the actual filter terms used in search queries.</P>
 <PRE>
         index cn,sn,givenname,mail eq
@@ -7433,23 +8022,23 @@
 <P>Each attribute index can be tuned further by selecting the set of index types to generate. For example, substring and approximate search for organizations (o) may make little sense (and isn't like done very often). And searching for <EM>userPassword</EM> likely makes no sense what so ever.</P>
 <P>General rule: don't go overboard with indexes. Unused indexes must be maintained and hence can only slow things down.</P>
 <P>See <EM>slapd.conf</EM>(8) and <EM>slapdindex</EM>(8) for more information</P>
-<H3><A NAME="Presence indexing">20.2.3. Presence indexing</A></H3>
+<H3><A NAME="Presence indexing">21.2.3. Presence indexing</A></H3>
 <P>If your client application uses presence filters and if the target attribute exists on the majority of entries in your target scope, then all of those entries are going to be read anyway, because they are valid members of the result set. In a subtree where 100% of the entries are going to contain the same attributes, the presence index does absolutely NOTHING to benefit the search, because 100% of the entries match that presence filter.</P>
 <P>So the resource cost of generating the index is a complete waste of CPU time, disk, and memory. Don't do it unless you know that it will be used, and that the attribute in question occurs very infrequently in the target data.</P>
 <P>Almost no applications use presence filters in their search queries. Presence indexing is pointless when the target attribute exists on the majority of entries in the database. In most LDAP deployments, presence indexing should not be done, it's just wasted overhead.</P>
 <P>See the <EM>Logging</EM> section below on what to watch our for if you have a frequently searched for attribute that is unindexed.</P>
-<H2><A NAME="Logging">20.3. Logging</A></H2>
-<H3><A NAME="What log level to use">20.3.1. What log level to use</A></H3>
+<H2><A NAME="Logging">21.3. Logging</A></H2>
+<H3><A NAME="What log level to use">21.3.1. What log level to use</A></H3>
 <P>The default of <EM>loglevel stats</EM> (256) is really the best bet. There's a corollary to this when problems *do* arise, don't try to trace them using syslog. Use the debug flag instead, and capture slapd's stderr output. syslog is too slow for debug tracing, and it's inherently lossy - it will throw away messages when it can't keep up.</P>
 <P>Contrary to popular belief, <EM>loglevel 0</EM> is not ideal for production as you won't be able to track when problems first arise.</P>
-<H3><A NAME="What to watch out for">20.3.2. What to watch out for</A></H3>
+<H3><A NAME="What to watch out for">21.3.2. What to watch out for</A></H3>
 <P>The most common message you'll see that you should pay attention to is:</P>
 <PRE>
        &quot;&lt;= bdb_equality_candidates: (foo) index_param failed (18)&quot;
 </PRE>
 <P>That means that some application tried to use an equality filter (<EM>foo=&lt;somevalue&gt;</EM>) and attribute <EM>foo</EM> does not have an equality index. If you see a lot of these messages, you should add the index. If you see one every month or so, it may be acceptable to ignore it.</P>
 <P>The default syslog level is stats (256) which logs the basic parameters of each request; it usually produces 1-3 lines of output. On Solaris and systems that only provide synchronous syslog, you may want to turn it off completely, but usually you want to leave it enabled so that you'll be able to see index messages whenever they arise. On Linux you can configure syslogd to run asynchronously, in which case the performance hit for moderate syslog traffic pretty much disappears.</P>
-<H3><A NAME="Improving throughput">20.3.3. Improving throughput</A></H3>
+<H3><A NAME="Improving throughput">21.3.3. Improving throughput</A></H3>
 <P>You can improve logging performance on some systems by configuring syslog not to sync the file system with every write (<EM>man syslogd/syslog.conf</EM>). In Linux, you can prepend the log file name with a &quot;-&quot; in <EM>syslog.conf</EM>. For example, if you are using the default LOCAL4 logging you could try:</P>
 <PRE>
        # LDAP logs
@@ -7460,11 +8049,11 @@
        options { sync(n); };
 </PRE>
 <P>where n is the number of lines which will be buffered before a write.</P>
-<H2><A NAME="Caching">20.4. Caching</A></H2>
+<H2><A NAME="Caching">21.4. Caching</A></H2>
 <P>We all know what caching is, don't we?</P>
 <P>In brief, &quot;A cache is a block of memory for temporary storage of data likely to be used again&quot; - <A HREF="http://en.wikipedia.org/wiki/Cache">http://en.wikipedia.org/wiki/Cache</A></P>
 <P>There are 3 types of caches, BerkeleyDB's own cache, <EM>slapd</EM>(8) entry cache and <TERM>IDL</TERM> (IDL) cache.</P>
-<H3><A NAME="Berkeley DB Cache">20.4.1. Berkeley DB Cache</A></H3>
+<H3><A NAME="Berkeley DB Cache">21.4.1. Berkeley DB Cache</A></H3>
 <P>There are two ways to tune for the BDB cachesize:</P>
 <P>(a) BDB cache size necessary to load the database via slapadd in optimal time</P>
 <P>(b) BDB cache size necessary to have a high performing running slapd once the data is loaded</P>
@@ -7482,7 +8071,7 @@
 <P>It is worth noting that it is not absolutely necessary to configure a BerkeleyDB cache equal in size to your entire database. All that you need is a cache that's large enough for your &quot;working set.&quot;</P>
 <P>That means, large enough to hold all of the most frequently accessed data, plus a few less-frequently accessed items.</P>
 <P>For more information, please see: <A HREF="http://www.oracle.com/technology/documentation/berkeley-db/db/ref/am_conf/cachesize.html">http://www.oracle.com/technology/documentation/berkeley-db/db/ref/am_conf/cachesize.html</A></P>
-<H4><A NAME="Calculating Cachesize">20.4.1.1. Calculating Cachesize</A></H4>
+<H4><A NAME="Calculating Cachesize">21.4.1.1. Calculating Cachesize</A></H4>
 <P>The back-bdb database lives in two main files, <TT>dn2id.bdb</TT> and <TT>id2entry.bdb</TT>. These are B-tree databases. We have never documented the back-bdb internal layout before, because it didn't seem like something anyone should have to worry about, nor was it necessarily cast in stone. But here's how it works today, in OpenLDAP 2.4.</P>
 <P>A B-tree is a balanced tree; it stores data in its leaf nodes and bookkeeping data in its interior nodes (If you don't know what tree data structures look like in general, Google for some references, because that's getting far too elementary for the purposes of this discussion).</P>
 <P>For decent performance, you need enough cache memory to contain all the nodes along the path from the root of the tree down to the particular data item you're accessing. That's enough cache for a single search. For the general case, you want enough cache to contain all the internal nodes in the database.</P>
@@ -7509,32 +8098,32 @@
 <P>With this 4MB cache I can slapcat this entire database on my 1.3GHz PIII in 1 minute, 40 seconds. With the cache doubled to 8MB, it still takes the same 1:40s. Once you've got enough cache to fit the B-tree internal pages, increasing it further won't have any effect until the cache really is large enough to hold 100% of the data pages. I don't have enough free RAM to hold all the 800MB id2entry data, so 4MB is good enough.</P>
 <P>With back-bdb and back-hdb you can use &quot;db_stat -m&quot; to check how well the database cache is performing.</P>
 <P>For more information on <EM>db_stat</EM>: <A HREF="http://www.oracle.com/technology/documentation/berkeley-db/db/utility/db_stat.html">http://www.oracle.com/technology/documentation/berkeley-db/db/utility/db_stat.html</A></P>
-<H3><A NAME="{{slapd}}(8) Entry Cache (cachesize)">20.4.2. <EM>slapd</EM>(8) Entry Cache (cachesize)</A></H3>
+<H3><A NAME="{{slapd}}(8) Entry Cache (cachesize)">21.4.2. <EM>slapd</EM>(8) Entry Cache (cachesize)</A></H3>
 <P>The <EM>slapd</EM>(8) entry cache operates on decoded entries. The rationale - entries in the entry cache can be used directly, giving the fastest response. If an entry isn't in the entry cache but can be extracted from the BDB page cache, that will avoid an I/O but it will still require parsing, so this will be slower.</P>
 <P>If the entry is in neither cache then BDB will have to flush some of its current cached pages and bring in the needed pages, resulting in a couple of expensive I/Os as well as parsing.</P>
 <P>The most optimal value is of course, the entire number of entries in the database. However, most directory servers don't consistently serve out their entire database, so setting this to a lesser number that more closely matches the believed working set of data is sufficient. This is the second most important parameter for the DB.</P>
 <P>As far as balancing the entry cache vs the BDB cache - parsed entries in memory are generally about twice as large as they are on disk.</P>
 <P>As we have already mentioned, not having a proper database cache size will cause performance issues. These issues are not an indication of corruption occurring in the database. It is merely the fact that the cache is thrashing itself that causes performance/response time to slowdown.</P>
-<H3><A NAME="{{TERM:IDL}} Cache (idlcachesize)">20.4.3. <TERM>IDL</TERM> Cache (idlcachesize)</A></H3>
+<H3><A NAME="{{TERM:IDL}} Cache (idlcachesize)">21.4.3. <TERM>IDL</TERM> Cache (idlcachesize)</A></H3>
 <P>Each IDL holds the search results from a given query, so the IDL cache will end up holding the most frequently requested search results.  For back-bdb, it is generally recommended to match the &quot;cachesize&quot; setting.  For back-hdb, it is generally recommended to be 3x&quot;cachesize&quot;.</P>
 <P>{NOTE: The idlcachesize setting directly affects search performance}</P>
-<H3><A NAME="{{slapd}}(8) Threads">20.4.4. <EM>slapd</EM>(8) Threads</A></H3>
+<H3><A NAME="{{slapd}}(8) Threads">21.4.4. <EM>slapd</EM>(8) Threads</A></H3>
 <P><EM>slapd</EM>(8) can process requests via a configurable number of thread, which in turn affects the in/out rate of connections.</P>
 <P>This value should generally be a function of the number of &quot;real&quot; cores on the system, for example on a server with 2 CPUs with one core each, set this to 8, or 4 threads per real core.  This is a &quot;read&quot; maximized value. The more threads that are configured per core, the slower <EM>slapd</EM>(8) responds for &quot;read&quot; operations.  On the flip side, it appears to handle write operations faster in a heavy write/low read scenario.</P>
 <P>The upper bound for good read performance appears to be 16 threads (which also happens to be the default setting).</P>
 <P></P>
 <HR>
-<H1><A NAME="Troubleshooting">21. Troubleshooting</A></H1>
+<H1><A NAME="Troubleshooting">22. Troubleshooting</A></H1>
 <P>If you're having trouble using OpenLDAP, get onto the OpenLDAP-Software mailing list, or:</P>
 <UL>
 <LI>Browse the list archives at <A HREF="http://www.openldap.org/lists/#archives">http://www.openldap.org/lists/#archives</A>
 <LI>Search the FAQ at <A HREF="http://www.openldap.org/faq/">http://www.openldap.org/faq/</A>
 <LI>Search the Issue Tracking System at <A HREF="http://www.openldap.org/its/">http://www.openldap.org/its/</A></UL>
 <P>Chances are the problem has been solved and explained in detail many times before.</P>
-<H2><A NAME="User or Software errors">21.1. User or Software errors?</A></H2>
+<H2><A NAME="User or Software errors">22.1. User or Software errors?</A></H2>
 <P>More often than not, an error is caused by a configuration problem or a misunderstanding of what you are trying to implement and/or achieve.</P>
 <P>We will now attempt to discuss common user errors.</P>
-<H2><A NAME="Checklist">21.2. Checklist</A></H2>
+<H2><A NAME="Checklist">22.2. Checklist</A></H2>
 <P>The following checklist can help track down your problem. Please try to use if <B>before</B> posting to the list, or in the rare circumstances of reporting a bug.</P>
 <UL>
 &nbsp;</UL><OL>
@@ -7557,7 +8146,7 @@
 <BR>
 &nbsp;
 <LI><B>Have your certificates expired?</B></OL>
-<H2><A NAME="OpenLDAP Bugs">21.3. OpenLDAP Bugs</A></H2>
+<H2><A NAME="OpenLDAP Bugs">22.3. OpenLDAP Bugs</A></H2>
 <P>Sometimes you may encounter an actual OpenLDAP bug, in which case please visit our Issue Tracking system <A HREF="http://www.openldap.org/its/">http://www.openldap.org/its/</A> and report it. However, make sure it's not already a known bug or a common user problem.</P>
 <UL>
 <LI>bugs in historic versions of OpenLDAP will not be considered;
@@ -7567,22 +8156,22 @@
 <STRONG>Note: </STRONG>Our Issue Tracking system is <B>NOT</B> for OpenLDAP <B>Support</B>, please join our mailing Lists: <A HREF="http://www.openldap.org/lists/">http://www.openldap.org/lists/</A> for that.
 <HR WIDTH="80%" ALIGN="Left"></P>
 <P>The information you should provide in your bug report is discussed in our FAQ-O-MATIC at <A HREF="http://www.openldap.org/faq/data/cache/59.html">http://www.openldap.org/faq/data/cache/59.html</A></P>
-<H2><A NAME="3rd party software error">21.4. 3rd party software error</A></H2>
+<H2><A NAME="3rd party software error">22.4. 3rd party software error</A></H2>
 <P>The OpenLDAP Project only supports OpenLDAP software.</P>
 <P>You may however seek commercial support (<A HREF="http://www.openldap.org/support/">http://www.openldap.org/support/</A>) or join the general LDAP forum for non-commercial discussions and information relating to LDAP at: <A HREF="http://www.umich.edu/~dirsvcs/ldap/mailinglist.html">http://www.umich.edu/~dirsvcs/ldap/mailinglist.html</A></P>
-<H2><A NAME="How to contact the OpenLDAP Project">21.5. How to contact the OpenLDAP Project</A></H2>
+<H2><A NAME="How to contact the OpenLDAP Project">22.5. How to contact the OpenLDAP Project</A></H2>
 <UL>
 <LI>Mailing Lists: <A HREF="http://www.openldap.org/lists/">http://www.openldap.org/lists/</A>
 <LI>Project: <A HREF="http://www.openldap.org/project/">http://www.openldap.org/project/</A>
 <LI>Issue Tracking: <A HREF="http://www.openldap.org/its/">http://www.openldap.org/its/</A></UL>
-<H2><A NAME="How to present your problem">21.6. How to present your problem</A></H2>
-<H2><A NAME="Debugging {{slapd}}(8)">21.7. Debugging <EM>slapd</EM>(8)</A></H2>
+<H2><A NAME="How to present your problem">22.6. How to present your problem</A></H2>
+<H2><A NAME="Debugging {{slapd}}(8)">22.7. Debugging <EM>slapd</EM>(8)</A></H2>
 <P>After reading through the above sections and before e-mailing the OpenLDAP lists, you might want to try out some of the following to track down the cause of your problems:</P>
 <UL>
 <LI>Loglevel stats (256) is generally a good first loglevel to try for getting information useful to list members on issues
 <LI>Running <EM>slapd -d -1</EM> can often track down fairly simple issues, such as missing schemas and incorrect file permissions for the <EM>slapd</EM> user to things like certs
 <LI>Check your logs for errors, as discussed at <A HREF="http://www.openldap.org/faq/data/cache/358.html">http://www.openldap.org/faq/data/cache/358.html</A></UL>
-<H2><A NAME="Commercial Support">21.8. Commercial Support</A></H2>
+<H2><A NAME="Commercial Support">22.8. Commercial Support</A></H2>
 <P>The firms listed at <A HREF="http://www.openldap.org/support/">http://www.openldap.org/support/</A> offer technical support services catering to OpenLDAP community.</P>
 <P>The listing of any given firm should not be viewed as an endorsement or recommendation of any kind, nor as otherwise indicating there exists a business relationship or an affiliation between any listed firm and the OpenLDAP Foundation or the OpenLDAP Project or its contributors.</P>
 <P></P>
@@ -7797,7 +8386,7 @@
 <P>This error is reported when a value of an attribute does not conform to syntax restrictions. Additional information is commonly provided stating which value of which attribute was found to be invalid. Double check this value and other values (the server will only report the first error it finds).</P>
 <P>Common causes include:</P>
 <UL>
-<LI>extraneous white space (especially trailing white space)
+<LI>extraneous whitespace (especially trailing whitespace)
 <LI>improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode)
 <LI>empty values (few syntaxes allow empty values)</UL>
 <P>For certain syntax, like OBJECT IDENTIFIER (OID), this error can indicate that the OID descriptor (a &quot;short name&quot;) provided is unrecognized. For instance, this error is returned if the <EM>objectClass</EM> value provided is unrecognized.</P>
@@ -8186,7 +8775,7 @@
 <TT>&nbsp;</TT>
 </TD>
 <TD>
-<TT>4.2</TT>
+<TT>4.4</TT>
 </TD>
 </TR>
 <TR>
@@ -8197,7 +8786,7 @@
 <TT>&nbsp;</TT>
 </TD>
 <TD>
-<TT>4.4</TT>
+<TT>4.5</TT>
 </TD>
 </TR>
 <TR>
@@ -8208,7 +8797,7 @@
 <TT>&nbsp;</TT>
 </TD>
 <TD>
-<TT>4.5</TT>
+<TT>4.6</TT>
 </TD>
 </TR>
 <TR>
@@ -8219,7 +8808,7 @@
 <TT>&nbsp;</TT>
 </TD>
 <TD>
-<TT>4.6</TT>
+<TT>4.7</TT>
 </TD>
 </TR>
 <TR>
@@ -8230,7 +8819,7 @@
 <TT>&nbsp;</TT>
 </TD>
 <TD>
-<TT>Note: It is highly recommended to apply the patches from for a given release.</TT>
+<TT>Note: It is highly recommended to apply the patches from Oracle for a given release.</TT>
 </TD>
 </TR>
 <TR>
@@ -8341,8 +8930,8 @@
 <P></P>
 <HR>
 <H1><A NAME="LDAP Result Codes">H. LDAP Result Codes</A></H1>
-<P>For the purposes of this guide, we have incorporated the standard LDAP result codes from <EM>Appendix A.  LDAP Result Codes</EM> of rfc4511. A copy of which can be found in <TT>doc/rfc</TT> of the OpenLDAP source code.</P>
-<P>We have expanded the description of each error in relation to the OpenLDAP toolsets.</P>
+<P>For the purposes of this guide, we have incorporated the standard LDAP result codes from <EM>Appendix A.  LDAP Result Codes</EM> of rfc4511, a copy of which can be found in <TT>doc/rfc</TT> of the OpenLDAP source code.</P>
+<P>We have expanded the description of each error in relation to the OpenLDAP toolsets. LDAP extensions may introduce extension-specific result codes, which are not part of rfc4511. OpenLDAP returns the result codes related to extensions it implements. Their meaning is documented in the extension they are related to.</P>
 <H2><A NAME="Non-Error Result Codes">H.1. Non-Error Result Codes</A></H2>
 <P>These result codes (called &quot;non-error&quot; result codes) do not indicate an error condition:</P>
 <PRE>
@@ -8582,7 +9171,7 @@
 AuthzDN
 </TD>
 <TD>
-Authorizaiton DN
+Authorization DN
 </TD>
 </TR>
 <TR>
@@ -10482,7 +11071,7 @@
 <H2><A NAME="Additional Copyright Notices">K.2. Additional Copyright Notices</A></H2>
 <P>Portions Copyright 1998-2008 Kurt D. Zeilenga.<BR>Portions Copyright 1998-2006 Net Boolean Incorporated.<BR>Portions Copyright 2001-2006 IBM Corporation.<BR><EM>All rights reserved.</EM></P>
 <P>Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the <A HREF="#OpenLDAP Public License">OpenLDAP Public License</A>.</P>
-<P>Portions Copyright 1999-2007 Howard Y.H. Chu.<BR>Portions Copyright 1999-2007 Symas Corporation.<BR>Portions Copyright 1998-2003 Hallvard B. Furuseth.<BR>Portions Copyright 2007-2008 Gavin Henry.<BR>Portions Copyright 2007-2008 Suretec Systems Limited.<BR><EM>All rights reserved.</EM></P>
+<P>Portions Copyright 1999-2007 Howard Y.H. Chu.<BR>Portions Copyright 1999-2007 Symas Corporation.<BR>Portions Copyright 1998-2003 Hallvard B. Furuseth.<BR>Portions Copyright 2007-2009 Gavin Henry.<BR>Portions Copyright 2007-2009 Suretec Systems Limited.<BR><EM>All rights reserved.</EM></P>
 <P>Redistribution and use in source and binary forms, with or without modification, are permitted provided that this notice is preserved. The names of the copyright holders may not be used to endorse or promote products derived from this software without their specific prior written permission.  This software is provided ``as is'' without express or implied warranty.</P>
 <H2><A NAME="University of Michigan Copyright Notice">K.3. University of Michigan Copyright Notice</A></H2>
 <P>Portions Copyright 1992-1996 Regents of the University of Michigan.<BR><EM>All rights reserved.</EM></P>

Modified: openldap/vendor/openldap-release/doc/guide/admin/guide.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/guide.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/guide.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/guide.sdf,v 1.7.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/guide.sdf,v 1.7.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # guide.sdf 

Modified: openldap/vendor/openldap-release/doc/guide/admin/index.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/index.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/index.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/index.sdf,v 1.7.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/index.sdf,v 1.7.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # index.sdf 

Modified: openldap/vendor/openldap-release/doc/guide/admin/install.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/install.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/install.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/install.sdf,v 1.38.2.6 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/install.sdf,v 1.38.2.8 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Building and Installing OpenLDAP Software
@@ -115,7 +115,7 @@
 
 OpenLDAP's {{slapd}}(8) {{TERM:BDB}} and {{TERM:HDB}} primary database backends
 require {{ORG[expand]Oracle}} {{PRD:Berkeley DB}}.
-If not available at configure time, you will not be able build
+If not available at configure time, you will not be able to build
 {{slapd}}(8) with these primary database backends.
 
 Your operating system may provide a supported version of

Modified: openldap/vendor/openldap-release/doc/guide/admin/intro.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/intro.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/intro.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/intro.sdf,v 1.45.2.6 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/intro.sdf,v 1.45.2.8 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Introduction to OpenLDAP Directory Services
 
@@ -424,7 +424,7 @@
 customized modules which extend {{slapd}} in numerous ways.  Also,
 a number of {{programmable database}} modules are provided.  These
 allow you to expose external data sources to {{slapd}} using popular
-programming languages ({{PRD:Perl}}, {{shell}}, and {{TERM:SQL}}.
+programming languages ({{PRD:Perl}}, {{shell}}, and {{TERM:SQL}}).
 
 {{B:Threads}}: {{slapd}} is threaded for high performance.  A single
 multi-threaded {{slapd}} process handles all incoming requests using

Added: openldap/vendor/openldap-release/doc/guide/admin/limits.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/limits.sdf	                        (rev 0)
+++ openldap/vendor/openldap-release/doc/guide/admin/limits.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,240 @@
+# $Id$
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
+
+# This contribution is derived from OpenLDAP Software.
+# All of the modifications to OpenLDAP Software represented in this contribution
+# were developed by Andrew Findlay <andrew.findlay at skills-1st.co.uk>.
+# I have not assigned rights and/or interest in this work to any party.
+#
+# Copyright 2008 Andrew Findlay
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP Public License.
+
+H1: Limits
+
+H2: Introduction
+
+It is usually desirable to limit the server resources that can be
+consumed by each LDAP client. OpenLDAP provides two sets of limits:
+a size limit, which can restrict the {{number}} of entries that a
+client can retrieve in a single operation, and a time limit
+which restricts the length of time that an operation may continue.
+Both types of limit can be given different values depending on who
+initiated the operation.
+
+H2: Soft and Hard limits
+
+The server administrator can specify both {{soft limits}} and
+{{hard limits}}. Soft limits can be thought of as being the
+default limit value. Hard limits cannot be exceeded by ordinary
+LDAP users.
+
+LDAP clients can specify their own
+size and time limits when issuing search operations.
+This feature has been present since the earliest version of X.500.
+
+If the client specifies a limit then the lower of the requested value
+and the {{hard limit}} will become the limit for the operation.
+
+If the client does not specify a limit then the server applies the
+{{soft limit}}.
+
+Soft and Hard limits are often referred to together as {{administrative
+limits}}. Thus, if an LDAP client requests a search that would return
+more results than the limits allow it will get an {{adminLimitExceeded}}
+error. Note that the server will usually return some results even if
+the limit has been exceeded: this feature is useful to clients that
+just want to check for the existence of some entries without needing
+to see them all.
+
+The {{rootdn}} is not subject to any limits.
+
+H2: Global Limits
+
+Limits specified in the global part of the server configuration act
+as defaults which are used if no database has more specific limits set.
+
+In a {{slapd.conf}}(5) configuration the keywords are {{EX:sizelimit}} and
+{{EX:timelimit}}. When using the {{slapd config}} backend, the corresponding
+attributes are {{EX:olcSizeLimit}} and {{EX:olcTimeLimit}}. The syntax of
+these values are the same in both cases.
+
+The simple form sets both soft and hard limits to the same value:
+
+>   sizelimit {<integer>|unlimited}
+>   timelimit {<integer>|unlimited}
+
+The default sizelimit is 500 entries and the default timelimit is
+3600 seconds.
+
+An extended form allows soft and hard limits to be set separately:
+
+>   sizelimit size[.{soft|hard|unchecked}]=<integer> [...]
+>   timelimit time[.{soft|hard}]=<integer> [...]
+
+Thus, to set a soft sizelimit of 10 entries and a hard limit of 75 entries:
+
+E:  sizelimit size.soft=10 size.hard=75
+
+The {{unchecked}} keyword sets a limit on how many entries the server
+will examine once it has created an initial set of candidate results by
+using indices. This can be very important in a large directory, as a
+search that cannot be satisfied from an index might cause the server to
+examine millions of entries, therefore always make sure the correct indexes
+are configured.
+
+H2: Per-Database Limits
+
+Each database can have its own set of limits that override the global
+ones. The syntax is more flexible, and it allows different limits to
+be applied to different entities. Note that an {{entity}} is different from
+an {{entry}}: the term {{entity}} is used here to indicate the ID of the
+person or process that has initiated the LDAP operation.
+
+In a {{slapd.conf}}(5) configuration the keyword is {{EX:limits}}.
+When using the {{slapd config}} backend, the corresponding
+attribute is {{EX:olcLimits}}. The syntax of
+the values is the same in both cases.
+
+>   limits <who> <limit> [<limit> [...]]
+
+The {{limits}} clause can be specified multiple times to apply different
+limits to different initiators. The server examines each clause in turn
+until it finds one that matches the ID that requested the operation.
+If no match is found, the global limits will be used.
+
+H3: Specify who the limits apply to
+
+The {{EX:<who>}} part of the {{limits}} clause can take any of these values:
+
+!block table; align=Center; coltags="EX,N"; \
+    title="Table ZZZ.ZZZ: Entity Specifiers"
+Specifier|Entities
+*|All, including anonymous and authenticated users
+anonymous|Anonymous (non-authenticated) users
+users|Authenticated users
+self|User associated with target entry
+dn[.<basic-style>]=<regex>|Users matching a regular expression
+dn.<scope-style>=<DN>|Users within scope of a DN
+group[/oc[/at]]=<pattern>|Members of a group
+!endblock
+
+The rules for specifying {{EX:<who>}} are the same as those used in
+access-control rules.
+
+H3: Specify time limits
+
+The syntax for time limits is 
+
+E:   time[.{soft|hard}]=<integer>
+
+where integer is the number of seconds slapd will spend
+answering a search request.
+
+If neither {{soft}} nor {{hard}} is specified, the value is used for both,
+e.g.:
+
+E:   limits anonymous time=27
+
+The value {{unlimited}} may be used to remove the hard time limit entirely,
+e.g.:
+
+E:   limits dn.exact="cn=anyuser,dc=example,dc=org" time.hard=unlimited
+
+H3: Specifying size limits
+
+The syntax for size limit is 
+
+E:   size[.{soft|hard|unchecked}]=<integer>
+
+where {{EX:<integer>}} is the maximum number of entries slapd will return
+when answering a search request.
+
+Soft, hard, and "unchecked" limits are available, with the same meanings
+described for the global limits configuration above.
+
+H3: Size limits and Paged Results
+
+If the LDAP client adds the {{pagedResultsControl}} to the search operation,
+the hard size limit is used by default, because the request for a specific
+page size is considered an explicit request for a limitation on the number
+of entries to be returned. However, the size limit applies to the total
+count of entries returned within the search, and not to a single page.
+
+Additional size limits may be enforced for paged searches.
+
+The {{EX:size.pr}} limit controls the maximum page size:
+
+>   size.pr={<integer>|noEstimate|unlimited}
+
+{{EX:<integer>}} is the maximum page size if no explicit size is set.
+{{EX:noEstimate}} has no effect in the current implementation as the
+server does not return an estimate of the result size anyway.
+{{EX:unlimited}} indicates that no limit is applied to the maximum
+page size.
+
+The {{EX:size.prtotal}} limit controls the total number of entries
+that can be returned by a paged search. By default the limit is the
+same as the normal {{EX:size.hard}} limit.
+
+>   size.prtotal={<integer>|unlimited|disabled}
+
+{{EX:unlimited}} removes the limit on the number of entries that can be
+returned by a paged search.
+{{EX:disabled}} can be used to selectively disable paged result searches.
+
+H2: Example Limit Configurations
+
+H3: Simple Global Limits
+
+This simple global configuration fragment applies size and time limits
+to all searches by all users except {{rootdn}}. It limits searches to
+50 results and sets an overall time limit of 10 seconds.
+
+E:   sizelimit 50
+E:   timelimit 10
+
+H3: Global Hard and Soft Limits
+
+It is sometimes useful to limit the size of result sets but to allow
+clients to request a higher limit where needed. This can be achieved
+by setting separate hard and soft limits.
+
+E:   sizelimit size.soft=5 size.hard=100
+
+To prevent clients from doing very inefficient non-indexed searches,
+add the {{unchecked}} limit:
+
+E:   sizelimit size.soft=5 size.hard=100 size.unchecked=100
+
+H3: Giving specific users larger limits
+
+Having set appropriate default limits in the global configuration,
+you may want to give certain users the ability to retrieve larger
+result sets. Here is a way to do that in the per-database configuration:
+
+E:   limits dn.exact="cn=anyuser,dc=example,dc=org" size=100000
+E:   limits dn.exact="cn=personnel,dc=example,dc=org" size=100000
+E:   limits dn.exact="cn=dirsync,dc=example,dc=org" size=100000
+
+It is generally best to avoid mentioning specific users in the server
+configuration. A better way is to give the higher limits to a group:
+
+E:   limits group/groupOfNames/member="cn=bigwigs,dc=example,dc=org" size=100000
+
+H3: Limiting who can do paged searches
+
+It may be required that certain applications need very large result sets that
+they retrieve using paged searches, but that you do not want ordinary
+LDAP users to use the pagedResults control. The {{pr}} and {{prtotal}}
+limits can help:
+
+E:   limits group/groupOfNames/member="cn=dirsync,dc=example,dc=org" size.prtotal=unlimited
+E:   limits users size.soft=5 size.hard=100 size.prtotal=disabled
+E:   limits anonymous size.soft=2 size.hard=5 size.prtotal=disabled
+
+H2: Further Information
+
+For further information please see {{slapd.conf}}(5), {{ldapsearch}}(1) and {{slapd.access}}(5)
+

Modified: openldap/vendor/openldap-release/doc/guide/admin/maintenance.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/maintenance.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/maintenance.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/maintenance.sdf,v 1.7.2.6 2008/04/14 22:37:01 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/maintenance.sdf,v 1.7.2.9 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Maintenance
@@ -112,7 +112,7 @@
 To figure out the best-practice BDB backup scenario, the reader is highly 
 recommended to read the whole Chapter 9: Berkeley DB Transactional Data Store Applications. 
 This chapter is a set of small pages with examples in C language. Non-programming 
-people can skip this examples without loss of knowledge.
+people can skip these examples without loss of knowledge.
 
 
 H2: Checkpointing
@@ -138,6 +138,29 @@
 
 H2: Migration
 
-Exporting to a new system......
+The simplest steps needed to migrate between versions or upgrade, depending on your deployment
+type are:
 
+.{{S: }}
+^{{B: Stop the current server when convenient}}
 
+.{{S: }}
++{{B: slapcat the current data out}}
+
+.{{S: }}
++{{B: Clear out the current data directory (/usr/local/var/openldap-data/) leaving DB_CONFIG in place}}
+
+.{{S: }}
++{{B: Perform the software upgrades}}
+
+.{{S: }}
++{{B: slapadd the exported data back into the directory}}
+
+.{{S: }}
++{{B: Start the server}}
+
+Obviously this doesn't cater for any complicated deployments like {{SECT: MirrorMode}} or {{SECT: N-Way Multi-Master}}, 
+but following the above sections and using either commercial support or community support should help. Also check the
+{{SECT: Troubleshooting}} section.
+
+

Modified: openldap/vendor/openldap-release/doc/guide/admin/master.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/master.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/master.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/master.sdf,v 1.18.2.7 2008/04/14 20:35:10 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/master.sdf,v 1.18.2.10 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # master file for the OpenLDAP Administrator's Guide
@@ -42,10 +42,13 @@
 !include "slapdconfig.sdf"; chapter
 PB:
 
+!include "runningslapd.sdf"; chapter
+PB:
+
 !include "access-control.sdf"; chapter
 PB:
 
-!include "runningslapd.sdf"; chapter
+!include "limits.sdf"; chapter
 PB:
 
 !include "dbtools.sdf"; chapter

Modified: openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/monitoringslapd.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/monitoringslapd.sdf,v 1.9.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/monitoringslapd.sdf,v 1.9.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Monitoring
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/overlays.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/overlays.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/overlays.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/overlays.sdf,v 1.8.2.20 2008/07/12 05:53:45 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/overlays.sdf,v 1.8.2.26 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Overlays
@@ -322,6 +322,20 @@
 >        chain-return-error TRUE
 
 
+H3: Read-Back of Chained Modifications
+
+Occasionally, applications want to read back the data that they just wrote.
+If a modification requested to a shadow server was silently chained to its 
+producer, an immediate read could result in receiving data not yet synchronized.  
+In those cases, clients should use the {{B:dontusecopy}} control to ensure 
+they are directed to the authoritative source for that piece of data.
+
+This control usually causes a referral to the actual source of the data
+to be returned.  However, when the {{slapo-chain(5)}} overlay is used,
+it intercepts the referral being returned in response to the
+{{B:dontusecopy}} control, and tries to fetch the requested data.
+
+
 H3: Further Information
 
 {{:slapo-chain(5)}}
@@ -343,7 +357,7 @@
 Configuration via {{slapd.conf}}(5) would look like:
 
 >        overlay constraint
->        constraint_attribute mail regex ^[:alnum:]+ at mydomain.com$
+>        constraint_attribute mail regex ^[[:alnum:]]+ at mydomain.com$
 >        constraint_attribute title uri
 >        ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
 
@@ -360,7 +374,7 @@
 >       objectClass: olcOverlayConfig
 >       objectClass: olcConstraintConfig
 >       olcOverlay: constraint
->       olcConstraintAttribute: mail regex ^[:alnum:]+ at mydomain.com$
+>       olcConstraintAttribute: mail regex ^[[:alnum:]]+ at mydomain.com$
 >       olcConstraintAttribute: title uri ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
 
 
@@ -1085,16 +1099,31 @@
 
 H3: Overview
 
-This overlay implements the provider-side support for syncrepl
-replication, including persistent search functionality
+This overlay implements the provider-side support for the LDAP Content Synchronization 
+({{REF:RFC4533}}) as well as syncrepl replication support, including persistent search functionality.
 
-
 H3: Sync Provider Configuration
 
+There is very little configuration needed for this overlay, in fact for many situations merely loading 
+the overlay will suffice.
 
+However, because the overlay creates a contextCSN attribute in the root entry of the database which is
+updated for every write operation performed against the database and only updated in memory, it is 
+recommended to configure a checkpoint so that the contextCSN is written into the underlying database to 
+minimize recovery time after an unclean shutdown:
+
+>       overlay syncprov
+>       syncprov-checkpoint 100 10
+
+For every 100 operations or 10 minutes, which ever is sooner, the contextCSN will be checkpointed.
+
+The four configuration directives available are {{B:syncprov-checkpoint}}, {{B:syncprov-sessionlog}},
+{{B:syncprov-nopresent}} and {{B:syncprov-reloadhint}} which are covered in the man page discussing
+various other scenarios where this overlay can be used. 
+
 H3: Further Information
 
-{{:slapo-syncprov(5)}}
+The {{:slapo-syncprov(5)}} man page and the {{SECT:Configuring the different replication types}} section
 
 
 H2: Translucent Proxy
@@ -1102,17 +1131,133 @@
 
 H3: Overview
 
-This overlay can be used with a backend database such as slapd-bdb (5)
+This overlay can be used with a backend database such as {{:slapd-bdb}}(5)
 to create a "translucent proxy".
 
-Content of entries retrieved from a remote LDAP server can be partially
-overridden by the database.
+Entries retrieved from a remote LDAP server may have some or all attributes 
+overridden, or new attributes added, by entries in the local database before 
+being presented to the client.
 
+A search operation is first populated with entries from the remote LDAP server, 
+the attributes of which are then overridden with any attributes defined in the
+local database. Local overrides may be populated with the add, modify, and 
+modrdn operations, the use of which is restricted to the root user of the 
+translucent local database.
 
+A compare operation will perform a comparison with attributes defined in the
+local database record (if any) before any comparison is made with data in the 
+remote database.
+
+
 H3: Translucent Proxy Configuration
 
+There are various options available with this overlay, but for this example we
+will demonstrate adding new attributes to a remote entry and also searching 
+against these newly added local attributes. For more information about overriding remote
+entries and search configuration, please see {{:slapo-translucent(5)}}
 
+Note: The Translucent Proxy overlay will disable schema checking in the local
+database, so that an entry consisting of overlay attributes need not adhere
+ to the complete schema.
 
+First we configure the overlay in the normal manner:
+
+>       include     /usr/local/etc/openldap/schema/core.schema
+>       include     /usr/local/etc/openldap/schema/cosine.schema
+>       include     /usr/local/etc/openldap/schema/nis.schema
+>       include     /usr/local/etc/openldap/schema/inetorgperson.schema
+>       
+>       pidfile     ./slapd.pid
+>       argsfile    ./slapd.args
+>       
+>       modulepath  /usr/local/libexec/openldap
+>       moduleload  back_bdb.la
+>       moduleload  back_ldap.la
+>       moduleload  translucent.la
+>       
+>       database    bdb
+>       suffix      "dc=suretecsystems,dc=com"
+>       rootdn      "cn=trans,dc=suretecsystems,dc=com"
+>       rootpw      secret
+>       directory   ./openldap-data
+>       
+>       index       objectClass eq
+>       
+>       overlay     translucent
+>       translucent_local carLicense
+>       
+>       uri         ldap://192.168.X.X:389
+>       lastmod     off
+>       acl-bind    binddn="cn=admin,dc=suretecsystems,dc=com" credentials="blahblah"
+
+You will notice the overlay directive and a directive to say what attribute we 
+want to be able to search against in the local database. We must also load the 
+ldap backend which will connect to the remote directory server.
+
+Now we take an example LDAP group:
+
+>       # itsupport, Groups, suretecsystems.com
+>       dn: cn=itsupport,ou=Groups,dc=suretecsystems,dc=com
+>       objectClass: posixGroup
+>       objectClass: sambaGroupMapping
+>       cn: itsupport
+>       gidNumber: 1000
+>       sambaSID: S-1-5-21-XXX
+>       sambaGroupType: 2
+>       displayName: itsupport
+>       memberUid: ghenry
+>       memberUid: joebloggs
+
+and create an LDIF file we can use to add our data to the local database, using
+ some pretty strange choices of new attributes for demonstration purposes:
+
+>       [ghenry at suretec test_configs]$ cat test-translucent-add.ldif 
+>       dn: cn=itsupport,ou=Groups,dc=suretecsystems,dc=com
+>       businessCategory: frontend-override
+>       carLicense: LIVID
+>       employeeType: special
+>       departmentNumber: 9999999
+>       roomNumber: 41L-535
+
+Searching against the proxy gives:
+
+>       [ghenry at suretec test_configs]$ ldapsearch -x -H ldap://127.0.0.1:9001 "(cn=itsupport)"
+>       # itsupport, Groups, OxObjects, suretecsystems.com
+>       dn: cn=itsupport,ou=Groups,ou=OxObjects,dc=suretecsystems,dc=com
+>       objectClass: posixGroup
+>       objectClass: sambaGroupMapping
+>       cn: itsupport
+>       gidNumber: 1003
+>       SAMBASID: S-1-5-21-XXX
+>       SAMBAGROUPTYPE: 2
+>       displayName: itsupport
+>       memberUid: ghenry
+>       memberUid: joebloggs
+>       roomNumber: 41L-535
+>       departmentNumber: 9999999
+>       employeeType: special
+>       carLicense: LIVID
+>       businessCategory: frontend-override
+
+Here we can see that the 5 new attributes are added to the remote entry before 
+being returned to the our client.
+
+Because we have configured a local attribute to search against:
+
+>       overlay     translucent
+>       translucent_local carLicense
+
+we can also search for that to return the completely fabricated entry:
+
+>       ldapsearch -x -H ldap://127.0.0.1:9001 (carLicense=LIVID)
+
+This is an extremely feature because you can then extend a remote directory server
+locally and also search against the local entries.
+
+Note: Because the translucent overlay does not perform any DN rewrites, the local
+ and remote database instances must have the same suffix. Other configurations 
+will probably fail with No Such Object and other errors
+
 H3: Further Information
 
 {{:slapo-translucent(5)}}
@@ -1123,13 +1268,61 @@
 
 H3: Overview
 
-This overlay can be used with a backend database such as slapd-bdb (5)
+This overlay can be used with a backend database such as {{slapd-bdb(5)}}
 to enforce the uniqueness of some or all attributes within a subtree.
 
 
 H3: Attribute Uniqueness Configuration
 
+This overlay is only effective on new data from the point the overlay is enabled. To
+check uniqueness for existing data, you can export and import your data again via the
+LDAP Add operation, which will not be suitable for large amounts of data, unlike {{B:slapcat}}.
 
+For the following example, if uniqueness were enforced for the {{B:mail}} attribute, 
+the subtree would be searched for any other records which also have a {{B:mail}} attribute 
+containing the same value presented with an {{B:add}}, {{B:modify}} or {{B:modrdn}} operation 
+which are unique within the configured scope. If any are found, the request is rejected.
+
+Note:  If no attributes are specified, for example {{B:ldap:///??sub?}}, then the URI applies to all non-operational attributes. However,
+the keyword {{B:ignore}} can be specified to exclude certain non-operational attributes. 
+
+To search at the base dn of the current backend database ensuring uniqueness of the {{B:mail}}
+attribute, we simply add the following configuration:
+
+>       overlay unique
+>       unique_uri ldap:///?mail?sub?
+
+For an existing entry of:
+
+>       dn: cn=gavin,dc=suretecsystems,dc=com
+>       objectClass: top
+>       objectClass: inetorgperson
+>       cn: gavin
+>       sn: henry
+>       mail: ghenry at suretecsystems.com
+
+and we then try to add a new entry of:
+
+>       dn: cn=robert,dc=suretecsystems,dc=com
+>       objectClass: top
+>       objectClass: inetorgperson
+>       cn: robert
+>       sn: jones
+>       mail: ghenry at suretecsystems.com
+
+would result in an error like so:
+
+>       adding new entry "cn=robert,dc=example,dc=com"
+>       ldap_add: Constraint violation (19)
+>               additional info: some attributes not unique
+
+The overlay can have multiple URIs specified within a domain, allowing complex
+selections of objects and also have multiple {{B:unique_uri}} statements or 
+{{B:olcUniqueURI}} attributes which will create independent domains.
+
+For more information and details about the {{B:strict}} and {{B:ignore}} keywords,
+please see the {{:slapo-unique(5)}} man page.
+
 H3: Further Information
 
 {{:slapo-unique(5)}}
@@ -1140,13 +1333,80 @@
 
 H3: Overview
 
-This overlay can be used to enforce a specific order for the values
-of an attribute when it is returned in a search.
+The Value Sorting overlay can be used with a backend database to sort the 
+values of specific multi-valued attributes within a subtree. The sorting occurs 
+whenever the attributes are returned in a search response.
 
-
 H3: Value Sorting Configuration
 
+Sorting can be specified in ascending or descending order, using either numeric 
+or alphanumeric sort methods. Additionally, a "weighted" sort can be specified,
+ which uses a numeric weight prepended to the attribute values. 
 
+The weighted sort is always performed in ascending order, but may be combined 
+with the other methods for values that all have equal weights. The weight is 
+specified by prepending an integer weight {<weight>} in front of each value 
+of the attribute for which weighted sorting is desired. This weighting factor 
+is stripped off and never returned in search results.
+
+Here are a few examples:
+
+>       loglevel    sync stats
+>       
+>       database    hdb
+>       suffix      "dc=suretecsystems,dc=com"
+>       directory   /usr/local/var/openldap-data
+>       
+>       ......
+>       
+>       overlay valsort
+>       valsort-attr memberUid ou=Groups,dc=suretecsystems,dc=com alpha-ascend
+
+For example, ascend:
+
+>       # sharedemail, Groups, suretecsystems.com
+>       dn: cn=sharedemail,ou=Groups,dc=suretecsystems,dc=com
+>       objectClass: posixGroup
+>       objectClass: top
+>       cn: sharedemail
+>       gidNumber: 517
+>       memberUid: admin
+>       memberUid: dovecot
+>       memberUid: laura
+>       memberUid: suretec
+
+For weighted, we change our data to:
+
+>       # sharedemail, Groups, suretecsystems.com
+>       dn: cn=sharedemail,ou=Groups,dc=suretecsystems,dc=com
+>       objectClass: posixGroup
+>       objectClass: top
+>       cn: sharedemail
+>       gidNumber: 517
+>       memberUid: {4}admin
+>       memberUid: {2}dovecot
+>       memberUid: {1}laura
+>       memberUid: {3}suretec
+
+and change the config to:
+
+>       overlay valsort
+>       valsort-attr memberUid ou=Groups,dc=suretecsystems,dc=com weighted
+
+Searching now results in:
+
+>       # sharedemail, Groups, OxObjects, suretecsystems.com
+>       dn: cn=sharedemail,ou=Groups,ou=OxObjects,dc=suretecsystems,dc=com
+>       objectClass: posixGroup
+>       objectClass: top
+>       cn: sharedemail
+>       gidNumber: 517
+>       memberUid: laura
+>       memberUid: dovecot
+>       memberUid: suretec
+>       memberUid: admin
+
+
 H3: Further Information
 
 {{:slapo-valsort(5)}}

Modified: openldap/vendor/openldap-release/doc/guide/admin/preface.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/preface.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/preface.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/preface.sdf,v 1.25.2.6 2008/05/27 21:56:55 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/preface.sdf,v 1.25.2.7 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 # 
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/quickstart.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/quickstart.sdf,v 1.44.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/quickstart.sdf,v 1.44.2.7 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: A Quick-Start Guide
@@ -271,8 +271,7 @@
 to everybody}} excepting the {{super-user}} (as specified by the
 {{EX:rootdn}} configuration directive).  It is highly recommended
 that you establish controls to restrict access to authorized users.
-Access controls are discussed in the {{SECT:The access Configuration
-Directive}} section of {{SECT:The slapd Configuration File}} chapter.
+Access controls are discussed in the {{SECT:Access Control}} chapter.
 You are also encouraged to read the {{SECT:Security Considerations}},
 {{SECT:Using SASL}} and {{SECT:Using TLS}} sections.
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/referrals.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/referrals.sdf,v 1.25.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/referrals.sdf,v 1.25.2.7 2009/02/02 22:46:51 quanah Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Constructing a Distributed Directory Service
@@ -139,3 +139,8 @@
 of the Directory system. A better approach would be to use explicitly
 defined local and proxy databases in {{subordinate}} configurations to
 provide a seamless view of the Distributed Directory.
+
+Note: LDAP operations, even subtree searches, normally access only one
+database. That can be changed by gluing databases together with the
+{{B:subordinate}}/{{B:olcSubordinate}} keyword. Please see {{slapd.conf}}(5) 
+and {{slapd-config}}(5).

Modified: openldap/vendor/openldap-release/doc/guide/admin/replication.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/replication.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/replication.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.32.2.16 2008/07/10 00:58:19 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/replication.sdf,v 1.32.2.23 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Replication
@@ -8,293 +8,50 @@
 resilient enterprise deployment.
 
 {{PRD:OpenLDAP}} has various configuration options for creating a replicated 
-directory. The following sections will discuss these.
+directory. In previous releases, replication was discussed in terms of
+a {{master}} server and some number of {{slave}} servers. A master
+accepted directory updates from other clients, and a slave only
+accepted updates from a (single) master. The replication structure
+was rigidly defined and any particular database could only fulfill
+a single role, either master or slave.
 
-H2: Push Based
+As OpenLDAP now supports a wide variety of replication topologies, these
+terms have been deprecated in favor of {{provider}} and
+{{consumer}}: A provider replicates directory updates to consumers; 
+consumers receive replication updates from providers. Unlike the
+rigidly defined master/slave relationships, provider/consumer roles
+are quite fluid: replication updates received in a consumer can be
+further propagated by that consumer to other servers, so a consumer
+can also act simultaneously as a provider. Also, a consumer need not
+be an actual LDAP server; it may be just an LDAP client.
 
+The following sections will describe the replication technology and
+discuss the various replication options that are available.
 
-H3: Replacing Slurpd
+H2: Replication Technology
 
-{{Slurpd}} replication has been deprecated in favor of Syncrepl replication and 
-has been completely removed from OpenLDAP 2.4.
-
-{{Why was it replaced?}}
-
-The {{slurpd}} daemon was the original replication mechanism inherited from 
-UMich's LDAP and operates in push mode: the master pushes changes to the 
-slaves. It has been replaced for many reasons, in brief:
-
- * It is not reliable
- * It is extremely sensitive to the ordering of records in the replog
- * It can easily go out of sync, at which point manual intervention is 
-   required to resync the slave database with the master directory
- * It isn't very tolerant of unavailable servers. If a slave goes down 
-   for a long time, the replog may grow to a size that's too large for 
-   slurpd to process
-
-{{What was it replaced with?}}
-
-Syncrepl
-
-{{Why is Syncrepl better?}}
-
- * Syncrepl is self-synchronizing; you can start with a database in any 
-   state from totally empty to fully synced and it will automatically do 
-   the right thing to achieve and maintain synchronization
- * Syncrepl can operate in either direction
- * Data updates can be minimal or maximal
-
-{{How do I implement a pushed based replication system using Syncrepl?}}
-
-The easiest way is to point an LDAP backend ({{SECT: Backends}} and {{slapd-ldap(8)}}) 
-to your slave directory and setup Syncrepl to point to your Master database.
-
-If you imagine Syncrepl pulling down changes from the Master server, and then
-pushing those changes out to your slave servers via {{slapd-ldap(8)}}. This is 
-called Syncrepl Proxy Mode. You can also use Syncrepl Multi-proxy mode:
-
-!import "push-based-complete.png"; align="center"; title="Syncrepl Proxy Mode"
-FT[align="Center"] Figure X.Y: Replacing slurpd
-
-The following example is for a self-contained push-based replication solution:
-
->	#######################################################################
->	# Standard OpenLDAP Master/Provider
->	#######################################################################
->	
->	include     /usr/local/etc/openldap/schema/core.schema
->	include     /usr/local/etc/openldap/schema/cosine.schema
->	include     /usr/local/etc/openldap/schema/nis.schema
->	include     /usr/local/etc/openldap/schema/inetorgperson.schema
->	
->	include     /usr/local/etc/openldap/slapd.acl
->	
->	modulepath  /usr/local/libexec/openldap
->	moduleload  back_hdb.la
->	moduleload  syncprov.la
->	moduleload  back_monitor.la
->	moduleload  back_ldap.la
->	
->	pidfile     /usr/local/var/slapd.pid
->	argsfile    /usr/local/var/slapd.args
->	
->	loglevel    sync stats
->	
->	database    hdb
->	suffix      "dc=suretecsystems,dc=com"
->	directory   /usr/local/var/openldap-data
->	
->	checkpoint      1024 5
->	cachesize       10000
->	idlcachesize    10000
->	
->	index       objectClass eq
->	# rest of indexes
->	index       default     sub
->	
->	rootdn		"cn=admin,dc=suretecsystems,dc=com"
->	rootpw	  	testing	
->	
->	# syncprov specific indexing
->	index entryCSN eq
->	index entryUUID eq
->	
->	# syncrepl Provider for primary db
->	overlay syncprov
->	syncprov-checkpoint 1000 60
->	
->	# Let the replica DN have limitless searches
->	limits dn.exact="cn=replicator,dc=suretecsystems,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
->	
->	database    monitor
->	
->	database    config
->	rootpw	  	testing
->	
->	##############################################################################
->	# Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
->	##############################################################################
->	
->	database        ldap
->	# ignore conflicts with other databases, as we need to push out to same suffix
->	hidden		    on
->	suffix          "dc=suretecsystems,dc=com"
->	rootdn          "cn=slapd-ldap"
->	uri             ldap://localhost:9012/
->	
->	lastmod         on
->	        
->	# We don't need any access to this DSA
->	restrict        all
->	
->	acl-bind        bindmethod=simple
->	                binddn="cn=replicator,dc=suretecsystems,dc=com"
->	                credentials=testing
->	
->	syncrepl        rid=001
->	                provider=ldap://localhost:9011/
->	                binddn="cn=replicator,dc=suretecsystems,dc=com"
->	                bindmethod=simple
->	                credentials=testing
->	                searchbase="dc=suretecsystems,dc=com"
->	                type=refreshAndPersist
->	                retry="5 5 300 5"
->	
->	overlay         syncprov
-
-A replica configuration for this type of setup could be:
-
->	#######################################################################
->	# Standard OpenLDAP Slave without Syncrepl
->	#######################################################################
->	
->	include     /usr/local/etc/openldap/schema/core.schema
->	include     /usr/local/etc/openldap/schema/cosine.schema
->	include     /usr/local/etc/openldap/schema/nis.schema
->	include     /usr/local/etc/openldap/schema/inetorgperson.schema
->	
->	include     /usr/local/etc/openldap/slapd.acl
->	
->	modulepath  /usr/local/libexec/openldap
->	moduleload  back_hdb.la
->	moduleload  syncprov.la
->	moduleload  back_monitor.la
->	moduleload  back_ldap.la
->	
->	pidfile     /usr/local/var/slapd.pid
->	argsfile    /usr/local/var/slapd.args
->	
->	loglevel    sync stats
->	
->	database    hdb
->	suffix      "dc=suretecsystems,dc=com"
->	directory   /usr/local/var/openldap-slave/data
->	
->	checkpoint      1024 5
->	cachesize       10000
->	idlcachesize    10000
->	
->	index       objectClass eq
->	# rest of indexes
->	index       default     sub
->	
->	rootdn		"cn=admin,dc=suretecsystems,dc=com"
->	rootpw	  	testing	
->	
->	# Let the replica DN have limitless searches
->	limits dn.exact="cn=replicator,dc=suretecsystems,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
->	
->	updatedn "cn=replicator,dc=suretecsystems,dc=com"
->	
->	# Refer updates to the master
->	updateref   ldap://localhost:9011
->	
->	database    monitor
->	
->	database    config
->	rootpw	  	testing
-
-You can see we use the {{updatedn}} directive here and example ACLs ({{F:usr/local/etc/openldap/slapd.acl}}) for this could be:
-	
->	# Give the replica DN unlimited read access.  This ACL may need to be
->	# merged with other ACL statements.
->	
->	access to *
->	     by dn.base="cn=replicator,dc=suretecsystems,dc=com" write
->	     by * break
->	
->	access to dn.base=""
->	        by * read
->	
->	access to dn.base="cn=Subschema"
->	        by * read
->	
->	access to dn.subtree="cn=Monitor"
->	    by dn.exact="uid=admin,dc=suretecsystems,dc=com" write
->	    by users read
->	    by * none
->	
->	access to *
->	        by self write
->	        by * read 
-
-In order to support more replicas, just add more {{database ldap}} sections and
-increment the {{syncrepl rid}} number accordingly.
-
-Note: You must populate the Master and Slave directories with the same data, 
-unlike when using normal Syncrepl
-
-If you do not have access to modify the master directory configuration you can
-configure a standalone ldap proxy, which might look like:
-
-!import "push-based-standalone.png"; align="center"; title="Syncrepl Standalone Proxy Mode"
-FT[align="Center"] Figure X.Y: Replacing slurpd with a standalone version
-
-The following configuration is an example of a standalone LDAP Proxy:
-
->	include     /usr/local/etc/openldap/schema/core.schema
->	include     /usr/local/etc/openldap/schema/cosine.schema
->	include     /usr/local/etc/openldap/schema/nis.schema
->	include     /usr/local/etc/openldap/schema/inetorgperson.schema
->	
->	include     /usr/local/etc/openldap/slapd.acl
->	
->	modulepath  /usr/local/libexec/openldap
->	moduleload  syncprov.la
->	moduleload  back_ldap.la
->	
->	##############################################################################
->	# Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
->	##############################################################################
->	
->	database        ldap
->	# ignore conflicts with other databases, as we need to push out to same suffix
->	hidden		    on
->	suffix          "dc=suretecsystems,dc=com"
->	rootdn          "cn=slapd-ldap"
->	uri             ldap://localhost:9012/
->	
->	lastmod         on
->	        
->	# We don't need any access to this DSA
->	restrict        all
->	
->	acl-bind        bindmethod=simple
->	                binddn="cn=replicator,dc=suretecsystems,dc=com"
->	                credentials=testing
->	
->	syncrepl        rid=001
->	                provider=ldap://localhost:9011/
->	                binddn="cn=replicator,dc=suretecsystems,dc=com"
->	                bindmethod=simple
->	                credentials=testing
->	                searchbase="dc=suretecsystems,dc=com"
->	                type=refreshAndPersist
->	                retry="5 5 300 5"
->	
->	overlay         syncprov
-
-As you can see, you can let your imagination go wild using Syncrepl and 
-{{slapd-ldap(8)}} tailoring your replication to fit your specific network 
-topology.
-
-H2: Pull Based
-
 H3: LDAP Sync Replication
 
 The {{TERM:LDAP Sync}} Replication engine, {{TERM:syncrepl}} for
 short, is a consumer-side replication engine that enables the
 consumer {{TERM:LDAP}} server to maintain a shadow copy of a
-{{TERM:DIT}} fragment. A syncrepl engine resides at the consumer-side
-as one of the {{slapd}}(8) threads. It creates and maintains a
+{{TERM:DIT}} fragment. A syncrepl engine resides at the consumer
+and executes as one of the {{slapd}}(8) threads. It creates and maintains a
 consumer replica by connecting to the replication provider to perform
 the initial DIT content load followed either by periodic content
 polling or by timely updates upon content changes.
 
-Syncrepl uses the LDAP Content Synchronization (or LDAP Sync for
-short) protocol as the replica synchronization protocol.  It provides
+Syncrepl uses the LDAP Content Synchronization protocol (or LDAP Sync for
+short) as the replica synchronization protocol.  LDAP Sync provides
 a stateful replication which supports both pull-based and push-based
 synchronization and does not mandate the use of a history store.
+In pull-based replication the consumer periodically
+polls the provider for updates. In push-based replication the consumer
+listens for updates that are sent by the provider in realtime. Since the
+protocol does not require a history store, the provider does not need to
+maintain any log of updates it has received.  (Note
+that the syncrepl engine is extensible and additional replication
+protocols may be supported in the future.)
 
 Syncrepl keeps track of the status of the replication content by
 maintaining and exchanging synchronization cookies. Because the
@@ -331,7 +88,7 @@
 server can stop the replication also without the need for provider-side
 changes and restart.
 
-Syncrepl supports both partial and sparse replications.  The shadow
+Syncrepl supports partial, sparse, and fractional replications.  The shadow
 DIT fragment is defined by a general search criteria consisting of
 base, scope, filter, and attribute list.  The replica content is
 also subject to the access privileges of the bind identity of the
@@ -346,56 +103,60 @@
 operation. This section introduces the LDAP Content Sync protocol
 only briefly.  For more information, refer to {{REF:RFC4533}}.
 
-The LDAP Sync protocol supports both polling and listening for
-changes by defining two respective synchronization operations:
+The LDAP Sync protocol supports both polling and listening for changes
+by defining two respective synchronization operations:
 {{refreshOnly}} and {{refreshAndPersist}}.  Polling is implemented
-by the {{refreshOnly}} operation.  The client copy is synchronized
-to the server copy at the time of polling.  The server finishes the
+by the {{refreshOnly}} operation. The consumer
+polls the provider using an LDAP Search request with an LDAP Sync
+control attached. The consumer copy is synchronized
+to the provider copy at the time of polling using the information
+returned in the search.  The provider finishes the
 search operation by returning {{SearchResultDone}} at the end of
-the search operation as in the normal search.  The listening is
-implemented by the {{refreshAndPersist}} operation.  Instead of
+the search operation as in the normal search.  Listening is
+implemented by the {{refreshAndPersist}} operation. As the name
+implies, it begins with a search, like refreshOnly. Instead of
 finishing the search after returning all entries currently matching
 the search criteria, the synchronization search remains persistent
-in the server. Subsequent updates to the synchronization content
-in the server cause additional entry updates to be sent to the
-client.
+in the provider. Subsequent updates to the synchronization content
+in the provider cause additional entry updates to be sent to the
+consumer.
 
 The {{refreshOnly}} operation and the refresh stage of the
 {{refreshAndPersist}} operation can be performed with a present
 phase or a delete phase.
 
-In the present phase, the server sends the client the entries updated
-within the search scope since the last synchronization. The server
-sends all requested attributes, be it changed or not, of the updated
+In the present phase, the provider sends the consumer the entries updated
+within the search scope since the last synchronization. The provider
+sends all requested attributes, be they changed or not, of the updated
 entries.  For each unchanged entry which remains in the scope, the
-server sends a present message consisting only of the name of the
+provider sends a present message consisting only of the name of the
 entry and the synchronization control representing state present.
 The present message does not contain any attributes of the entry.
-After the client receives all update and present entries, it can
-reliably determine the new client copy by adding the entries added
-to the server, by replacing the entries modified at the server, and
-by deleting entries in the client copy which have not been updated
-nor specified as being present at the server.
+After the consumer receives all update and present entries, it can
+reliably determine the new consumer copy by adding the entries added
+to the provider, by replacing the entries modified at the provider, and
+by deleting entries in the consumer copy which have not been updated
+nor specified as being present at the provider.
 
 The transmission of the updated entries in the delete phase is the
-same as in the present phase. The server sends all the requested
+same as in the present phase. The provider sends all the requested
 attributes of the entries updated within the search scope since the
-last synchronization to the client. In the delete phase, however,
-the server sends a delete message for each entry deleted from the
+last synchronization to the consumer. In the delete phase, however,
+the provider sends a delete message for each entry deleted from the
 search scope, instead of sending present messages.  The delete
 message consists only of the name of the entry and the synchronization
-control representing state delete.  The new client copy can be
+control representing state delete.  The new consumer copy can be
 determined by adding, modifying, and removing entries according to
 the synchronization control attached to the {{SearchResultEntry}}
 message.
 
-In the case that the LDAP Sync server maintains a history store and
-can determine which entries are scoped out of the client copy since
-the last synchronization time, the server can use the delete phase.
-If the server does not maintain any history store, cannot determine
+In the case that the LDAP Sync provider maintains a history store and
+can determine which entries are scoped out of the consumer copy since
+the last synchronization time, the provider can use the delete phase.
+If the provider does not maintain any history store, cannot determine
 the scoped-out entries from the history store, or the history store
-does not cover the outdated synchronization state of the client,
-the server should use the present phase.  The use of the present
+does not cover the outdated synchronization state of the consumer,
+the provider should use the present phase.  The use of the present
 phase is much more efficient than a full content reload in terms
 of the synchronization traffic.  To reduce the synchronization
 traffic further, the LDAP Sync protocol also provides several
@@ -403,22 +164,20 @@
 and the transmission of multiple {{EX:entryUUIDs}} in a single
 {{syncIdSet}} message.
 
-At the end of the {{refreshOnly}} synchronization, the server sends
-a synchronization cookie to the client as a state indicator of the
-client copy after the synchronization is completed.  The client
+At the end of the {{refreshOnly}} synchronization, the provider sends
+a synchronization cookie to the consumer as a state indicator of the
+consumer copy after the synchronization is completed.  The consumer
 will present the received cookie when it requests the next incremental
-synchronization to the server.
+synchronization to the provider.
 
-When {{refreshAndPersist}} synchronization is used, the server sends
+When {{refreshAndPersist}} synchronization is used, the provider sends
 a synchronization cookie at the end of the refresh stage by sending
-a Sync Info message with TRUE refreshDone.  It also sends a
+a Sync Info message with refreshDone=TRUE.  It also sends a
 synchronization cookie by attaching it to {{SearchResultEntry}}
-generated in the persist stage of the synchronization search. During
-the persist stage, the server can also send a Sync Info message
-containing the synchronization cookie at any time the server wants
-to update the client-side state indicator.  The server also updates
-a synchronization indicator of the client at the end of the persist
-stage.
+messages generated in the persist stage of the synchronization search. During
+the persist stage, the provider can also send a Sync Info message
+containing the synchronization cookie at any time the provider wants
+to update the consumer-side state indicator.
 
 In the LDAP Sync protocol, entries are uniquely identified by the
 {{EX:entryUUID}} attribute value. It can function as a reliable
@@ -428,7 +187,6 @@
 {{SearchResultEntry}} or {{SearchResultReference}} as a part of the
 synchronization control.
 
-
 H4: Syncrepl Details
 
 The syncrepl engine utilizes both the {{refreshOnly}} and the
@@ -444,10 +202,10 @@
 
 The syncrepl engine utilizes both the present phase and the delete
 phase of the refresh synchronization. It is possible to configure
-a per-scope session log in the provider server which stores the
+a session log in the provider which stores the
 {{EX:entryUUID}}s of a finite number of entries deleted from a
-replication content.  Multiple replicas of single provider content
-share the same per-scope session log. The syncrepl engine uses the
+database. Multiple replicas share the same session log. The syncrepl
+engine uses the
 delete phase if the session log is present and the state of the
 consumer server is recent enough that no session log entries are
 truncated after the last synchronization of the client.  The syncrepl
@@ -538,21 +296,33 @@
 For configuration, please see the {{SECT:Syncrepl}} section.
 
 
+H2: Deployment Alternatives
+
+While the LDAP Sync specification only defines a narrow scope for replication,
+the OpenLDAP implementation is extremely flexible and supports a variety of
+operating modes to handle other scenarios not explicitly addressed in the spec.
+
+
 H3: Delta-syncrepl replication
 
-* Disadvantages of Syncrepl replication:
+* Disadvantages of LDAP Sync replication:
 
-OpenLDAP's syncrepl replication is an object-based replication mechanism. 
+LDAP Sync replication is an object-based replication mechanism. 
 When any attribute value in a replicated object is changed on the provider, 
-each consumer fetches and processes the complete changed object {B:both changed and unchanged attribute values}
- during replication. This works well, but has drawbacks in some situations. 
+each consumer fetches and processes the complete changed object, including
+{{B:both the changed and unchanged attribute values}} during replication.
+One advantage of this approach is that when multiple changes occur to
+a single object, the precise sequence of those changes need not be preserved;
+only the final state of the entry is significant. But this approach
+may have drawbacks when the usage pattern involves single changes to
+multiple objects.
 
 For example, suppose you have a database consisting of 100,000 objects of 1 KB 
 each. Further, suppose you routinely run a batch job to change the value of 
 a single two-byte attribute value that appears in each of the 100,000 objects 
 on the master. Not counting LDAP and TCP/IP protocol overhead, each time you 
-run this job each consumer will transfer and process {B:1 GB} of data to process 
-{B:200KB of changes! }
+run this job each consumer will transfer and process {{B:1 GB}} of data to
+process {{B:200KB of changes!}}
 
 99.98% of the data that is transmitted and processed in a case like this will 
 be redundant, since it represents values that did not change. This is a waste 
@@ -565,45 +335,55 @@
 
 Delta-syncrepl, a changelog-based variant of syncrepl, is designed to address 
 situations like the one described above. Delta-syncrepl works by maintaining a 
-changelog of a selectable depth on the provider. The replication consumer on 
-each consumer checks the changelog for the changes it needs and, as long as 
-the changelog contains the needed changes, the delta-syncrepl consumer fetches 
-them from the changelog and applies them to its database. If, however, a replica 
+changelog of a selectable depth on the provider. The replication consumer 
+checks the changelog for the changes it needs and, as long as 
+the changelog contains the needed changes, the consumer fetches the changes
+from the changelog and applies them to its database. If, however, a replica 
 is too far out of sync (or completely empty), conventional syncrepl is used to 
-bring it up to date and replication then switches to the delta-syncrepl mode.
+bring it up to date and replication then switches back to the delta-syncrepl
+mode.
 
 For configuration, please see the {{SECT:Delta-syncrepl}} section.
 
 
-H2: Mixture of both Pull and Push based
-
 H3: N-Way Multi-Master replication
 
 Multi-Master replication is a replication technique using Syncrepl to replicate 
-data to multiple Master Directory servers. 
+data to multiple provider ("Master") Directory servers. 
 
-* Advantages of Multi-Master replication:
+H4: Valid Arguments for Multi-Master replication
 
-- If any master fails, other masters will continue to accept updates
-- Avoids a single point of failure
-- Masters can be located in several physical sites i.e. distributed across the 
-network/globe.
-- Good for Automatic failover/High Availability
+* If any provider fails, other providers will continue to accept updates
+* Avoids a single point of failure
+* Providers can be located in several physical sites i.e. distributed across
+the network/globe.
+* Good for Automatic failover/High Availability
 
-* Disadvantages of Multi-Master replication:
+H4: Invalid Arguments for Multi-Master replication
 
-- It has {{B:NOTHING}} to do with load balancing
-- {{URL:http://www.openldap.org/faq/data/cache/1240.html}}
-- If connectivity with a master is lost because of a network partition, then 
+(These are often claimed to be advantages of Multi-Master replication but
+those claims are false):
+
+* It has {{B:NOTHING}} to do with load balancing
+* Providers {{B:must}} propagate writes to {{B:all}} the other servers, which 
+means the network traffic and write load spreads across all 
+of the servers the same as for single-master.
+* Server utilization and performance are at best identical for
+Multi-Master and Single-Master replication; at worst Single-Master is
+superior because indexing can be tuned differently to optimize for the
+different usage patterns between the provider and the consumers.
+
+H4: Arguments against Multi-Master replication
+
+* Breaks the data consistency guarantees of the directory model
+* {{URL:http://www.openldap.org/faq/data/cache/1240.html}}
+* If connectivity with a provider is lost because of a network partition, then 
 "automatic failover" can just compound the problem
-- Typically, a particular machine cannot distinguish between losing contact
+* Typically, a particular machine cannot distinguish between losing contact
  with a peer because that peer crashed, or because the network link has failed
-- If a network is partitioned and multiple clients start writing to each of the 
+* If a network is partitioned and multiple clients start writing to each of the 
 "masters" then reconciliation will be a pain; it may be best to simply deny 
-writes to the clients that are partitioned from the single master
-- Masters {{B:must}} propagate writes to {{B:all}} the other servers, which 
-means the network traffic and write load is constant and spreads across all 
-of the servers
+writes to the clients that are partitioned from the single provider
 
 
 For configuration, please see the {{SECT:N-Way Multi-Master}} section below
@@ -612,48 +392,95 @@
 
 MirrorMode is a hybrid configuration that provides all of the consistency
 guarantees of single-master replication, while also providing the high
-availability of multi-master. In MirrorMode two masters are set up to
-replicate from each other (as a multi-master configuration) but an
+availability of multi-master. In MirrorMode two providers are set up to
+replicate from each other (as a multi-master configuration), but an
 external frontend is employed to direct all writes to only one of
-the two servers. The second master will only be used for writes if
-the first master crashes, at which point the frontend will switch to
-directing all writes to the second master. When a crashed master is
+the two servers. The second provider will only be used for writes if
+the first provider crashes, at which point the frontend will switch to
+directing all writes to the second provider. When a crashed provider is
 repaired and restarted it will automatically catch up to any changes
-on the running master and resync.
+on the running provider and resync.
 
 H4: Arguments for MirrorMode
 
 * Provides a high-availability (HA) solution for directory writes (replicas handle reads)
-* As long as one Master is operational, writes can safely be accepted
-* Master nodes replicate from each other, so they are always up to date and
+* As long as one provider is operational, writes can safely be accepted
+* Provider nodes replicate from each other, so they are always up to date and
 can be ready to take over (hot standby)
-* Syncrepl also allows the master nodes to re-synchronize after any downtime
-* Delta-Syncrepl can be used
+* Syncrepl also allows the provider nodes to re-synchronize after any downtime
 
 
 H4: Arguments against MirrorMode
 
 * MirrorMode is not what is termed as a Multi-Master solution. This is because 
-writes have to go to one of the mirror nodes at a time
-* MirrorMode can be termed as Active-Active Hot-Standby, therefor an external 
-server (slapd in proxy mode) or device (hardware load balancer) to manage which 
-master is currently active
-* While syncrepl can recover from a completely empty database, slapadd is much 
-faster
-* Does not provide faster or more scalable write performance (neither could 
-  any Multi-Master solution)
+writes have to go to just one of the mirror nodes at a time
+* MirrorMode can be termed as Active-Active Hot-Standby, therefore an external 
+server (slapd in proxy mode) or device (hardware load balancer)
+is needed to manage which provider is currently active
 * Backups are managed slightly differently
 - If backing up the Berkeley database itself and periodically backing up the 
 transaction log files, then the same member of the mirror pair needs to be 
 used to collect logfiles until the next database backup is taken 
 - To ensure that both databases are consistent, each database might have to be 
 put in read-only mode while performing a slapcat. 
-- When using slapcat, the generated LDIF files can be rather large. This can 
-happen with a non-MirrorMode deployment also.
+* Delta-Syncrepl is not yet supported
 
 For configuration, please see the {{SECT:MirrorMode}} section below
 
 
+H3: Syncrepl Proxy Mode
+
+While the LDAP Sync protocol supports both pull- and push-based replication,
+the push mode (refreshAndPersist) must still be initiated from the consumer
+before the provider can begin pushing changes. In some network configurations,
+particularly where firewalls restrict the direction in which connections
+can be made, a provider-initiated push mode may be needed. 
+
+This mode can be configured with the aid of the LDAP Backend
+({{SECT: Backends}} and {{slapd-ldap(8)}}). Instead of running the
+syncrepl engine on the actual consumer, a slapd-ldap proxy is set up
+near (or collocated with) the provider that points to the consumer,
+and the syncrepl engine runs on the proxy.
+
+For configuration, please see the {{SECT:Syncrepl Proxy}} section.
+
+H4: Replacing Slurpd
+
+The old {{slurpd}} mechanism only operated in provider-initiated
+push mode.  Slurpd replication was deprecated in favor of Syncrepl
+replication and has been completely removed from OpenLDAP 2.4.
+
+The slurpd daemon was the original replication mechanism inherited from 
+UMich's LDAP and operated in push mode: the master pushed changes to the 
+slaves. It was replaced for many reasons, in brief:
+
+ * It was not reliable
+ ** It was extremely sensitive to the ordering of records in the replog
+ ** It could easily go out of sync, at which point manual intervention was 
+   required to resync the slave database with the master directory
+ ** It wasn't very tolerant of unavailable servers. If a slave went down 
+   for a long time, the replog could grow to a size that was too large for 
+   slurpd to process
+ * It only worked in push mode
+ * It required stopping and restarting the master to add new slaves
+ * It only supported single master replication
+
+Syncrepl has none of those weaknesses:
+
+ * Syncrepl is self-synchronizing; you can start with a consumer database
+   in any state from totally empty to fully synced and it will automatically
+   do the right thing to achieve and maintain synchronization
+ ** It is completely insensitive to the order in which changes occur
+ ** It guarantees convergence between the consumer and the provider
+    content without manual intervention
+ ** It can resynchronize regardless of how long a consumer stays out
+    of contact with the provider
+ * Syncrepl can operate in either direction
+ * Consumers can be added at any time without touching anything on the
+   provider
+ * Multi-master replication is supported
+
+
 H2: Configuring the different replication types
 
 H3: Syncrepl
@@ -665,7 +492,7 @@
 server, not in the provider server's configuration file.  The initial
 loading of the replica content can be performed either by starting
 the syncrepl engine with no synchronization cookie or by populating
-the consumer replica by adding an {{TERM:LDIF}} file dumped as a
+the consumer replica by loading an {{TERM:LDIF}} file dumped as a
 backup at the provider.
 
 When loading from a backup, it is not required to perform the initial
@@ -771,7 +598,7 @@
 are {{EX:cn}}, {{EX:sn}}, {{EX:ou}}, {{EX:telephoneNumber}},
 {{EX:title}}, and {{EX:l}}. The schema checking is turned off, so
 that the consumer {{slapd}}(8) will not enforce entry schema
-checking when it process updates from the provider {{slapd}}(8).
+checking when it processes updates from the provider {{slapd}}(8).
 
 For more detailed information on the syncrepl directive, see the
 {{SECT:syncrepl}} section of {{SECT:The slapd Configuration File}}
@@ -806,14 +633,15 @@
 
 H3: Delta-syncrepl
 
-H4: Delta-syncrepl Master configuration
+H4: Delta-syncrepl Provider configuration
 
 Setting up delta-syncrepl requires configuration changes on both the master and 
 replica servers:
 
->     # Give the replica DN unlimited read access.  This ACL may need to be
->     # merged with other ACL statements.
->     
+>     # Give the replica DN unlimited read access.  This ACL needs to be
+>     # merged with other ACL statements, and/or moved within the scope
+>     # of a database.  The "by * break" portion causes evaluation of
+>     # subsequent rules.  See slapd.access(5) for details.
 >     access to *
 >        by dn.base="cn=replicator,dc=symas,dc=com" read
 >        by * break
@@ -871,12 +699,12 @@
 >     # Let the replica DN have limitless searches
 >     limits dn.exact="cn=replicator,dc=symas,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
 
-For more information, always consult the relevant man pages (slapo-accesslog and slapd.conf)
+For more information, always consult the relevant man pages ({{slapo-accesslog}}(5) and {{slapd.conf}}(5))
 
 
-H4: Delta-syncrepl Replica configuration
+H4: Delta-syncrepl Consumer configuration
 
->     # Primary replica database configuration
+>     # Replica database configuration
 >     database hdb
 >     suffix "dc=symas,dc=com"
 >     rootdn "cn=manager,dc=symas,dc=com"
@@ -906,8 +734,8 @@
 
 
 The above configuration assumes that you have a replicator identity defined 
-in your database that can be used to bind to the master with. In addition, 
-all of the databases (primary master, primary replica, and the accesslog 
+in your database that can be used to bind to the provider. In addition, 
+all of the databases (primary, replica, and the accesslog 
 storage database) should also have properly tuned {{DB_CONFIG}} files that meet 
 your needs.
 
@@ -993,6 +821,7 @@
 >     olcDbDirectory: ./db
 >     olcRootDN: $MANAGERDN
 >     olcRootPW: $PASSWD
+>     olcLimits: dn.exact="$MANAGERDN" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
 >     olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
 >       credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
 >       interval=00:00:00:10 retry="5 5 300 5" timeout=1
@@ -1010,7 +839,7 @@
 >     objectClass: olcSyncProvConfig
 >     olcOverlay: syncprov
 
-Note: You must have all your server set to the same time via {{http://www.ntp.org/}}
+Note: You must have all your servers set to the same time via {{http://www.ntp.org/}}
 
 H3: MirrorMode
 
@@ -1020,12 +849,13 @@
 >       mirrormode  on
 >       serverID    1
 
-Note: You need to make sure that the {{serverID}} of each mirror node pair is 
+Note: You need to make sure that the {{serverID}} of each mirror node is 
 different and add it as a global configuration option.
 
 H4: Mirror Node Configuration
 
-This is the same as the {{SECT:Set up the provider slapd}} section.
+The first step is to configure the syncrepl provider the same as in the 
+{{SECT:Set up the provider slapd}} section.
 
 Note: Delta-syncrepl is not yet supported with MirrorMode.
 
@@ -1038,9 +868,9 @@
 >       serverID    1
 >       # database section
 >       
->       # syncrepl directives    
+>       # syncrepl directive    
 >       syncrepl      rid=001
->                     provider=ldap://ldap-ridr1.example.com
+>                     provider=ldap://ldap-sid2.example.com
 >                     bindmethod=simple
 >                     binddn="cn=mirrormode,dc=example,dc=com"
 >                     credentials=mirrormode
@@ -1049,16 +879,6 @@
 >                     type=refreshAndPersist
 >                     retry="60 +"
 >
->       syncrepl      rid=002
->                     provider=ldap://ldap-rid2.example.com
->                     bindmethod=simple
->                     binddn="cn=mirrormode,dc=example,dc=com"
->                     credentials=mirrormode
->                     searchbase="dc=example,dc=com"
->                     schemachecking=on
->                     type=refreshAndPersist
->                     retry="60 +"
->       
 >       mirrormode on
 
 MirrorMode node 2:
@@ -1067,9 +887,9 @@
 >       serverID    2
 >       # database section
 >       
->       # syncrepl directives
+>       # syncrepl directive
 >       syncrepl      rid=001
->                     provider=ldap://ldap-ridr1.example.com
+>                     provider=ldap://ldap-sid1.example.com
 >                     bindmethod=simple
 >                     binddn="cn=mirrormode,dc=example,dc=com"
 >                     credentials=mirrormode
@@ -1077,21 +897,12 @@
 >                     schemachecking=on
 >                     type=refreshAndPersist
 >                     retry="60 +"
->
->       syncrepl      rid=002
->                     provider=ldap://ldap-rid2.example.com
->                     bindmethod=simple
->                     binddn="cn=mirrormode,dc=example,dc=com"
->                     credentials=mirrormode
->                     searchbase="dc=example,dc=com"
->                     schemachecking=on
->                     type=refreshAndPersist
->                     retry="60 +"
 >       
 >       mirrormode on
 
 It's simple really; each MirrorMode node is setup {{B:exactly}} the same, except
-that the {{serverID}} is unique.
+that the {{serverID}} is unique, and each consumer is pointed to 
+the other server.
 
 H5: Failover Configuration
 
@@ -1111,8 +922,234 @@
 
 H4: MirrorMode Summary
 
-Hopefully you will now have a directory architecture that provides all of the 
-consistency guarantees of single-master replication, whilst also providing the 
+You will now have a directory architecture that provides all of the 
+consistency guarantees of single-master replication, while also providing the 
 high availability of multi-master replication.
 
 
+H3: Syncrepl Proxy
+
+!import "push-based-complete.png"; align="center"; title="Syncrepl Proxy Mode"
+FT[align="Center"] Figure X.Y: Replacing slurpd
+
+The following example is for a self-contained push-based replication solution:
+
+>	#######################################################################
+>	# Standard OpenLDAP Master/Provider
+>	#######################################################################
+>	
+>	include     /usr/local/etc/openldap/schema/core.schema
+>	include     /usr/local/etc/openldap/schema/cosine.schema
+>	include     /usr/local/etc/openldap/schema/nis.schema
+>	include     /usr/local/etc/openldap/schema/inetorgperson.schema
+>	
+>	include     /usr/local/etc/openldap/slapd.acl
+>	
+>	modulepath  /usr/local/libexec/openldap
+>	moduleload  back_hdb.la
+>	moduleload  syncprov.la
+>	moduleload  back_monitor.la
+>	moduleload  back_ldap.la
+>	
+>	pidfile     /usr/local/var/slapd.pid
+>	argsfile    /usr/local/var/slapd.args
+>	
+>	loglevel    sync stats
+>	
+>	database    hdb
+>	suffix      "dc=suretecsystems,dc=com"
+>	directory   /usr/local/var/openldap-data
+>	
+>	checkpoint      1024 5
+>	cachesize       10000
+>	idlcachesize    10000
+>	
+>	index       objectClass eq
+>	# rest of indexes
+>	index       default     sub
+>	
+>	rootdn		"cn=admin,dc=suretecsystems,dc=com"
+>	rootpw	  	testing	
+>	
+>	# syncprov specific indexing
+>	index entryCSN eq
+>	index entryUUID eq
+>	
+>	# syncrepl Provider for primary db
+>	overlay syncprov
+>	syncprov-checkpoint 1000 60
+>	
+>	# Let the replica DN have limitless searches
+>	limits dn.exact="cn=replicator,dc=suretecsystems,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
+>	
+>	database    monitor
+>	
+>	database    config
+>	rootpw	  	testing
+>	
+>	##############################################################################
+>	# Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
+>	##############################################################################
+>	
+>	database        ldap
+>	# ignore conflicts with other databases, as we need to push out to same suffix
+>	hidden		    on
+>	suffix          "dc=suretecsystems,dc=com"
+>	rootdn          "cn=slapd-ldap"
+>	uri             ldap://localhost:9012/
+>	
+>	lastmod         on
+>	        
+>	# We don't need any access to this DSA
+>	restrict        all
+>	
+>	acl-bind        bindmethod=simple
+>	                binddn="cn=replicator,dc=suretecsystems,dc=com"
+>	                credentials=testing
+>	
+>	syncrepl        rid=001
+>	                provider=ldap://localhost:9011/
+>	                binddn="cn=replicator,dc=suretecsystems,dc=com"
+>	                bindmethod=simple
+>	                credentials=testing
+>	                searchbase="dc=suretecsystems,dc=com"
+>	                type=refreshAndPersist
+>	                retry="5 5 300 5"
+>	
+>	overlay         syncprov
+
+A replica configuration for this type of setup could be:
+
+>	#######################################################################
+>	# Standard OpenLDAP Slave without Syncrepl
+>	#######################################################################
+>	
+>	include     /usr/local/etc/openldap/schema/core.schema
+>	include     /usr/local/etc/openldap/schema/cosine.schema
+>	include     /usr/local/etc/openldap/schema/nis.schema
+>	include     /usr/local/etc/openldap/schema/inetorgperson.schema
+>	
+>	include     /usr/local/etc/openldap/slapd.acl
+>	
+>	modulepath  /usr/local/libexec/openldap
+>	moduleload  back_hdb.la
+>	moduleload  syncprov.la
+>	moduleload  back_monitor.la
+>	moduleload  back_ldap.la
+>	
+>	pidfile     /usr/local/var/slapd.pid
+>	argsfile    /usr/local/var/slapd.args
+>	
+>	loglevel    sync stats
+>	
+>	database    hdb
+>	suffix      "dc=suretecsystems,dc=com"
+>	directory   /usr/local/var/openldap-slave/data
+>	
+>	checkpoint      1024 5
+>	cachesize       10000
+>	idlcachesize    10000
+>	
+>	index       objectClass eq
+>	# rest of indexes
+>	index       default     sub
+>	
+>	rootdn		"cn=admin,dc=suretecsystems,dc=com"
+>	rootpw	  	testing	
+>	
+>	# Let the replica DN have limitless searches
+>	limits dn.exact="cn=replicator,dc=suretecsystems,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
+>	
+>	updatedn "cn=replicator,dc=suretecsystems,dc=com"
+>	
+>	# Refer updates to the master
+>	updateref   ldap://localhost:9011
+>	
+>	database    monitor
+>	
+>	database    config
+>	rootpw	  	testing
+
+You can see we use the {{updatedn}} directive here and example ACLs ({{F:usr/local/etc/openldap/slapd.acl}}) for this could be:
+	
+>	# Give the replica DN unlimited read access.  This ACL may need to be
+>	# merged with other ACL statements.
+>	
+>	access to *
+>	     by dn.base="cn=replicator,dc=suretecsystems,dc=com" write
+>	     by * break
+>	
+>	access to dn.base=""
+>	        by * read
+>	
+>	access to dn.base="cn=Subschema"
+>	        by * read
+>	
+>	access to dn.subtree="cn=Monitor"
+>	    by dn.exact="uid=admin,dc=suretecsystems,dc=com" write
+>	    by users read
+>	    by * none
+>	
+>	access to *
+>	        by self write
+>	        by * read 
+
+In order to support more replicas, just add more {{database ldap}} sections and
+increment the {{syncrepl rid}} number accordingly.
+
+Note: You must populate the Master and Slave directories with the same data, 
+unlike when using normal Syncrepl
+
+If you do not have access to modify the master directory configuration you can
+configure a standalone ldap proxy, which might look like:
+
+!import "push-based-standalone.png"; align="center"; title="Syncrepl Standalone Proxy Mode"
+FT[align="Center"] Figure X.Y: Replacing slurpd with a standalone version
+
+The following configuration is an example of a standalone LDAP Proxy:
+
+>	include     /usr/local/etc/openldap/schema/core.schema
+>	include     /usr/local/etc/openldap/schema/cosine.schema
+>	include     /usr/local/etc/openldap/schema/nis.schema
+>	include     /usr/local/etc/openldap/schema/inetorgperson.schema
+>	
+>	include     /usr/local/etc/openldap/slapd.acl
+>	
+>	modulepath  /usr/local/libexec/openldap
+>	moduleload  syncprov.la
+>	moduleload  back_ldap.la
+>	
+>	##############################################################################
+>	# Consumer Proxy that pulls in data via Syncrepl and pushes out via slapd-ldap
+>	##############################################################################
+>	
+>	database        ldap
+>	# ignore conflicts with other databases, as we need to push out to same suffix
+>	hidden		    on
+>	suffix          "dc=suretecsystems,dc=com"
+>	rootdn          "cn=slapd-ldap"
+>	uri             ldap://localhost:9012/
+>	
+>	lastmod         on
+>	        
+>	# We don't need any access to this DSA
+>	restrict        all
+>	
+>	acl-bind        bindmethod=simple
+>	                binddn="cn=replicator,dc=suretecsystems,dc=com"
+>	                credentials=testing
+>	
+>	syncrepl        rid=001
+>	                provider=ldap://localhost:9011/
+>	                binddn="cn=replicator,dc=suretecsystems,dc=com"
+>	                bindmethod=simple
+>	                credentials=testing
+>	                searchbase="dc=suretecsystems,dc=com"
+>	                type=refreshAndPersist
+>	                retry="5 5 300 5"
+>	
+>	overlay         syncprov
+
+As you can see, you can let your imagination go wild using Syncrepl and 
+{{slapd-ldap(8)}} tailoring your replication to fit your specific network 
+topology.

Modified: openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/runningslapd.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/runningslapd.sdf,v 1.16.2.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/runningslapd.sdf,v 1.16.2.8 2009/02/06 16:38:31 quanah Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: Running slapd
 
@@ -21,7 +21,7 @@
 
 >	-F <slapd-config-directory>
 
-Specifies the slapd configuration directory. The default is {{F:/usr/local/etc/openldap/slapd.d}}
+Specifies the slapd configuration directory. The default is {{F:/usr/local/etc/openldap/slapd.d}}.
 
 If both {{EX:-f}} and {{EX:-F}} are specified, the config file will be read and converted 
 to config directory format and written to the specified directory.  
@@ -80,35 +80,30 @@
 
 !block table; colaligns="RL"; align=Center; \
 	title="Table 7.1: Debugging Levels"
-Level	Description
--1	enable all debugging
-0	no debugging
-1	trace function calls
-2	debug packet handling
-4	heavy trace debugging
-8	connection management
-16	print out packets sent and received
-32	search filter processing
-64	configuration file processing
-128	access control list processing
-256	stats log connections/operations/results
-512	stats log entries sent
-1024	print communication with shell backends
-2048	print entry parsing debugging
+Level	Keyword		Description
+-1	any		enable all debugging
+0			no debugging
+1	(0x1 trace)	trace function calls
+2	(0x2 packets)	debug packet handling
+4	(0x4 args)	heavy trace debugging
+8	(0x8 conns)	connection management
+16	(0x10 BER)	print out packets sent and received
+32	(0x20 filter)	search filter processing
+64	(0x40 config)	configuration processing
+128	(0x80 ACL)	access control list processing
+256	(0x100 stats)	stats log connections/operations/results
+512	(0x200 stats2)	stats log entries sent
+1024	(0x400 shell)	print communication with shell backends
+2048	(0x800 parse)	print entry parsing debugging
+16384	(0x4000 sync)	syncrepl consumer processing
+32768	(0x8000 none)	only messages that get logged whatever log level is set
 !endblock
 
-You may enable multiple levels by specifying the debug option
-once for each desired level.  Or, since debugging levels are
-additive, you can do the math yourself. That is, if you want
-to trace function calls and watch the config file being
-processed, you could set level to the sum of those two levels
-(in this case, {{EX: -d 65}}).  Or, you can let slapd do the
-math, (e.g. {{EX: -d 1 -d 64}}).  Consult {{F: <ldap_log.h>}} for
-more details.
+You may enable multiple levels by specifying the debug option once for each desired level.  Or, since debugging levels are additive, you can do the math yourself. That is, if you want to trace function calls and watch the config file being processed, you could set level to the sum of those two levels (in this case, {{EX: -d 65}}).  Or, you can let slapd do the math, (e.g. {{EX: -d 1 -d 64}}).  Consult {{F: <ldap_log.h>}} for more details.
 
-Note: slapd must have been compiled with {{EX:-DLDAP_DEBUG}}
+Note: slapd must have been compiled with {{EX:--enable-debug}}
 defined for any debugging information beyond the two stats levels
-to be available.
+to be available (the default).
 
 
 H2: Starting slapd

Modified: openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/sasl.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.7 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/sasl.sdf,v 1.34.2.9 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Using SASL
@@ -267,9 +267,9 @@
 on optional mapping of identities.
 
 With suitable mappings in place, users can specify SASL IDs when
-performing LDAP operations and sldb}} and the directory itself will
-be used to verify the authentication.  For example, the user
-identified by the directory entry:
+performing LDAP operations, and the password stored in {{sasldb}} or in
+the directory itself will be used to verify the authentication.
+For example, the user identified by the directory entry:
 
 >       dn: cn=Andrew Findlay+uid=u000997,dc=example,dc=com
 >       objectclass: inetOrgPerson

Modified: openldap/vendor/openldap-release/doc/guide/admin/schema.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/schema.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/schema.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/schema.sdf,v 1.41.2.6 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/schema.sdf,v 1.41.2.9 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Schema Specification
@@ -123,7 +123,7 @@
 H3: Naming Elements
 
 In addition to assigning a unique object identifier to each schema
-element, you should provide a least one textual name for each
+element, you should provide at least one textual name for each
 element.  Names should be registered with the {{ORG:IANA}} or
 prefixed with "x-" to place in the "private use" name space.
 
@@ -223,7 +223,7 @@
 specified by OID (1.3.6.1.4.1.1466.115.121.1.15 identifies the
 directoryString syntax).  A length recommendation of 32768 is
 specified.  Servers should support values of this length, but may
-support longer values The field does NOT specify a size constraint,
+support longer values. The field does NOT specify a size constraint,
 so is ignored on servers (such as slapd) which don't impose such
 size limits.  In addition, the equality and substring matching uses
 case ignore rules.  Below are tables listing commonly used syntax
@@ -260,8 +260,8 @@
 numericStringOrderingMatch		ordering	numerical
 numericStringSubstringsMatch		substrings	numerical
 octetStringMatch			equality	octet string
-octetStringOrderingStringMatch		ordering	octet string
-octetStringSubstringsStringMatch	ordering	octet string
+octetStringOrderingMatch		ordering	octet string
+octetStringSubstringsMatch	ordering	octet string
 objectIdentiferMatch			equality	object identifier
 !endblock
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/security.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/security.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/security.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/security.sdf,v 1.16.2.8 2008/05/29 16:19:01 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/security.sdf,v 1.16.2.10 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # Portions Copyright 2008 Andrew Findlay.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
@@ -107,8 +107,7 @@
 modify, etc.).  See {{slapd.conf}}(5) for details.
 
 For fine-grained control, SSFs may be used in access controls.
-See {{SECT:The access Configuration Directive}} section of the
-{{SECT:The slapd Configuration File}} for more information.
+See the {{SECT:Access Control}} section for more information.
 
 
 H2: Authentication Methods

Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconf2.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.20.2.12 2008/04/14 22:37:01 quanah Exp $
-# Copyright 2005-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconf2.sdf,v 1.20.2.18 2009/02/06 16:38:31 quanah Exp $
+# Copyright 2005-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Configuring slapd
@@ -125,7 +125,7 @@
 prefix attached.
 
 A configuration directive may take arguments.  If so, the arguments are
-separated by white space.  If an argument contains white space,
+separated by whitespace.  If an argument contains whitespace,
 the argument should be enclosed in double quotes {{EX:"like this"}}.
 In the descriptions that follow, arguments that should be replaced
 by actual text are shown in brackets {{EX:<>}}.
@@ -171,47 +171,67 @@
 enabled). Log levels may be specified as integers or by keyword.
 Multiple log levels may be used and the levels are additive.
 To display what levels
-correspond to what kind of debugging, invoke slapd with {{EX:-?}}
+correspond to what kind of debugging, invoke slapd with {{EX:-d?}}
 or consult the table below. The possible values for <level> are:
 
 !block table; colaligns="RL"; align=Center; \
 	title="Table 5.1: Debugging Levels"
-Level	Keyword	Description
--1	Any	enable all debugging
-0		no debugging
-1	Trace	trace function calls
-2	Packets	debug packet handling
-4	Args	heavy trace debugging
-8	Conns	connection management
-16	BER	print out packets sent and received
-32	Filter	search filter processing
-64	Config	configuration processing
-128	ACL	access control list processing
-256	Stats	stats log connections/operations/results
-512	Stats2	stats log entries sent
-1024	Shell	print communication with shell backends
-2048	Parse	print entry parsing debugging
-4096	Cache	database cache processing
-8192	Index	database indexing
-16384	Sync	syncrepl consumer processing
+Level	Keyword		Description
+-1	any		enable all debugging
+0			no debugging
+1	(0x1 trace)	trace function callss
+2	(0x2 packets)	debug packet handling
+4	(0x4 args)	heavy trace debugging
+8	(0x8 conns)	connection management
+16	(0x10 BER)	print out packets sent and received
+32	(0x20 filter)	search filter processing
+64	(0x40 config)	configuration processing
+128	(0x80 ACL)	access control list processing
+256	(0x100 stats)	stats log connections/operations/results
+512	(0x200 stats2)	stats log entries sent
+1024	(0x400 shell)	print communication with shell backends
+2048	(0x800 parse)	print entry parsing debugging
+16384	(0x4000 sync)	syncrepl consumer processing
+32768	(0x8000 none)	only messages that get logged whatever log level is set
 !endblock
 
-\Example:
+The desired log level can be input as a single integer that
+combines the (ORed) desired levels, both in decimal or in hexadecimal 
+notation, as a list of integers (that are ORed internally), or as a list of the names that are shown between brackets, such that
 
-E: olcLogLevel: -1
+>		olcLogLevel 129
+>		olcLogLevel 0x81
+>		olcLogLevel 128 1
+>		olcLogLevel 0x80 0x1
+>		olcLogLevel acl trace
 
+are equivalent.
+
+\Examples:
+
+E: olcLogLevel -1
+
 This will cause lots and lots of debugging information to be
 logged.
 
-E: olcLogLevel: Conns Filter
+E: olcLogLevel conns filter
 
 Just log the connection and search filter processing.
 
+E: olcLogLevel none
+
+Log those messages that are logged regardless of the configured loglevel. This
+differs from setting the log level to 0, when no logging occurs. At least the
+{{EX:None}} level is required to have high priority messages logged.
+
 \Default:
 
-E: olcLogLevel: Stats
+E: olcLogLevel stats
 
+Basic stats logging is configured by default. However, if no olcLogLevel is
+defined, no logging occurs (equivalent to a 0 level).
 
+
 H4: olcReferral <URI>
 
 This directive specifies the referral to pass back when slapd
@@ -474,6 +494,8 @@
 
 >	olcSizeLimit: 500
 
+See the {{SECT:Limits}} section of this guide and slapd-config(5)
+for more details.
 
 
 H4: olcSuffix: <dn suffix>
@@ -668,7 +690,10 @@
 
 >	olcTimeLimit: 3600
 
+See the {{SECT:Limits}} section of this guide and slapd-config(5)
+for more details.
 
+
 H4: olcUpdateref: <URL>
 
 This directive is only applicable in a slave slapd. It
@@ -885,10 +910,11 @@
 this option, slapadd does no indexing and slapindex must be used.
 
 
-H4: olcDbMode: <integer>
+H4: olcDbMode: { <octal> | <symbolic> }
 
 This directive specifies the file protection mode that newly
-created database index files should have.
+created database index files should have. This can be in the form
+{{EX:0600}} or {{EX:-rw-------}}
 
 \Default:
 

Modified: openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/slapdconfig.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.87.2.14 2008/04/14 20:48:16 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/slapdconfig.sdf,v 1.87.2.19 2009/02/06 16:38:31 quanah Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: The slapd Configuration File
@@ -27,7 +27,7 @@
 can be overridden by database directives.
 
 Blank lines and comment lines beginning with a '{{EX:#}}' character
-are ignored.  If a line begins with white space, it is considered a
+are ignored.  If a line begins with whitespace, it is considered a
 continuation of the previous line (even if the previous line is a
 comment).
 
@@ -56,7 +56,7 @@
 >	...
 
 A configuration directive may take arguments.  If so, they are
-separated by white space.  If an argument contains white space,
+separated by whitespace.  If an argument contains whitespace,
 the argument should be enclosed in double quotes {{EX:"like this"}}. If
 an argument contains a double quote or a backslash character `{{EX:\}}',
 the character should be preceded by a backslash character `{{EX:\}}'.
@@ -136,40 +136,67 @@
 the {{syslogd}}(8) {{EX:LOG_LOCAL4}} facility). You must have
 configured OpenLDAP {{EX:--enable-debug}} (the default) for this
 to work (except for the two statistics levels, which are always
-enabled).  Log levels are additive. To display what numbers
-correspond to what kind of debugging, invoke slapd with {{EX:-?}}
+enabled). Log levels may be specified as integers or by keyword.
+Multiple log levels may be used and the levels are additive. To display what
+numbers correspond to what kind of debugging, invoke slapd with {{EX:-d?}}
 or consult the table below. The possible values for <integer> are:
 
 !block table; colaligns="RL"; align=Center; \
 	title="Table 6.1: Debugging Levels"
-Level	Description
--1	enable all debugging
-0	no debugging
-1	trace function calls
-2	debug packet handling
-4	heavy trace debugging
-8	connection management
-16	print out packets sent and received
-32	search filter processing
-64	configuration file processing
-128	access control list processing
-256	stats log connections/operations/results
-512	stats log entries sent
-1024	print communication with shell backends
-2048	print entry parsing debugging
+Level	Keyword		Description
+-1	any		enable all debugging
+0			no debugging
+1	(0x1 trace)	trace function calls
+2	(0x2 packets)	debug packet handling
+4	(0x4 args)	heavy trace debugging
+8	(0x8 conns)	connection management
+16	(0x10 BER)	print out packets sent and received
+32	(0x20 filter)	search filter processing
+64	(0x40 config)	configuration processing
+128	(0x80 ACL)	access control list processing
+256	(0x100 stats)	stats log connections/operations/results
+512	(0x200 stats2)	stats log entries sent
+1024	(0x400 shell)	print communication with shell backends
+2048	(0x800 parse)	print entry parsing debugging
+16384	(0x4000 sync)	syncrepl consumer processing
+32768	(0x8000 none)	only messages that get logged whatever log level is set
 !endblock
 
-\Example:
+The desired log level can be input as a single integer that
+combines the (ORed) desired levels, both in decimal or in hexadecimal 
+notation, as a list of integers (that are ORed internally), or as a list of the names that are shown between brackets, such that
 
+>		loglevel 129
+>		loglevel 0x81
+>		loglevel 128 1
+>		loglevel 0x80 0x1
+>		loglevel acl trace
+
+are equivalent.
+
+\Examples:
+
 E: loglevel -1
 
 This will cause lots and lots of debugging information to be
 logged.
 
+E: loglevel conns filter
+
+Just log the connection and search filter processing.
+
+E: loglevel none
+
+Log those messages that are logged regardless of the configured loglevel. This
+differs from setting the log level to 0, when no logging occurs. At least the
+{{EX:None}} level is required to have high priority messages logged.
+
 \Default:
 
-E: loglevel 256
+E: loglevel stats
 
+Basic stats logging is configured by default. However, if no loglevel is
+defined, no logging occurs (equivalent to a 0 level).
 
 H4: objectclass <{{REF:RFC4512}} Object Class Description>
 
@@ -203,6 +230,8 @@
 
 >	sizelimit 500
 
+See the {{SECT:Limits}} section of this guide and slapd.conf(5)
+for more details.
 
 H4: timelimit <integer>
 
@@ -215,7 +244,10 @@
 
 >	timelimit 3600
 
+See the {{SECT:Limits}} section of this guide and slapd.conf(5)
+for more details.
 
+
 H3: General Backend Directives
 
 Directives in this section apply only to the backend in which
@@ -273,6 +305,14 @@
 declaration.
 
 
+H4: limits <who> <limit> [<limit> [...]]
+
+Specify time and size limits based on who initiated an operation.
+
+See the {{SECT:Limits}} section of this guide and slapd.conf(5)
+for more details.
+
+
 H4: readonly { on | off }
 
 This directive puts the database into "read-only" mode. Any

Modified: openldap/vendor/openldap-release/doc/guide/admin/title.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/title.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/title.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/title.sdf,v 1.9.6.5 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/title.sdf,v 1.9.6.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # Document: OpenLDAP Administrator's Guide

Modified: openldap/vendor/openldap-release/doc/guide/admin/tls.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/tls.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/tls.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/tls.sdf,v 1.13.2.8 2008/07/09 00:40:40 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/tls.sdf,v 1.13.2.9 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Using TLS

Modified: openldap/vendor/openldap-release/doc/guide/admin/troubleshooting.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/troubleshooting.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/troubleshooting.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/troubleshooting.sdf,v 1.10.2.5 2008/04/14 18:22:18 quanah Exp $
-# Copyright 2007-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/troubleshooting.sdf,v 1.10.2.6 2009/01/22 00:00:47 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Troubleshooting

Modified: openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/admin/tuning.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/admin/tuning.sdf,v 1.9.2.7 2008/04/14 18:22:18 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/admin/tuning.sdf,v 1.9.2.8 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: Tuning

Modified: openldap/vendor/openldap-release/doc/guide/images/src/README.fonts
===================================================================
--- openldap/vendor/openldap-release/doc/guide/images/src/README.fonts	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/images/src/README.fonts	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/images/src/README.fonts,v 1.2.2.1 2008/02/12 05:47:53 quanah Exp $
-# Copyright 2007 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/images/src/README.fonts,v 1.2.2.2 2009/01/22 00:00:48 kurt Exp $
+# Copyright 2007-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
 # README.fonts 

Modified: openldap/vendor/openldap-release/doc/guide/plain.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/plain.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/plain.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/plain.sdf,v 1.11.2.4 2008/02/13 06:40:32 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/plain.sdf,v 1.11.2.5 2009/01/22 00:00:46 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 # template for plain documents

Modified: openldap/vendor/openldap-release/doc/guide/preamble.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/preamble.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/preamble.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/preamble.sdf,v 1.70.2.7 2008/04/14 19:18:48 quanah Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/preamble.sdf,v 1.70.2.9 2009/01/22 00:00:47 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
  
 #
@@ -164,7 +164,7 @@
 AVA|Attribute Value Assertion
 AuthcDN|Authentication DN
 AuthcId|Authentication Identity
-AuthzDN|Authorizaiton DN
+AuthzDN|Authorization DN
 AuthzId|Authorization Identity
 BCP|Best Current Practice
 BDB|Berkeley DB (Backend)

Modified: openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/release/copyright-plain.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/copyright-plain.sdf,v 1.10.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/copyright-plain.sdf,v 1.10.2.4 2009/01/22 00:00:48 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 #

Modified: openldap/vendor/openldap-release/doc/guide/release/copyright.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/copyright.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/release/copyright.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/copyright.sdf,v 1.22.2.7 2008/05/27 21:56:55 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/copyright.sdf,v 1.22.2.9 2009/01/30 19:38:55 quanah Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 !if OPT_PP_HTML
@@ -58,8 +58,8 @@
 Portions [[copyright]] 1999-2007 Howard Y.H. Chu.
 Portions [[copyright]] 1999-2007 Symas Corporation.
 Portions [[copyright]] 1998-2003 Hallvard B. Furuseth.
-Portions [[copyright]] 2007-2008 Gavin Henry.
-Portions [[copyright]] 2007-2008 Suretec Systems Limited.
+Portions [[copyright]] 2007-2009 Gavin Henry.
+Portions [[copyright]] 2007-2009 Suretec Systems Limited.
 {{All rights reserved.}}
 !endblock
 

Modified: openldap/vendor/openldap-release/doc/guide/release/install.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/install.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/release/install.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.23.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/install.sdf,v 1.23.2.4 2009/01/22 00:00:48 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 P1: Making and Installing the OpenLDAP Distribution

Modified: openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/release/license-plain.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/license-plain.sdf,v 1.10.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 1999-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/license-plain.sdf,v 1.10.2.4 2009/01/22 00:00:48 kurt Exp $
+# Copyright 1999-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 #

Modified: openldap/vendor/openldap-release/doc/guide/release/license.sdf
===================================================================
--- openldap/vendor/openldap-release/doc/guide/release/license.sdf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/guide/release/license.sdf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
-# $OpenLDAP: pkg/openldap-guide/release/license.sdf,v 1.12.2.3 2008/02/11 23:26:39 kurt Exp $
-# Copyright 2000-2008 The OpenLDAP Foundation, All Rights Reserved.
+# $OpenLDAP: pkg/openldap-guide/release/license.sdf,v 1.12.2.4 2009/01/22 00:00:48 kurt Exp $
+# Copyright 2000-2009 The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 H1: OpenLDAP Public License

Modified: openldap/vendor/openldap-release/doc/man/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # man Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/Makefile.in,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/Makefile.in,v 1.11.2.4 2009/01/22 00:00:48 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man1/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # man1 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man1/Makefile.in,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man1/Makefile.in,v 1.11.2.4 2009/01/22 00:00:48 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapcompare.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPCOMPARE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.12.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapcompare.1,v 1.12.2.6 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapcompare \- LDAP compare tool
@@ -97,6 +97,7 @@
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapdelete.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPDELETE 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.42.2.5 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapdelete.1,v 1.42.2.7 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapdelete \- LDAP delete entry tool
@@ -106,6 +106,7 @@
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapmodify.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPMODIFY 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.49.2.7 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodify.1,v 1.49.2.9 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapmodify, ldapadd \- LDAP modify entry and LDAP add entry tools
@@ -170,6 +170,7 @@
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapmodrdn.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPMODRDN 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.38.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapmodrdn.1,v 1.38.2.6 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapmodrdn \- LDAP rename entry tool
@@ -112,6 +112,7 @@
 .TP
 .B \-D binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.

Modified: openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldappasswd.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPPASSWD 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.39.2.5 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldappasswd.1,v 1.39.2.7 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldappasswd \- change the password of an LDAP entry
@@ -94,6 +94,7 @@
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .BI \-d \ debuglevel
 Set the LDAP debugging level to \fIdebuglevel\fP.

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapsearch.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPSEARCH 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.5 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapsearch.1,v 1.59.2.8 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapsearch \- LDAP search tool
@@ -188,6 +188,7 @@
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.
@@ -274,6 +275,7 @@
   [!]domainScope                               (domain scope)
   [!]mv=<filter>                               (matched values filter)
   [!]pr=<size>[/prompt|noprompt]       (paged results/prompt)
+  [!]sss=[-]<attr[:OID]>[/[-]<attr[:OID]>...]  (server side sorting)
   [!]subentries[=true|false]           (subentries)
   [!]sync=ro[/<cookie>]                        (LDAP Sync refreshOnly)
           rp[/<cookie>][/<slimit>]     (LDAP Sync refreshAndPersist)

Added: openldap/vendor/openldap-release/doc/man/man1/ldapurl.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapurl.1	                        (rev 0)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapurl.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,141 @@
+.TH LDAPURL 1 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapurl.1,v 1.1.2.2 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.SH NAME
+ldapurl \- LDAP URL formatting tool
+.SH SYNOPSIS
+.B ldapurl
+[\c
+.BR \-a \ attrs\fR]
+[\c
+.BI \-b \ searchbase\fR]
+[\c
+.BR \-E \ [!]ext[=extparam]]
+[\c
+.BI \-f \ filter\fR]
+[\c
+.BI \-H \ ldapuri\fR]
+[\c
+.BI \-h \ ldaphost\fR]
+[\c
+.BI \-p \ ldapport\fR]
+[\c
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren\fR]
+[\c
+.BI \-S \ scheme\fR]
+.SH DESCRIPTION
+.I ldapurl
+is a command that allows to either compose or decompose LDAP URIs.
+.LP
+When invoked with the \fI-H\fP option,
+.B ldapurl
+extracts the components of the \fIldapuri\fP option argument,
+unescaping hex-escaped chars as required.
+It basically acts as a frontend to the
+.BR ldap_url_parse (3)
+call.
+Otherwise, it builds an LDAP URI based on the components
+passed with the appropriate options, performing the inverse operation.
+Option \fI-H\fP is incompatible with options
+.IR \-a ,
+.IR \-b ,
+.IR \-E ,
+.IR \-f ,
+.IR \-H ,
+.IR \-h ,
+.IR \-p ,
+.IR \-S ,
+and
+.IR \-s .
+.SH OPTIONS
+.TP
+.TP
+.BI \-a \ attrs
+Set a comma-separated list of attribute selectors.
+.TP
+.BI \-b \ searchbase
+Set the \fIsearchbase\fP.
+.TP
+.B \-E \fI[!]ext[=extparam]\fP
+Set URL extensions; \'!\' indicates criticality.
+.TP
+.BI \-f \ filter
+Set the URL filter.  No particular check on conformity with RFC 4515
+LDAP filters is performed, but the value is hex-escaped as required.
+.TP
+.BI \-H \ ldapuri
+Specify URI to be exploded.
+.TP
+.BI \-h \ ldaphost
+Set the host.
+.TP
+.BI \-p \ ldapport
+Set the TCP port.
+.TP
+.BI \-S \ scheme
+Set the URL scheme.  Defaults for other fields, like \fIldapport\fP,
+may depend on the value of \fIscheme\fP.
+.TP
+.BI \-s \ base\fR\||\|\fIone\fR\||\|\fIsub\fR\||\|\fIchildren
+Specify the scope of the search to be one of
+.IR base ,
+.IR one ,
+.IR sub ,
+or
+.I children
+to specify a base object, one-level, subtree, or children search.
+The default is
+.IR sub .
+Note:
+.I children
+scope requires LDAPv3 subordinate feature extension.
+
+.SH OUTPUT FORMAT
+If the \fI-H\fP option is used, the \fIldapuri\fP supplied
+is exploded in its components, which are printed to standard output
+in an LDIF-like form.
+.LP
+Otherwise, the URI built using the values passed with the other options
+is printed to standard output.
+.SH EXAMPLE
+The following command:
+.LP
+.nf
+    ldapuri -h ldap.example.com -b dc=example,dc=com -s sub -f (cn=Some One)
+.fi
+.LP
+returns
+.LP
+.nf
+    ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
+.fi
+.LP
+The command:
+.LP
+.nf
+    ldapuri -H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
+.fi
+.LP
+returns
+.LP
+.nf
+    scheme: ldap
+    host: ldap.example.com
+    port: 389
+    dn: dc=example,dc=com
+    scope: sub
+    filter: (cn=Some One)
+.fi
+.LP
+.SH DIAGNOSTICS
+Exit status is zero if no errors occur.
+Errors result in a non-zero exit status and
+a diagnostic message being written to standard error.
+.SH "SEE ALSO"
+.BR ldap (3),
+.BR ldap_url_parse (3),
+.SH AUTHOR
+The OpenLDAP Project <http://www.openldap.org/>
+.SH ACKNOWLEDGEMENTS
+.so ../Project

Modified: openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1
===================================================================
--- openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man1/ldapwhoami.1	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAPWHOAMI 1 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.10.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man1/ldapwhoami.1,v 1.10.2.6 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldapwhoami \- LDAP who am i? tool
@@ -73,6 +73,7 @@
 .TP
 .BI \-D \ binddn
 Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
+For SASL Binds, the server is expected to ignore this value.
 .TP
 .B \-W
 Prompt for simple authentication.

Modified: openldap/vendor/openldap-release/doc/man/man3/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # man3 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man3/Makefile.in,v 1.11.2.4 2009/01/22 00:00:48 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-decode.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-decode.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-decode.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LBER_DECODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.23.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-decode.3,v 1.23.2.5 2009/01/22 00:00:48 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_get_next, ber_skip_tag, ber_peek_tag, ber_scanf, ber_get_int, ber_get_enum, ber_get_stringb, ber_get_stringa, ber_get_stringal, ber_get_stringbv, ber_get_null, ber_get_boolean, ber_get_bitstring, ber_first_element, ber_next_element \- OpenLDAP LBER simplified Basic Encoding Rules library routines for decoding

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-encode.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-encode.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-encode.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LBER_ENCODE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.21.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-encode.3,v 1.21.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_alloc_t, ber_flush, ber_flush2, ber_printf, ber_put_int, ber_put_enum, ber_put_ostring, ber_put_string, ber_put_null, ber_put_boolean, ber_put_bitstring, ber_start_seq, ber_start_set, ber_put_seq, ber_put_set \- OpenLDAP LBER simplified Basic Encoding Rules library routines for encoding

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-memory.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-memory.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-memory.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LBER_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.14.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-memory.3,v 1.14.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_memalloc, ber_memcalloc, ber_memrealloc, ber_memfree, ber_memvfree \- OpenLDAP LBER memory allocators

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-sockbuf.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LBER_SOCKBUF 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-sockbuf.3,v 1.2.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-sockbuf.3,v 1.2.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_sockbuf_alloc, ber_sockbuf_free, ber_sockbuf_ctrl, ber_sockbuf_add_io, ber_sockbuf_remove_io, Sockbuf_IO \- OpenLDAP LBER I/O infrastructure

Modified: openldap/vendor/openldap-release/doc/man/man3/lber-types.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/lber-types.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/lber-types.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LBER_TYPES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.19.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/lber-types.3,v 1.19.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ber_int_t, ber_uint_t, ber_len_t, ber_slen_t, ber_tag_t, struct berval, BerValue, BerVarray, BerElement, ber_bvfree, ber_bvecfree, ber_bvecadd, ber_bvarray_free, ber_bvarray_add, ber_bvdup, ber_dupbv, ber_bvstr, ber_bvstrdup, ber_str2bv, ber_alloc_t, ber_init, ber_init2, ber_free \- OpenLDAP LBER types and allocation functions

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.40.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap.3,v 1.40.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap \- OpenLDAP Lightweight Directory Access Protocol API

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_abandon.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_ABANDON 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.17.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_abandon.3,v 1.17.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_abandon_ext \- Abandon an LDAP operation in progress

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_add.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_add.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_add.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_ADD 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.17.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_add.3,v 1.17.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_add_ext, ldap_add_ext_s \- Perform an LDAP add operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_bind.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_BIND 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.20.2.5 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_bind.3,v 1.20.2.6 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_bind, ldap_bind_s, ldap_simple_bind, ldap_simple_bind_s, ldap_sasl_bind, ldap_sasl_bind_s, ldap_sasl_interactive_bind_s, ldap_parse_sasl_bind_result, ldap_unbind, ldap_unbind_s, ldap_unbind_ext, ldap_unbind_ext_s, ldap_set_rebind_proc \- LDAP bind routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_compare.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_COMPARE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.16.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_compare.3,v 1.16.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_compare, ldap_compare_s, ldap_compare_ext, ldap_compare_ext_s \- Perform an LDAP compare operation.

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_controls.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_CONTROLS 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_controls.3,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_controls.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_control_create, ldap_control_find, ldap_control_dup,

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_delete.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_DELETE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.16.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_delete.3,v 1.16.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_delete, ldap_delete_s, ldap_delete_ext, ldap_delete_ext_s \- Perform an LDAP delete operation.

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_error.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_error.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_error.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_ERROR 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.21.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_error.3,v 1.21.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_perror, ld_errno, ldap_result2error, ldap_errlist, ldap_err2string \- LDAP protocol error handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_extended_operation.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_EXTENDED_OPERATION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.1.2.6 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_extended_operation.3,v 1.1.2.7 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_extended_operation, ldap_extended_operation_s \- Extends the LDAP operations to the LDAP server.

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_attribute.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_ATTRIBUTE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.21.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_attribute.3,v 1.21.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_attribute, ldap_next_attribute \- step through LDAP entry attributes

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_entry.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_ENTRY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.16.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_entry.3,v 1.16.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_entry, ldap_next_entry, ldap_count_entries \- LDAP result entry parsing and counting routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_message.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_MESSAGE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_message.3,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_message, ldap_next_message, ldap_count_messages \- Stepping through messages in a result chain

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_first_reference.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_FIRST_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_first_reference.3,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_first_reference, ldap_next_reference, ldap_count_references \- Stepping through continuation references in a result chain

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_dn.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_GET_DN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.28.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_dn.3,v 1.28.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_get_dn, ldap_explode_dn, ldap_explode_rdn, ldap_dn2ufn \- LDAP DN handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_option.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_GET_OPTION 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_option.3,v 1.3.2.5 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_option.3,v 1.3.2.6 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_get_option, ldap_set_option \- LDAP option handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_get_values.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_GET_VALUES 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.17.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_get_values.3,v 1.17.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_get_values, ldap_get_values_len, ldap_count_values \- LDAP attribute value handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_memory.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_MEMORY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_memory.3,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_memory.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_memfree, ldap_memvfree, ldap_memalloc, ldap_memcalloc, ldap_memrealloc, ldap_strdup \- LDAP memory allocation routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_modify.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_MODIFY 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.14.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modify.3,v 1.14.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_modify_ext, ldap_modify_ext_s \- Perform an LDAP modify operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_modrdn.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_MODRDN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.14.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_modrdn.3,v 1.14.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_modrdn, ldap_modrdn_s, ldap_modrdn2, ldap_modrdn2_s \- Perform an LDAP modify RDN operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_open.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_open.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_open.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_OPEN 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.16.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_open.3,v 1.16.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_init, ldap_initialize, ldap_open \- Initialize the LDAP library and open a connection to an LDAP server

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_reference.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_PARSE_REFERENCE 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.12.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_reference.3,v 1.12.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_parse_reference \- Extract referrals and controls from a reference message

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_result.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_PARSE_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_result.3,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_parse_result \- Parsing results

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_sort_control.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_PARSE_SORT-CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_sort_control.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_parse_sort_control \- Decode the information returned from a search operation that used a server-side sort control

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_parse_vlv_control.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_PARSE_VLV_CONTROL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.1.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_parse_vlv_control.3,v 1.1.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_parse_vlv_control \- Decode the information returned from a search operation that used a VLV (virtual list view) control

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_rename.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_RENAME 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_rename.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_rename, ldap_rename_s \- Renames the specified entry.

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_result.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_result.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_result.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_RESULT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.20.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_result.3,v 1.20.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_result \- Wait for the result of an LDAP operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_schema.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_SCHEMA 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.15.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 2000-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_schema.3,v 1.15.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 2000-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_str2syntax, ldap_syntax2str, ldap_syntax2name, ldap_syntax_free, ldap_str2matchingrule, ldap_matchingrule2str, ldap_matchingrule2name, ldap_matchingrule_free, ldap_str2attributetype, ldap_attributetype2str, ldap_attributetype2name, ldap_attributetype_free, ldap_str2objectclass, ldap_objectclass2str, ldap_objectclass2name, ldap_objectclass_free, ldap_scherr2str \- Schema definition handling routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_search.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_search.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_search.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_SEARCH 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.22.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_search.3,v 1.22.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_search, ldap_search_s, ldap_search_st, ldap_search_ext, ldap_search_ext_s \- Perform an LDAP search operation

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_sort.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_SORT 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.15.2.4 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sort.3,v 1.15.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_sort_entries, ldap_sort_values, ldap_sort_strcasecmp \- LDAP sorting routines (deprecated)

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_sync.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_SYNC 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sync.3,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 2006-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_sync.3,v 1.1.2.5 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_sync_init, ldap_sync_init_refresh_only, ldap_sync_init_refresh_and_persist, ldap_sync_poll \- LDAP sync routines
@@ -8,7 +8,7 @@
 OpenLDAP LDAP (libldap, -lldap)
 .SH SYNOPSIS
 .nf
-.B #include <ldap_sync.h>
+.B #include <ldap.h>
 .LP
 .BI "int ldap_sync_init(ldap_sync_t *" ls ", int " mode ");"
 .LP

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_tls.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_TLS 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_tls.3,v 1.1.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_tls.3,v 1.1.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_start_tls, ldap_start_tls_s, ldap_tls_inplace, ldap_install_tls \- LDAP TLS initialization routines

Modified: openldap/vendor/openldap-release/doc/man/man3/ldap_url.3
===================================================================
--- openldap/vendor/openldap-release/doc/man/man3/ldap_url.3	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man3/ldap_url.3	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDAP_URL 3 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.18.2.5 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man3/ldap_url.3,v 1.18.2.6 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldap_is_ldap_url, ldap_url_parse, ldap_free_urldesc \- LDAP Uniform Resource Locator routines

Modified: openldap/vendor/openldap-release/doc/man/man5/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # man5 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man5/Makefile.in,v 1.11.2.3 2008/02/11 23:26:39 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man5/Makefile.in,v 1.11.2.4 2009/01/22 00:00:49 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/ldap.conf.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,11 +1,11 @@
 .TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.33.2.6 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldap.conf.5,v 1.33.2.10 2009/01/26 21:32:04 quanah Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
-ldap.conf, .ldaprc \- ldap configuration file
+ldap.conf, .ldaprc \- LDAP configuration file/environment variables
 .SH SYNOPSIS
-ETCDIR/ldap.conf, .ldaprc
+ETCDIR/ldap.conf, ldaprc, .ldaprc, $LDAP<option-name>
 .SH DESCRIPTION
 If the environment variable \fBLDAPNOINIT\fP is defined, all
 defaulting is disabled.
@@ -45,6 +45,17 @@
 .I ldap.conf
 (or file specified by
 .BR LDAPCONF ).
+.LP
+Thus the following files and variables are read, in order:
+.nf
+    variable     $LDAPNOINIT, and if that is not set:
+    system file  ETCDIR/ldap.conf,
+    user files   $HOME/ldaprc,  $HOME/.ldaprc,  ./ldaprc,
+    system file  $LDAPCONF,
+    user files   $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
+    variables    $LDAP<option-name>.
+.fi
+Settings late in the list override earlier ones.
 .SH OPTIONS
 The configuration options are case-insensitive;
 their value, on a case by case basis, may be case-sensitive.
@@ -261,6 +272,22 @@
 specifies the maximum security layer receive buffer
 size allowed.  0 disables security layers.  The default is 65536.
 .RE
+.SH GSSAPI OPTIONS
+If OpenLDAP is built with Generic Security Services Application Programming Interface support,
+there are more options you can specify.
+.TP
+.B GSSAPI_SIGN <on/true/yes/off/false/no>
+Specifies if GSSAPI signing (GSS_C_INTEG_FLAG) should be used.
+The default is off.
+.TP
+.B GSSAPI_ENCRYPT <on/true/yes/off/false/no>
+Specifies if GSSAPI encryption (GSS_C_INTEG_FLAG and GSS_C_CONF_FLAG)
+should be used. The default is off.
+.TP
+.B GSSAPI_ALLOW_REMOTE_PRINCIPAL <on/true/yes/off/false/no>
+Specifies if GSSAPI based authentification should try to form the
+target principal name out of the ldapServiceName or dnsHostName
+attribute of the targets RootDSE entry. The default is off.
 .SH TLS OPTIONS
 If OpenLDAP is built with Transport Layer Security support, there
 are more options you can specify.  These options are used when an
@@ -296,6 +323,18 @@
 Specifies acceptable cipher suite and preference order.
 <cipher-suite-spec> should be a cipher specification for OpenSSL,
 e.g., HIGH:MEDIUM:+SSLv2.
+
+To check what ciphers a given spec selects, use:
+
+.nf
+	openssl ciphers -v <cipher-suite-spec>
+.fi
+
+To obtain the list of ciphers in GNUtls use:
+
+.nf
+	gnutls-cli -l
+.fi
 .TP
 .B TLS_RANDFILE <filename>
 Specifies the file to obtain random bits from when /dev/[u]random is

Modified: openldap/vendor/openldap-release/doc/man/man5/ldif.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/ldif.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/ldif.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 .TH LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.22.2.3 2008/02/11 23:26:39 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/ldif.5,v 1.22.2.4 2009/01/22 00:00:49 kurt Exp $
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 ldif \- LDAP Data Interchange Format

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-bdb.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-BDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.31.2.5 2008/02/11 23:26:39 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-bdb.5,v 1.31.2.9 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapd-bdb, slapd-hdb \- Berkeley DB backends to slapd
 .SH SYNOPSIS
@@ -60,6 +60,10 @@
 \fI<min>\fP minutes to perform the checkpoint.
 See the Berkeley DB reference guide for more details.
 .TP
+.B checksum
+Enable checksum validation of DB pages whenever they are read from disk.
+This setting can only be configured before any database files are created.
+.TP
 .BI cryptfile \ <file>
 Specify the pathname of a file containing an encryption key to use for
 encrypting the database. Encryption is performed using Berkeley DB's
@@ -111,6 +115,19 @@
 security.
 See the Berkeley DB reference guide for more details.
 .TP
+\fBdbpagesize \fR \fI<dbfile> <size>\fR
+Specify the page size to use for a particular database file, in units
+of 1024 bytes. The default for the
+.B id2entry
+file is 16, the default for all other files depends on the size of the
+underlying filesystem's block size (typically 4 or 8).
+The maximum that BerkeleyDB supports is 64. This
+setting usually should not need to be changed, but if BerkeleyDB's
+"db_stat -d" shows a large amount of overflow pages in use in a file,
+setting a larger size may increase performance at the expense of
+data integrity. This setting only takes effect when a database is
+being newly created. See the Berkeley DB reference guide for more details.
+.TP
 .BI directory \ <directory>
 Specify the directory where the BDB files containing this database and
 associated indexes live.
@@ -131,6 +148,12 @@
 Specify the maximum number of DNs in the in-memory DN cache. The
 default is twice the \fBcachesize\fP. Ideally this cache should be
 large enough to contain the DNs of every entry in the database.
+It should be noted that the \fBDN cache\fP is allowed to temporarily
+grow beyond the configured size. It does this if many entries are 
+locked when it tries to do a purge, because that means they're
+legitimately in use. Also, the \fBDN cache\fP never purges entries
+that have cached children, so depending on the shape of the DIT, it 
+could have lots of cached DNs over the defined limit.
 .TP
 .BI idlcachesize \ <integer>
 Specify the size of the in-memory index cache, in index slots. The
@@ -243,6 +266,7 @@
 Berkeley DB configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd (8),
 .BR slapadd (8),
 .BR slapcat (8),

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-config.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-config.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-config.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-CONFIG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-config.5,v 1.13.2.9 2008/05/29 22:54:56 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-config.5,v 1.13.2.13 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd-config \- configuration backend to slapd
 .SH SYNOPSIS
@@ -1204,7 +1204,7 @@
 .BR olcLimits
 for an explanation of the different flags.
 .TP
-.B olcSortVals <attr> [...]
+.B olcSortVals: <attr> [...]
 Specify a list of multi-valued attributes whose values will always
 be maintained in sorted order. Using this option will allow Modify,
 Compare, and filter evaluations on these attributes to be performed
@@ -1234,6 +1234,14 @@
 type of backend. All of the Global Database Options may also be
 used here.
 .TP
+.B olcAddContentAcl: TRUE | FALSE
+Controls whether Add operations will perform ACL checks on
+the content of the entry being added. This check is off
+by default. See the
+.BR slapd.access (5)
+manual page for more details on ACL requirements for
+Add operations.
+.TP
 .B olcHidden: TRUE | FALSE
 Controls whether the database will be used to answer
 queries. A database that is hidden will never be
@@ -1250,23 +1258,33 @@
 the entryCSN and entryUUID attributes, which are needed
 by the syncrepl provider. By default, olcLastMod is TRUE.
 .TP
-.B olcLimits: <who> <limit> [<limit> [...]]
-Specify time and size limits based on who initiated an operation.
+.B olcLimits: <selector> <limit> [<limit> [...]]
+Specify time and size limits based on the operation's initiator or
+base DN.
 The argument
-.B who
+.B <selector>
 can be any of
 .RS
 .RS
 .TP
-anonymous | users | [dn[.<style>]=]<pattern> | group[/oc[/at]]=<pattern>
+anonymous | users | [<dnspec>=]<pattern> | group[/oc[/at]]=<pattern>
 
 .RE
 with
 .RS
 .TP
+<dnspec> ::= dn[.<type>][.<style>]
+.TP
+<type>  ::= self | this
+.TP
 <style> ::= exact | base | onelevel | subtree | children | regex | anonymous
 
 .RE
+DN type
+.B self
+is the default and means the bound user, while
+.B this
+means the base DN of the operation.
 The term
 .B anonymous
 matches all unauthenticated clients.
@@ -1300,7 +1318,7 @@
 The same behavior is obtained by using the 
 .B anonymous
 form of the
-.B who
+.B <selector>
 clause.
 The term
 .BR group ,
@@ -1414,7 +1432,7 @@
 to preserve the original behavior.
 
 In case of no match, the global limits are used.
-The default values are the same as
+The default values are the same as for
 .B olcSizeLimit
 and
 .BR olcTimeLimit ;
@@ -1569,8 +1587,12 @@
 Specify the DN suffix of queries that will be passed to this 
 backend database.  Multiple suffix lines can be given and at least one is 
 required for each database definition.
+
 If the suffix of one database is "inside" that of another, the database
 with the inner suffix must come first in the configuration file.
+You may also want to glue such databases together with the
+.B olcSubordinate
+attribute.
 .HP
 .hy 0
 .B olcSyncrepl: rid=<replica ID>

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-dnssrv.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-DNSSRV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.11.2.4 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-dnssrv.5,v 1.11.2.5 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd-dnssrv \- DNS SRV referral backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldap.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.41.2.8 2008/07/10 00:28:39 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldap.5,v 1.41.2.12 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapd-ldap \- LDAP backend to slapd
 .SH SYNOPSIS
@@ -37,6 +37,15 @@
 .BR slapd.conf (5)
 for details.
 
+The proxy instance of
+.BR slapd (8)
+must contain schema information for the attributes and objectClasses
+used in filters, request DN and request-related data in general.
+It should also contain schema information for the data returned
+by the proxied server.
+It is the responsibility of the proxy administrator to keep the schema
+of the proxy lined up with that of the proxied server.
+
 .LP
 Note: When looping back to the same instance of
 .BR slapd (8), 
@@ -392,6 +401,17 @@
 By default, they are returned unless request is LDAPv2.
 
 .TP
+.B noundeffilter <NO|yes>
+If
+.BR yes ,
+return success instead of searching if a filter is undefined or contains
+undefined portions.
+By default, the search is propagated after replacing undefined portions
+with
+.BR (!(objectClass=*)) ,
+which corresponds to the empty result set.
+
+.TP
 .B protocol\-version {0,2,3}
 This directive indicates what protocol version must be used to contact
 the remote server.
@@ -689,6 +709,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd\-meta (5),
 .BR slapo\-chain (5),
 .BR slapo\-pcache (5),

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldbm.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-LDBM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.14.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldbm.5,v 1.14.2.4 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd-ldbm \- Discontinued LDBM backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ldif.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-LDIF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.3.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ldif.5,v 1.3.2.5 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapd-ldif \- LDIF backend to slapd
 .SH SYNOPSIS
@@ -47,6 +47,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd (8),
 .BR ldif (5).
 .SH AUTHOR

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-meta.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 .TH SLAPD-META 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.46.2.11 2008/07/10 00:28:39 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-meta.5,v 1.46.2.14 2009/01/22 00:00:50 kurt Exp $
 .\"
 .\" Portions of this document should probably be moved to slapd-ldap(5)
 .\" and maybe manual pages for librewrite.
@@ -38,6 +38,15 @@
 carefully considered.
 In the examples section, some typical scenarios will be discussed.
 
+The proxy instance of
+.BR slapd (8)
+must contain schema information for the attributes and objectClasses
+used in filters, request DN and request-related data in general.
+It should also contain schema information for the data returned
+by the proxied server.
+It is the responsibility of the proxy administrator to keep the schema
+of the proxy lined up with that of the proxied server.
+
 .LP
 Note: When looping back to the same instance of \fBslapd\fP(8), 
 each connection requires a new thread; as a consequence, \fBslapd\fP(8)
@@ -137,6 +146,19 @@
 overridden by any per-target directive.
 
 .TP
+.B noundeffilter <NO|yes>
+If
+.BR yes ,
+return success instead of searching if a filter is undefined or contains
+undefined portions.
+By default, the search is propagated after replacing undefined portions
+with
+.BR (!(objectClass=*)) ,
+which corresponds to the empty result set.
+If set before any target specification, it affects all targets, unless
+overridden by any per-target directive.
+
+.TP
 .B protocol\-version {0,2,3}
 This directive indicates what protocol version must be used to contact
 the remote server.

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-monitor.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.9.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-monitor.5,v 1.9.2.5 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapd-monitor \- Monitor backend to slapd
 .SH SYNOPSIS
@@ -118,6 +118,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd.access (5),
 .BR slapd (8),
 .BR ldap (3).

Added: openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5	                        (rev 0)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-ndb.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,126 @@
+.TH SLAPD-NDB 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-ndb.5,v 1.4.2.3 2009/01/30 20:08:05 quanah Exp $
+.SH NAME
+slapd-ndb \- MySQL NDB backend to slapd
+.SH SYNOPSIS
+.B ETCDIR/slapd.conf
+.SH DESCRIPTION
+The \fBndb\fP backend to
+.BR slapd (8)
+uses the MySQL Cluster package to store data, through its NDB API.
+It provides fault tolerance with extreme scalability, along with
+a degree of SQL compatibility.
+.LP
+This backend is designed to store LDAP information using tables that
+are also visible from SQL. It uses a higher level SQL API for creating
+these tables, while using the low level NDB API for storing and
+retrieving the data within these tables. The NDB Cluster engine
+allows data to be partitioned across multiple data nodes, and this
+backend allows multiple slapd instances to operate against a given
+database concurrently.
+.LP
+The general approach is to use distinct tables for each LDAP object class.
+Entries comprised of multiple object classes will have their data
+spread across multiple tables. The data tables use a 64 bit entryID
+as their primary key. The DIT hierarchy is maintained in a separate
+table, which maps DNs to entryIDs.
+.LP
+This backend is experimental. While intended to be a general-purpose
+backend, it is currently missing a number of common LDAP features.
+See the \fBTODO\fP file in the source directory for details.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the \fBndb\fP backend database.
+That is, they must follow a "database ndb" line and
+come before any subsequent "backend" or "database" lines.
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+
+.SH DATA SOURCE CONFIGURATION
+
+.TP
+.B dbhost <hostname>
+The name or IP address of the host running the MySQL server. The default
+is "localhost". On Unix systems, the connection to a local server is made
+using a Unix Domain socket, whose path is specified using the
+.B dbsocket
+directive.
+.TP
+.B dbuser <username>
+The MySQL login ID to use when connecting to the MySQL server. The chosen
+user must have sufficient privileges to manipulate the SQL tables in the
+target database.
+.TP
+.B dbpasswd <password>
+The password for the \fBdbuser\fP.
+.TP
+.B dbname <database name>
+The name of the MySQL database to use.
+.TP
+.B dbport <port>
+The port number to use for the TCP connection to the MySQL server.
+.TP
+.B dbsocket <path>
+The socket to be used for connecting to a local MySQL server.
+.TP
+.B dbflag <integer>
+Client flags for the MySQL session. See the MySQL documentation for details.
+.TP
+.B dbconnect <connectstring>
+The name or IP address of the host running the cluster manager. The default
+is "localhost".
+.TP
+.B dbconnections <integer>
+The number of cluster connections to establish. Using up to 4 may improve
+performance under heavier load. The default is 1.
+
+.SH SCHEMA CONFIGURATION
+.TP
+.B attrlen <attribute> <length>
+Specify the column length to use for a particular attribute. LDAP attributes are
+stored in individual columns of the SQL tables. The maximum column lengths for
+each column must be specified when creating these tables. If a length constraint
+was specified in the attribute's LDAP schema definition, that value will be used
+by default. If the schema didn't specify a constraint, the default is 128 bytes.
+Currently the maximum is 1024.
+.TP
+.B index <attr[,attr...]>
+Specify a list of attributes for which indexing should be maintained.
+Currently there is no support for substring indexing; a single index structure
+provides presence, equality, and inequality indexing for the specified attributes.
+.TP
+.B attrset <set> <attrs>
+Specify a list of attributes to be treated as an attribute set. This directive
+creates a table named \fIset\fP which will contain all of the listed attributes.
+Ordinarily an attribute resides in a table named by an object class that uses
+the attribute. However, attributes are only allowed to appear in a single table.
+For attributes that are derived from an inherited object class definition,
+the attribute will only be stored in the superior class's table.
+Attribute sets should be defined for any attributes that are used in multiple
+unrelated object classes, i.e., classes that are not connected by a simple
+inheritance chain.
+.SH ACCESS CONTROL
+The 
+.B ndb
+backend honors most access control semantics as indicated in
+.BR slapd.access (5).
+.SH FILES
+.TP
+.B ETCDIR/slapd.conf
+default 
+.B slapd 
+configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapd (8),
+.BR slapadd (8),
+.BR slapcat (8),
+.BR slapindex (8),
+MySQL Cluster documentation.
+.SH AUTHOR
+Howard Chu, with assistance from Johan Andersson et al @ MySQL.

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-null.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-null.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-null.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-NULL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2008 The OpenLDAP Foundation.  All Rights Reserved.
+.\" Copyright 2002-2009 The OpenLDAP Foundation.  All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.10.2.4 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-null.5,v 1.10.2.5 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd-null \- Null backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-passwd.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-PASSWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.11.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-passwd.5,v 1.11.2.4 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd-passwd \- /etc/passwd backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-relay.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,7 @@
 .TH SLAPD-RELAY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-relay.5,v 1.4.4.3 2009/01/30 20:14:10 quanah Exp $
 .SH NAME
 slapd-relay \- relay backend to slapd
 .SH SYNOPSIS
@@ -199,5 +202,6 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapo-rwm (5),
 .BR slapd (8).

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-shell.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-SHELL 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.16.2.5 2008/02/11 23:49:02 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.16.2.6 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd-shell \- Shell backend to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd-sock.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD-SOCK 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2007-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2007-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sock.5,v 1.3.2.1 2008/02/09 00:46:08 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-sock.5,v 1.3.2.3 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapd-sock \- Socket backend to slapd
 .SH SYNOPSIS
@@ -243,6 +243,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd (8).
 .SH AUTHOR
 Brian Candler

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.access.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.access.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.access.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD.ACCESS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.70.2.10 2008/07/09 00:48:35 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.access.5,v 1.70.2.16 2009/02/02 22:45:18 quanah Exp $
 .SH NAME
 slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
 .SH SYNOPSIS
@@ -54,11 +54,18 @@
 If no access controls are present, the default policy
 allows anyone and everyone to read anything but restricts
 updates to rootdn.  (e.g., "access to * by * read").
-The rootdn can always read and write EVERYTHING!
 .LP
+When dealing with an access list, because the global access list is 
+effectively appended to each per-database list, if the resulting 
+list is non-empty then the access list will end with an implicit 
+.B access to * by * none
+directive. If there are no access directives applicable to a backend, 
+then a default read is used.
+.LP
+.B Be warned: the rootdn can always read and write EVERYTHING!
+.LP
 For entries not held in any backend (such as a root DSE), the
-directives of the first backend (and any global directives) are
-used.
+global directives are used.
 .LP
 Arguments that should be replaced by actual text are shown in
 brackets <>.
@@ -369,6 +376,10 @@
 or the form
 .BR ${<digit>+} ,
 for submatches higher than 9.
+Substring substitution from attribute value can
+be done in 
+using the form
+.BR ${v<digit>+} .
 Since the dollar character is used to indicate a substring replacement,
 the dollar character that is used to indicate match up to the end of
 the string must be escaped by a second dollar character, e.g.
@@ -728,7 +739,8 @@
 An example is the
 .B selfwrite
 access to the member attribute of a group, which allows one to add/delete
-its own DN from the member list of a group, without affecting other members.
+its own DN from the member list of a group, while being not allowed
+to affect other members.
 .LP
 The 
 .B level 
@@ -910,7 +922,15 @@
 .B add
 access to
 .B children
-of the empty DN ("") is required.
+of the empty DN ("") is required. Also if
+Add content ACL checking has been configured on
+the database (see the
+.BR slapd.conf (5)
+or
+.BR slapd-config (5)
+manual page),
+.B add (=a)
+will be required on all of the attributes being added.
 
 .LP
 The 

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.backends.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD.BACKENDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2006-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.backends.5,v 1.3.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.backends.5,v 1.3.2.5 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd.backends \- backends for slapd, the stand-alone LDAP daemon
 .SH DESCRIPTION
@@ -71,6 +71,11 @@
 .B monitor
 backend may be defined.
 .TP
+.B ndb
+This backend is experimental.
+It uses the transactional database interface of the MySQL Cluster Engine
+(NDB) to store data.
+.TP
 .B null
 Operations in this backend succeed but do nothing.
 .TP

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.conf.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.239.2.18 2008/05/29 22:54:56 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.conf.5,v 1.239.2.27 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd.conf \- configuration file for slapd, the stand-alone LDAP daemon
 .SH SYNOPSIS
@@ -226,7 +226,7 @@
 .B dn[.<dnstyle>]:<pattern>
 .RE
 .RS
-.B u[<mech>[<realm>]]:<pattern>
+.B u[.<mech>[/<realm>]]:<pattern>
 .RE
 .RS
 .B group[/objectClass[/attributeType]]:<pattern>
@@ -314,7 +314,8 @@
 A subset of these rules can be used as third arg in the 
 .B authz-regexp
 statement (see below); significantly, the 
-.I URI
+.IR URI ,
+provided it results in exactly one entry,
 and the
 .I dn.exact:<dn> 
 forms.
@@ -322,8 +323,10 @@
 .TP
 .B authz-regexp <match> <replace>
 Used by the authentication framework to convert simple user names,
-such as provided by SASL subsystem, to an LDAP DN used for
-authorization purposes.  Note that the resultant DN need not refer
+such as provided by SASL subsystem, or extracted from certificates
+in case of cert-based SASL EXTERNAL, or provided within the RFC 4370
+"proxied authorization" control, to an LDAP DN used for
+authorization purposes.  Note that the resulting DN need not refer
 to an existing entry to be considered valid.  When an authorization
 request is received from the SASL subsystem, the SASL 
 .BR USERNAME ,
@@ -424,6 +427,12 @@
 .B tls_authc
 disallows the StartTLS operation if authenticated (see also
 .BR tls_2_anon ).
+.B proxy_authz_non_critical
+disables acceptance of the proxied authorization control (RFC4370)
+when criticality is FALSE.
+.B dontusecopy_non_critical
+disables acceptance of the dontUseCopy control (a work in progress)
+when criticality is FALSE.
 .HP
 .hy 0
 .B ditcontentrule "(\ <oid>\
@@ -508,6 +517,37 @@
 depend on these parameters and recreating them with
 .BR slapindex (8).
 
+.HP
+.hy 0
+.B ldapsyntax "(\ <oid>\
+ [DESC\ <description>]\
+ [X-SUBST <substitute\-syntax>]\ )"
+.RS
+Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512.
+The slapd parser extends the RFC 4512 definition by allowing string
+forms as well as numeric OIDs to be used for the syntax OID.
+(See the
+.B objectidentifier
+description.) 
+The slapd parser also honors the
+.B X-SUBST
+extension (an OpenLDAP-specific extension), which allows to use the
+.B ldapsyntax
+statement to define a non-implemented syntax along with another syntax,
+the extension value
+.IR substitute\-syntax ,
+as its temporary replacement.
+The
+.I substitute\-syntax
+must be defined.
+This allows to define attribute types that make use of non-implemented syntaxes
+using the correct syntax OID.
+Unless 
+.B X-SUBST
+is used, this configuration statement would result in an error,
+since no handlers would be associated to the resulting syntax structure.
+.RE
+
 .TP
 .B localSSF <SSF>
 Specifies the Security Strength Factor (SSF) to be given local LDAP sessions,
@@ -1121,7 +1161,22 @@
 or
 .BR sql ,
 depending on which backend will serve the database.
+
+LDAP operations, even subtree searches, normally access only one
+database.
+That can be changed by gluing databases together with the
+.B subordinate
+keyword.
+Access controls and some overlays can also involve multiple databases.
 .TP
+.B add_content_acl on | off
+Controls whether Add operations will perform ACL checks on
+the content of the entry being added. This check is off
+by default. See the
+.BR slapd.access (5)
+manual page for more details on ACL requirements for
+Add operations.
+.TP
 .B hidden on | off
 Controls whether the database will be used to answer
 queries. A database that is hidden will never be
@@ -1138,23 +1193,33 @@
 the entryCSN and entryUUID attributes, which are needed
 by the syncrepl provider. By default, lastmod is on.
 .TP
-.B limits <who> <limit> [<limit> [...]]
-Specify time and size limits based on who initiated an operation.
+.B limits <selector> <limit> [<limit> [...]]
+Specify time and size limits based on the operation's initiator or
+base DN.
 The argument
-.B who
+.B <selector>
 can be any of
 .RS
 .RS
 .TP
-anonymous | users | [dn[.<style>]=]<pattern> | group[/oc[/at]]=<pattern>
+anonymous | users | [<dnspec>=]<pattern> | group[/oc[/at]]=<pattern>
 
 .RE
 with
 .RS
 .TP
+<dnspec> ::= dn[.<type>][.<style>]
+.TP
+<type>  ::= self | this
+.TP
 <style> ::= exact | base | onelevel | subtree | children | regex | anonymous
 
 .RE
+DN type
+.B self
+is the default and means the bound user, while
+.B this
+means the base DN of the operation.
 The term
 .B anonymous
 matches all unauthenticated clients.
@@ -1188,7 +1253,7 @@
 The same behavior is obtained by using the 
 .B anonymous
 form of the
-.B who
+.B <selector>
 clause.
 The term
 .BR group ,
@@ -1290,7 +1355,7 @@
 .IR unlimited , 
 no limit is applied (the default).
 If it is set to
-.IR disable ,
+.IR disabled ,
 the search is not even performed; this can be used to disallow searches
 for a specific set of users.
 If no limit specifier is set, the value is assigned to the
@@ -1302,7 +1367,7 @@
 to preserve the original behavior.
 
 In case of no match, the global limits are used.
-The default values are the same of
+The default values are the same as for
 .B sizelimit
 and
 .BR timelimit ;
@@ -1459,8 +1524,12 @@
 Specify the DN suffix of queries that will be passed to this 
 backend database.  Multiple suffix lines can be given and at least one is 
 required for each database definition.
+
 If the suffix of one database is "inside" that of another, the database
 with the inner suffix must come first in the configuration file.
+You may also want to glue such databases together with the
+.B subordinate
+keyword.
 .TP
 .B subordinate [advertise]
 Specify that the current backend database is a subordinate of another
@@ -1625,6 +1694,9 @@
 for the first 10 times and then retry every 300 seconds for the next 3
 times before stop retrying. The `+' in <# of retries> means indefinite
 number of retries until success.
+If no 
+.B retry
+was specified, by default syncrepl retries every hour forever.
 
 The schema checking can be enforced at the LDAP Sync
 consumer site by turning on the

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.overlays.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPD.OVERLAYS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2006-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.overlays.5,v 1.4.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd.overlays.5,v 1.4.2.4 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapd.overlays \- overlays for slapd, the stand-alone LDAP daemon
 .SH DESCRIPTION

Modified: openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapd.plugin.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 .TH SLAPD.PLUGIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2002-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2002-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
 slapd.plugin \- plugin configuration for slapd, the stand-alone LDAP daemon

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-accesslog.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-ACCESSLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.9.2.5 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-accesslog.5,v 1.9.2.7 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapo-accesslog \- Access Logging overlay to slapd
 .SH SYNOPSIS
@@ -475,7 +475,8 @@
 ETCDIR/slapd.conf
 default slapd configuration file
 .SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5).
 
 .SH ACKNOWLEDGEMENTS
 .P

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-auditlog.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-AUDITLOG 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.3.2.5 2008/02/12 00:29:21 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-auditlog.5,v 1.3.2.6 2009/01/22 00:00:50 kurt Exp $
 .SH NAME
 slapo-auditlog \- Audit Logging overlay to slapd
 .SH SYNOPSIS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-chain.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.10.2.4 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-chain.5,v 1.10.2.6 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapo-chain \- chain overlay to slapd
 .SH SYNOPSIS
@@ -141,6 +141,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd\-ldap (5),
 .BR slapd (8).
 .SH AUTHOR

Added: openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5	                        (rev 0)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-collect.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,52 @@
+.TH SLAPO-COLLECT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2003-2009 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-collect.5,v 1.3.2.3 2009/01/30 20:08:05 quanah Exp $
+.SH NAME
+slapo-collect \- Collective attributes overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The collect overlay is used to provide a relatively coarse
+implementation of RFC 3671 collective attributes.
+In X.500, a collective attribute is "a user attribute whose
+values are the same for each member of an entry collection".
+
+Collective attributes are added to entries returned by a search operation
+when the entry is within the scope of the related ancestor.
+Collective attributes can only be modified when the modification affects
+the related ancestor.
+
+.SH CONFIGURATION
+This
+.B slapd.conf
+option applies to the collect overlay.
+It should appear after the
+.B overlay
+directive.
+.TP
+.B collectinfo <DN> <attrlist>
+Specify the
+.B DN
+of the ancestor entry and the set of related collective attributes, where
+.B attrlist
+is a comma-separated list of attributes.
+The
+.B DN 
+should be within the naming context of the database.
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+The
+.BR slapo-collect (5)
+overlay supports dynamic configuration via
+.BR back-config .
+.SH ACKNOWLEDGEMENTS
+This module was written in 2003 by Howard Chu.
+This man page was written in 2008 by Pierangelo Masarati.
+.so ../Project

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-constraint.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 .TH SLAPO-CONSTRAINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
 .\" Copyright 2005-2006 Hewlett-Packard Company
-.\" Copyright 2006-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2006-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-constraint.5,v 1.2.2.5 2008/05/27 19:59:47 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-constraint.5,v 1.2.2.15 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapo-constraint \- Attribute Constraint Overlay to slapd
 .SH SYNOPSIS
@@ -17,8 +17,13 @@
 certain string represented data which have well known canonical forms,
 like telephone numbers, post codes, FQDNs, etc.
 .LP
-It constrains only LDAP adds and modify commands and only seeks to
-control the add and modify value of a modify request.
+It constrains only LDAP \fIadd\fP, \fImodify\fP and \fIrename\fP commands
+and only seeks to control the \fIadd\fP and \fIreplace\fP values
+of \fImodify\fP and \fIrename\fP requests.
+.LP
+No constraints are applied for operations performed with the
+.I relax
+control set.
 .SH CONFIGURATION
 This
 .B slapd.conf
@@ -27,15 +32,16 @@
 .B overlay
 directive.
 .TP
-.B constraint_attribute <attribute_name> <type> <value>
-Specifies the constraint which should apply to the attribute named as
-the first parameter.
+.B constraint_attribute <attribute_name>[,...] <type> <value> [<extra> [...]]
+Specifies the constraint which should apply to the comma-separated
+attribute list named as the first parameter.
 Two types of constraint are currently supported -
-.B regex ,
-.B size ,
-.B count ,
+.BR regex ,
+.BR size ,
+.BR count ,
+.BR uri ,
 and
-.BR uri .
+.BR set .
 
 The parameter following the
 .B regex
@@ -47,12 +53,45 @@
 It must not include a hostname, and it must include a list of attributes
 to evaluate.
 
+The parameter following the
+.B set
+type is a string that is interpreted according to the syntax in use
+for ACL sets.  This allows to construct constraints based on the contents
+of the entry.
+
 The 
 .B size
-type can be used to enfore a limit on an attribute length, and the
+type can be used to enforce a limit on an attribute length, and the
 .B count
-type limits the count of an attribute.
+type limits the number of values of an attribute.
 
+Extra parameters can occur in any order after those described above.
+.RS
+.TP
+.B <extra> : restrict=<uri>
+.RE
+
+.RS
+This extra parameter allows to restrict the application of the corresponding
+constraint only to entries that match the
+.IR base ,
+.I scope
+and
+.I filter
+portions of the LDAP URI.
+The
+.IR base ,
+if present, must be within the naming context of the database.
+The
+.I scope
+is only used when the
+.I base
+is present; it defaults to
+.BR base .
+The other parameters of the URI are not allowed.
+.RE
+
+.LP
 Any attempt to add or modify an attribute named as part of the
 constraint overlay specification which does not fit the 
 constraint listed will fail with a
@@ -64,16 +103,19 @@
 overlay constraint
 constraint_attribute jpegPhoto size 131072
 constraint_attribute userPassword count 3
-constraint_attribute mail regex ^[:alnum:]+ at mydomain.com$
+constraint_attribute mail regex ^[[:alnum:]]+ at mydomain.com$
 constraint_attribute title uri
   ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
+constraint_attribute cn,sn,givenName set
+  "(this/givenName + [ ] + this/sn) & this/cn"
+  restrict="ldap:///ou=People,dc=example,dc=com??sub?(objectClass=inetOrgPerson)"
 .fi
 
+.RE
 A specification like the above would reject any
 .B mail
 attribute which did not look like
-.B
-<alpha-numeric string>@mydomain.com
+.BR "<alpha-numeric string>@mydomain.com" .
 It would also reject any
 .B title
 attribute whose values were not listed in the
@@ -81,13 +123,22 @@
 attribute of any
 .B titleCatalog
 entries in the given scope.
+Finally, it requires the values of the attribute
+.B cn
+to be constructed by pairing values of the attributes
+.B sn
+and 
+.BR givenName ,
+separated by a space, but only for entries derived from the objectClass
+.BR inetOrgPerson .
 .RE
 .SH FILES
 .TP
 ETCDIR/slapd.conf
 default slapd configuration file
 .SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5),
 .SH ACKNOWLEDGEMENTS
 This module was written in 2005 by Neil Dunbar of Hewlett-Packard and subsequently
 extended by Howard Chu and Emmanuel Dreyfus.

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dds.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-DDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 2005-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dds.5,v 1.1.2.4 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dds.5,v 1.1.2.8 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapo-dds \- Dynamic Directory Services overlay to slapd
 .SH SYNOPSIS
@@ -53,8 +53,12 @@
 .B overlay dds
 
 .LP
-The 
+The database must have a
+.B rootdn
+specified, otherwise, the
 .B dds
+overlay will not be able to delete expired objects. The 
+.B dds
 overlay may be used with any backend that implements the 
 .BR add ,
 .BR modify ,
@@ -155,7 +159,7 @@
 the value of the
 .B entryTtl
 attribute with the
-.B manageDIT
+.B relax
 control set.
 
 RFC 2589 recommends that anonymous clients should not be allowed to refresh
@@ -261,6 +265,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd (8).
 .SH AUTHOR
 Implemented by Pierangelo Masarati.

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dyngroup.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-DYNGROUP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dyngroup.5,v 1.2.2.2 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dyngroup.5,v 1.2.2.4 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapo-dyngroup \- Dynamic Group overlay to slapd
 .SH SYNOPSIS
@@ -43,6 +43,7 @@
 ETCDIR/slapd.conf
 default slapd configuration file
 .SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5).
 .SH AUTHOR
 Howard Chu

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-dynlist.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-DYNLIST 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.7.2.4 2008/05/01 21:19:41 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-dynlist.5,v 1.7.2.7 2009/01/30 20:08:05 quanah Exp $
 .SH NAME
 slapo-dynlist \- Dynamic List overlay to slapd
 .SH SYNOPSIS
@@ -50,14 +50,19 @@
 .B overlay
 directive.
 .TP
-.B dynlist-attrset <group-oc> <URL-ad> [[<mapped-ad>:]<member-ad> ...]
+.B dynlist-attrset <group-oc> [<URI>] <URL-ad> [[<mapped-ad>:]<member-ad> ...]
 The value 
-.B <group-oc> 
+.B group-oc
 is the name of the objectClass that triggers the dynamic expansion of the
 data.
 
+The optional
+.B URI
+restricts expansion only to entries matching the \fIDN\fP,
+the \fIscope\fP and the \fIfilter\fP portions of the URI.
+
 The value
-.B <URL-ad>
+.B URL-ad
 is the name of the attributeDescription that contains the URI that is 
 expanded by the overlay; if none is present, no expansion occurs.
 If the intersection of the attributes requested by the search operation 
@@ -66,30 +71,32 @@
 It must be a subtype of \fIlabeledURI\fP.
 
 The value
-.B <member-ad>
+.B member-ad
 is optional; if present, the overlay behaves as a dynamic group: this
 attribute will list the DN of the entries resulting from the internal search.
-In this case, the <attrs> portion of the URI must be absent, and the DNs 
-of all the entries resulting from the expansion of the URI are listed
+In this case, the \fIattrs\fP portion of the URIs in the
+.B URL-ad
+attribute must be absent, and the \fIDN\fPs 
+of all the entries resulting from the expansion of the URIs are listed
 as values of this attribute.
 Compares that assert the value of the
-.B <member-ad>
+.B member-ad
 attribute of entries with 
-.B <group-oc>
+.B group-oc
 objectClass apply as if the DN of the entries resulting from the expansion 
 of the URI were present in the 
-.B <group-oc> 
+.B group-oc 
 entry as values of the
-.B <member-ad>
+.B member-ad
 attribute.
 
 Alternatively, 
-.B <mapped-ad>:<member-ad>
+.B mapped-ad
 can be used to remap attributes obtained through expansion. 
-.B <member-ad>
+.B member-ad
 attributes are not filled by expanded DN, but are remapped as
-.B <mapped-ad> 
-attributes. Multiple mapping statements can be used.
+.B mapped-ad 
+attributes.  Multiple mapping statements can be used.
 
 .LP
 The dynlist overlay may be used with any backend, but it is mainly 
@@ -100,15 +107,26 @@
 
 .SH AUTHORIZATION
 By default the expansions are performed using the identity of the current
-LDAP user. This identity may be overridden by setting the
+LDAP user.
+This identity may be overridden by setting the
 .B dgIdentity
-attribute to the DN of another LDAP user. In that case the dgIdentity
-will be used when expanding the URIs in the object. Setting the dgIdentity
-to a zero-length string will cause the expansions to be performed
-anonymously. Note that the dgIdentity attribute is defined in the
+attribute in the group's entry to the DN of another LDAP user.
+In that case the dgIdentity will be used when expanding the URIs in the object.
+Setting the dgIdentity to a zero-length string will cause the expansions
+to be performed anonymously.
+Note that the dgIdentity attribute is defined in the
 .B dyngroup
 schema, and this schema must be loaded before the dgIdentity
 authorization feature may be used.
+If the
+.B dgAuthz
+attribute is also present in the group's entry, its values are used
+to determine what identities are authorized to use the
+.B dgIdentity
+to expand the group.
+Values of the 
+.B dgAuthz
+attribute must conform to the (experimental) \fIOpenLDAP authz\fP syntax.
 
 .SH EXAMPLE
 This example collects all the email addresses of a database into a single
@@ -174,6 +192,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd (8).
 The
 .BR slapo-dynlist (5)

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-memberof.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-MEMBEROF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-memberof.5,v 1.1.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-memberof.5,v 1.1.2.5 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-memberof \- Reverse Group Membership overlay to slapd
 .SH SYNOPSIS
@@ -113,6 +113,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd (8).
 The
 .BR slapo-memberof (5)

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-pcache.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 .TH SLAPO-PCACHE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.14.2.5 2008/07/08 21:13:31 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-pcache.5,v 1.14.2.9 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-pcache \- proxycache overlay to slapd
 .SH SYNOPSIS
@@ -69,10 +69,29 @@
 .RE
 
 .TP
+.B proxyattrset <index> <attrs...>
+Used to associate a set of attributes <attrs..> with an <index>. Each attribute
+set is associated with an integer from 0 to <numattrsets>-1. These indices are
+used by the \fBproxytemplate\fP directive to define cacheable templates. 
+A set of attributes cannot be empty.  A set of attributes can contain the
+special attributes "*" (all user attributes), "+" (all operational attributes)
+or both; in the latter case, any other attribute is redundant and should
+be avoided for clarity.  A set of attributes can contain "1.1" as the only
+attribute; in this case, only the presence of the entries is cached.
+
+.TP
 .B proxycachequeries <queries>
 Specify the maximum number of queries to cache. The default is 10000.
 
 .TP
+.B proxycheckcacheability { TRUE | FALSE }
+Check whether the results of a query being cached can actually be returned
+from the cache by the proxy DSA.  When enabled, the entries being returned
+while caching the results of a query are checked to ensure consistency
+with the schema known to the proxy DSA.  In case of failure, the query
+is not cached.  By default, the check is off.
+
+.TP
 .B proxysavequeries { TRUE | FALSE }
 Specify whether the cached queries should be saved across restarts
 of the caching proxy, to provide hot startup of the cache.  Only non-expired
@@ -91,17 +110,6 @@
 overlay configuration changed, this feature should not be affected.
 
 .TP
-.B proxyattrset <index> <attrs...>
-Used to associate a set of attributes <attrs..> with an <index>. Each attribute
-set is associated with an integer from 0 to <numattrsets>-1. These indices are
-used by the \fBproxytemplate\fP directive to define cacheable templates. 
-A set of attributes cannot be empty.  A set of attributes can contain the
-special attributes "*" (all user attributes), "+" (all operational attributes)
-or both; in the latter case, any other attribute is redundant and should
-be avoided for clarity.  A set of attributes can contain "1.1" as the only
-attribute; in this case, only the presence of the entries is cached.
-
-.TP
 .B proxytemplate <template_string> <attrset_index> <ttl> [<negttl> [<limitttl>]]
 Specifies a cacheable template and "time to live" <ttl> of queries 
 belonging to the template. An optional <negttl> can be used to specify
@@ -182,6 +190,13 @@
 attribute because the underlying database that actually caches the entries 
 may need it for optimal local processing of the queries.
 
+The proxy server should contain all the schema information required for caching.
+Significantly, it needs the schema of attributes used in the query templates.
+If the objectClass attribute is used in a query template, it needs the definition
+of the objectClasses of the entries it is supposed to cache.
+It is the responsibility of the proxy administrator to keep the proxy schema
+lined up with that of the proxied server.
+
 Another potential (and subtle) inconsistency may occur when data is retrieved 
 with different identities and specific per-identity access control
 is enforced by the remote server.
@@ -226,6 +241,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd\-ldap (5),
 .BR slapd\-meta (5),
 .BR slapd\-sql (5),

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-ppolicy.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.12.2.7 2008/04/24 08:15:34 hyc Exp $
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.TH SLAPO_PPOLICY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-ppolicy.5,v 1.12.2.10 2009/01/30 20:13:42 quanah Exp $
 .SH NAME
 slapo-ppolicy \- Password Policy overlay to slapd
 .SH SYNOPSIS
@@ -742,6 +742,7 @@
 .SH SEE ALSO
 .BR ldap (3),
 .BR slapd.conf (5),
+.BR slapd\-config (5).
 .LP
 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
 .LP

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-refint.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-REFINT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.5.2.5 2008/05/27 20:18:19 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-refint.5,v 1.5.2.7 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-refint \- Referential Integrity overlay to slapd
 .SH SYNOPSIS
@@ -61,6 +61,7 @@
 ETCDIR/slapd.conf
 default slapd configuration file
 .SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5).
 .SH ACKNOWLEDGEMENTS
 .so ../Project

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-retcode.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 .TH SLAPO-RETCODE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.9.2.4 2008/07/12 05:49:03 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-retcode.5,v 1.9.2.8 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-retcode \- return code overlay to slapd
 .SH SYNOPSIS
@@ -227,6 +227,8 @@
 .nf
 overlay         retcode
 retcode-parent  "ou=RetCodes,dc=example,dc=com"
+
+# retcode.conf is found in tests/data/ of the source tree
 include         ./retcode.conf
 
 # Wait 10 seconds, then return success (0x00)
@@ -244,7 +246,12 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
-.BR slapd (8),
+.BR slapd\-config (5),
+.BR slapd (8).
+The
+.BR slapo-retcode (5)
+overlay supports dynamic configuration via
+.BR back-config .
 .SH ACKNOWLEDGEMENTS
 .P
 This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-rwm.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 .TH SLAPO-RWM 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 1998-2008 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation, All Rights Reserved.
 .\" Copying restrictions apply.  See the COPYRIGHT file.
 .\" Copyright 2004, Pierangelo Masarati, All rights reserved. <ando at sys-net.it>
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.14.2.5 2008/05/19 23:44:27 quanah Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-rwm.5,v 1.14.2.8 2009/01/30 20:08:06 quanah Exp $
 .\"
 .\" Portions of this document should probably be moved to slapd-ldap(5)
 .\" and maybe manual pages for librewrite.
@@ -355,8 +355,9 @@
 modifyAttrDN         modify AVA (DN portion of "ref" excluded)
 referralAttrDN       add/modify DN portion of referrals
                      (default to none)
-modrDN               modrdn
-newSuperiorDN        modrdn
+renameDN             modrdn (the old DN)
+newSuperiorDN        modrdn (the new parent DN, if any)
+newRDN               modrdn (the new relative DN)
 deleteDN             delete
 exopPasswdDN         password modify extended operation DN
 .fi
@@ -649,6 +650,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd\-ldap (5),
 .BR slapd\-meta (5),
 .BR slapd\-relay (5),

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-syncprov.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-SYNCPROV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.9.2.4 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-syncprov.5,v 1.9.2.7 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-syncprov \- Sync Provider overlay to slapd
 .SH SYNOPSIS
@@ -41,8 +41,8 @@
 since the last checkpoint. Checkpointing is disabled by default.
 .TP
 .B syncprov-sessionlog <ops>
-Specify a session log for recording information about write operations made
-on the database.  The
+Configures an in-memory session log for recording information about write
+operations made on the database.  The
 .B <ops>
 specifies the number of operations that are recorded in the log. All write
 operations (except Adds) are recorded in the log.
@@ -68,6 +68,7 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapo-accesslog (5).
 OpenLDAP Administrator's Guide.
 .SH ACKNOWLEDGEMENTS

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-translucent.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-TRANSLUCENT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.4.2.4 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-translucent.5,v 1.4.2.9 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-translucent \- Translucent Proxy overlay to slapd
 .SH SYNOPSIS
@@ -31,15 +31,19 @@
 database record (if any) before any comparison is made with data in the
 remote database.
 .SH CONFIGURATION
-The Translucent Proxy overlay uses a remote LDAP server which is configured
-with the options shown in
-.BR slapd-ldap (5).
+The Translucent Proxy overlay uses a proxied database,
+typically a (set of) remote LDAP server(s), which is configured with the options shown in
+.BR slapd-ldap (5),
+.BR slapd-meta (5)
+or similar.
 These
 .B slapd.conf
 options are specific to the Translucent Proxy overlay; they must appear 
 after the
 .B overlay
-directive.
+directive that instantiates the
+.B translucent
+overlay.
 .TP
 .B translucent_strict
 By default, attempts to delete attributes in either the local or remote
@@ -83,6 +87,33 @@
 the local and remote entries corresponding to a search result will be merged
 before being returned to the client.
 
+.TP
+.B translucent_bind_local 
+Enable looking for locally stored credentials for simple bind when binding
+to the remote database fails.  Disabled by default.
+
+.TP
+.B translucent_pwmod_local
+Enable RFC 3062 Password Modification extended operation on locally stored
+credentials.  The operation only applies to entries that exist in the remote
+database.  Disabled by default.
+
+.SH ACCESS CONTROL
+Access control is delegated to either the remote DSA(s) or to the local database
+backend for
+.B auth
+and
+.B write
+operations.
+It is delegated to the remote DSA(s) and to the frontend for
+.B read
+operations.
+Local access rules involving data returned by the remote DSA(s) should be designed
+with care.  In fact, entries are returned by the remote DSA(s) only based on the
+remote fraction of the data, based on the identity the operation is performed as.
+As a consequence, local rules might only be allowed to see a portion
+of the remote data.
+
 .SH CAVEATS
 .LP
 The Translucent Proxy overlay will disable schema checking in the local database,
@@ -98,4 +129,5 @@
 default slapd configuration file
 .SH SEE ALSO
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd-ldap (5).

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-unique.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-UNIQUE 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.6.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-unique.5,v 1.6.2.5 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-unique \- Attribute Uniqueness overlay to slapd
 .SH SYNOPSIS
@@ -150,4 +150,5 @@
 ETCDIR/slapd.conf
 default slapd configuration file
 .SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5).

Modified: openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5
===================================================================
--- openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man5/slapo-valsort.5	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPO-VALSORT 5 "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2005-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2005-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.4.2.3 2008/02/11 23:26:40 kurt Exp $
+.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapo-valsort.5,v 1.4.2.5 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slapo-valsort \- Value Sorting overlay to slapd
 .SH SYNOPSIS
@@ -68,7 +68,8 @@
 \fIETCDIR/slapd.conf\fP
 default \fBslapd\fP configuration file
 .SH SEE ALSO
-.BR slapd.conf (5).
+.BR slapd.conf (5),
+.BR slapd\-config (5).
 .SH ACKNOWLEDGEMENTS
 .P
 This module was written in 2005 by Howard Chu of Symas Corporation. The

Modified: openldap/vendor/openldap-release/doc/man/man8/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # man8 Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/doc/man/man8/Makefile.in,v 1.11.2.3 2008/02/11 23:26:40 kurt Exp $
+# $OpenLDAP: pkg/ldap/doc/man/man8/Makefile.in,v 1.11.2.4 2009/01/22 00:00:50 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/doc/man/man8/slapacl.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapacl.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapacl.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
 .TH SLAPACL 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapacl.8,v 1.8.2.10 2009/02/04 18:53:59 quanah Exp $
 .SH NAME
 slapacl \- Check access to a list of attributes.
 .SH SYNOPSIS
@@ -18,14 +19,18 @@
 .LP
 .SH DESCRIPTION
 .LP
-.B Slapacl
-is used to check the behavior of the slapd in verifying access to data
-according to ACLs, as specified in 
-.BR slapd.access (5).
+.B slapacl
+is used to check the behavior of 
+.BR slapd (8) 
+by verifying access to directory data according to the access control list
+directives defined in its configuration.
+.
 It opens the
 .BR slapd.conf (5)
-configuration file, reads in the 
-.B access
+configuration file or the 
+.BR slapd-config (5) 
+backend, reads in the  
+.B access/olcAccess
 directives, and then parses the 
 .B attr
 list given on the command-line; if none is given, access to the
@@ -156,7 +161,7 @@
 .LP
 .nf
 .ft tt
-	SBINDIR/slapacl -f /ETCDIR/slapd.conf -v \\
+	SBINDIR/slapacl -f ETCDIR/slapd.conf -v \\
             -U bjorn -b "o=University of Michigan,c=US" \\
 	    "o/read:University of Michigan"
 

Modified: openldap/vendor/openldap-release/doc/man/man8/slapadd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapadd.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapadd.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPADD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.34.2.8 2008/02/11 23:26:40 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapadd.8,v 1.34.2.11 2009/01/30 19:47:21 quanah Exp $
 .SH NAME
 slapadd \- Add entries to a SLAPD database
 .SH SYNOPSIS
@@ -108,6 +108,12 @@
 cannot be used in conjunction with the
 .B \-b
 option.
+To populate the config database
+.BR slapd-config (5),
+use 
+.B \-n 0
+as it is always the first database. It must physically exist
+on the filesystem prior to this, however.
 .TP
 .BI \-o " option[=value]"
 Specify an

Modified: openldap/vendor/openldap-release/doc/man/man8/slapauth.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapauth.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapauth.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
 .TH SLAPAUTH 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapauth.8,v 1.6.2.9 2009/01/30 19:34:31 quanah Exp $
 .SH NAME
 slapauth \- Check a list of string-represented IDs for LDAP authc/authz
 .SH SYNOPSIS
@@ -24,10 +25,12 @@
 .BR slapd.conf (5).
 It opens the
 .BR slapd.conf (5)
-configuration file, reads in the 
-.B authz-policy
+configuration file or the 
+.BR slapd-config (5) 
+backend, reads in the 
+.B authz-policy/olcAuthzPolicy
 and
-.B authz-regexp
+.B authz-regexp/olcAuthzRegexp
 directives, and then parses the 
 .B ID
 list given on the command-line.

Modified: openldap/vendor/openldap-release/doc/man/man8/slapcat.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapcat.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapcat.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPCAT 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.28.2.7 2008/02/11 23:26:40 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapcat.8,v 1.28.2.10 2009/01/30 19:47:21 quanah Exp $
 .SH NAME
 slapcat \- SLAPD database to LDIF utility
 .SH SYNOPSIS
@@ -103,7 +103,12 @@
 .TP
 .BI \-n " dbnum"
 Generate output for the \fIdbnum\fR\-th database listed in the
-configuration file.  The
+configuration file. The config database
+.BR slapd-config (5),
+is always the first database, so use
+.B \-n 0
+
+The
 .B \-n
 cannot be used in conjunction with the
 .B \-b

Modified: openldap/vendor/openldap-release/doc/man/man8/slapd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapd.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapd.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.64.2.6 2008/02/11 23:26:40 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
-.TH SLAPD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapd.8,v 1.64.2.10 2009/02/02 22:39:08 quanah Exp $
 .SH NAME
 slapd \- Stand-alone LDAP Daemon
 .SH SYNOPSIS
@@ -215,22 +215,34 @@
 .TP
 .BI \-c " cookie"
 This option provides a cookie for the syncrepl replication consumer.
-The cookie is a comma separated list of name=value pairs.
+The cookie is a comma separated list of \fIname=value\fP pairs.
 Currently supported syncrepl cookie fields are
-.B rid
+.BR rid ,
+.BR sid ,
 and
-.B csn.
+.BR csn .
 .B rid
 identifies a replication thread within the consumer server
 and is used to find the syncrepl specification in 
 .BR slapd.conf (5)
+or
+.BR slapd-config (5)
 having the matching replication identifier in its definition. The
 .B rid
 must be provided in order for any other specified values to be used.
+.B sid
+is the server id in a multi-master/mirror-mode configuration.
 .B csn
 is the commit sequence number received by a previous synchronization
 and represents the state of the consumer replica content which the
 syncrepl engine will synchronize to the current provider content.
+In case of \fImirror-mode\fP or \fImulti-master\fP replication agreement,
+multiple
+.B csn
+values, semicolon separated, can appear.
+Use only the 
+.B rid
+part to force a full reload.
 .TP
 .BI \-o " option[=value]"
 This option provides a generic means to specify options without the need to reserve
@@ -289,6 +301,7 @@
 .SH "SEE ALSO"
 .BR ldap (3),
 .BR slapd.conf (5),
+.BR slapd\-config (5),
 .BR slapd.access (5),
 .BR slapacl (8),
 .BR slapadd (8),

Modified: openldap/vendor/openldap-release/doc/man/man8/slapdn.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapdn.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapdn.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
 .TH SLAPDN 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapdn.8,v 1.6.2.9 2009/01/30 19:34:31 quanah Exp $
 .SH NAME
 slapdn \- Check a list of string-represented LDAP DNs based on schema syntax
 .SH SYNOPSIS
@@ -23,7 +24,7 @@
 .BR slapd.conf (5).
 It opens the
 .BR slapd.conf (5)
-configuration file, reads in the schema definitions, and then
+configuration file or the slapd-config (5) backend, reads in the schema definitions, and then
 parses the 
 .B DN
 list given on the command-line.

Modified: openldap/vendor/openldap-release/doc/man/man8/slapindex.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slapindex.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slapindex.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPINDEX 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.19.2.10 2008/02/11 23:26:40 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slapindex.8,v 1.19.2.13 2009/01/30 19:47:21 quanah Exp $
 .SH NAME
 slapindex \- Reindex entries in a SLAPD database
 .SH SYNOPSIS
@@ -92,7 +92,12 @@
 .TP
 .BI \-n " dbnum"
 Generate output for the \fIdbnum\fR\-th database listed in the
-configuration file.  The
+configuration file. The config database
+.BR slapd-config (5),
+is always the first database, so use
+.B \-n 0
+
+The
 .B \-n
 cannot be used in conjunction with the
 .B \-b

Modified: openldap/vendor/openldap-release/doc/man/man8/slappasswd.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slappasswd.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slappasswd.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 .TH SLAPPASSWD 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.21.2.5 2008/02/11 23:26:40 kurt Exp $
-.\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slappasswd.8,v 1.21.2.9 2009/01/30 20:08:06 quanah Exp $
 .SH NAME
 slappasswd \- OpenLDAP password utility
 .SH SYNOPSIS
@@ -19,11 +19,14 @@
 .B Slappasswd
 is used to generate an userPassword value
 suitable for use with
-.BR ldapmodify (1)
-or
+.BR ldapmodify (1),
 .BR slapd.conf (5)
 .I rootpw
+configuration directive or the 
+.BR slapd-config (5) 
+.I olcRootPW
 configuration directive.
+.
 .SH OPTIONS
 .TP
 .B \-v
@@ -157,8 +160,9 @@
 .SH "SEE ALSO"
 .BR ldappasswd (1),
 .BR ldapmodify (1),
-.BR slapd (8)
-.BR slapd.conf (5)
+.BR slapd (8),
+.BR slapd.conf (5),
+.BR slapd\-config (5),
 .B RFC 2307
 .B RFC 4519
 .B RFC 3112

Modified: openldap/vendor/openldap-release/doc/man/man8/slaptest.8
===================================================================
--- openldap/vendor/openldap-release/doc/man/man8/slaptest.8	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/doc/man/man8/slaptest.8	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
 .TH SLAPTEST 8C "RELEASEDATE" "OpenLDAP LDVERSION"
-.\" Copyright 2004-2008 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP: pkg/ldap/doc/man/man8/slaptest.8,v 1.7.2.9 2009/01/30 19:34:31 quanah Exp $
 .SH NAME
 slaptest \- Check the suitability of the OpenLDAP slapd.conf file
 .SH SYNOPSIS
@@ -21,8 +22,10 @@
 configuration file.
 It opens the
 .BR slapd.conf (5)
-configuration file, and parses it according to the general 
-and the backend-specific rules, checking its sanity.
+configuration file or the 
+.BR slapd-config (5) 
+backend, and parses it according to the general and the backend-specific 
+rules, checking its sanity.
 .LP
 .SH OPTIONS
 .TP

Modified: openldap/vendor/openldap-release/include/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/include/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # include Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/include/Makefile.in,v 1.33.2.3 2008/02/11 23:26:40 kurt Exp $
+# $OpenLDAP: pkg/ldap/include/Makefile.in,v 1.33.2.4 2009/01/22 00:00:51 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/alloca.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/alloca.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/alloca.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic alloca.h */
-/* $OpenLDAP: pkg/ldap/include/ac/alloca.h,v 1.18.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/alloca.h,v 1.18.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/assert.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/assert.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/assert.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic assert.h */
-/* $OpenLDAP: pkg/ldap/include/ac/assert.h,v 1.21.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/assert.h,v 1.21.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/bytes.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/bytes.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/bytes.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic bytes.h */
-/* $OpenLDAP: pkg/ldap/include/ac/bytes.h,v 1.20.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/bytes.h,v 1.20.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/crypt.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/crypt.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/crypt.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic crypt.h */
-/* $OpenLDAP: pkg/ldap/include/ac/crypt.h,v 1.10.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/crypt.h,v 1.10.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/ctype.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/ctype.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/ctype.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic ctype.h */
-/* $OpenLDAP: pkg/ldap/include/ac/ctype.h,v 1.16.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/ctype.h,v 1.16.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/dirent.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/dirent.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/dirent.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic dirent.h */
-/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.14.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/dirent.h,v 1.14.2.5 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/errno.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/errno.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/errno.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic errno.h */
-/* $OpenLDAP: pkg/ldap/include/ac/errno.h,v 1.30.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/errno.h,v 1.30.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/fdset.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/fdset.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/fdset.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* redefine FD_SET */
-/* $OpenLDAP: pkg/ldap/include/ac/fdset.h,v 1.5.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/fdset.h,v 1.5.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/localize.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/localize.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/localize.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* localize.h (i18n/l10n) */
-/* $OpenLDAP: pkg/ldap/include/ac/localize.h,v 1.7.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/localize.h,v 1.7.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/param.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/param.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/param.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic param.h */
-/* $OpenLDAP: pkg/ldap/include/ac/param.h,v 1.13.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/param.h,v 1.13.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/regex.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/regex.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/regex.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic Regex */
-/* $OpenLDAP: pkg/ldap/include/ac/regex.h,v 1.17.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/regex.h,v 1.17.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/setproctitle.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/setproctitle.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/setproctitle.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic setproctitle.h */
-/* $OpenLDAP: pkg/ldap/include/ac/setproctitle.h,v 1.21.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/setproctitle.h,v 1.21.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/signal.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/signal.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/signal.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic signal.h */
-/* $OpenLDAP: pkg/ldap/include/ac/signal.h,v 1.25.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/signal.h,v 1.25.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/socket.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/socket.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/socket.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic socket.h */
-/* $OpenLDAP: pkg/ldap/include/ac/socket.h,v 1.67.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/socket.h,v 1.67.2.5 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/stdarg.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/stdarg.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/stdarg.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic stdarg.h */
-/* $OpenLDAP: pkg/ldap/include/ac/stdarg.h,v 1.19.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/stdarg.h,v 1.19.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/stdlib.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/stdlib.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/stdlib.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic stdlib.h */
-/* $OpenLDAP: pkg/ldap/include/ac/stdlib.h,v 1.19.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/stdlib.h,v 1.19.2.5 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/string.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/string.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/string.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic string.h */
-/* $OpenLDAP: pkg/ldap/include/ac/string.h,v 1.51.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/string.h,v 1.51.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/sysexits.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/sysexits.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/sysexits.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic sysexits */
-/* $OpenLDAP: pkg/ldap/include/ac/sysexits.h,v 1.12.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/sysexits.h,v 1.12.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/syslog.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/syslog.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/syslog.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic syslog.h */
-/* $OpenLDAP: pkg/ldap/include/ac/syslog.h,v 1.17.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/syslog.h,v 1.17.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/termios.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/termios.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/termios.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic termios.h */
-/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.18.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/termios.h,v 1.18.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/time.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/time.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/time.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic time.h */
-/* $OpenLDAP: pkg/ldap/include/ac/time.h,v 1.18.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/time.h,v 1.18.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/unistd.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/unistd.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/unistd.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic unistd.h */
-/* $OpenLDAP: pkg/ldap/include/ac/unistd.h,v 1.37.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/unistd.h,v 1.37.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ac/wait.h
===================================================================
--- openldap/vendor/openldap-release/include/ac/wait.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ac/wait.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* Generic wait.h */
-/* $OpenLDAP: pkg/ldap/include/ac/wait.h,v 1.16.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ac/wait.h,v 1.16.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/avl.h
===================================================================
--- openldap/vendor/openldap-release/include/avl.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/avl.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* avl.h - avl tree definitions */
-/* $OpenLDAP: pkg/ldap/include/avl.h,v 1.29.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/avl.h,v 1.29.2.5 2009/01/22 00:00:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/getopt-compat.h
===================================================================
--- openldap/vendor/openldap-release/include/getopt-compat.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/getopt-compat.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* getopt-compat.h -- getopt(3) compatibility header */
-/* $OpenLDAP: pkg/ldap/include/getopt-compat.h,v 1.19.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/getopt-compat.h,v 1.19.2.4 2009/01/22 00:00:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lber.h
===================================================================
--- openldap/vendor/openldap-release/include/lber.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lber.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.99.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber.h,v 1.99.2.5 2009/01/22 00:00:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lber_pvt.h
===================================================================
--- openldap/vendor/openldap-release/include/lber_pvt.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lber_pvt.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lber_pvt.h,v 1.35.2.5 2008/03/21 00:43:00 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber_pvt.h,v 1.35.2.6 2009/01/22 00:00:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lber_types.hin
===================================================================
--- openldap/vendor/openldap-release/include/lber_types.hin	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lber_types.hin	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lber_types.hin,v 1.3.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lber_types.hin,v 1.3.2.4 2009/01/22 00:00:51 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.312.2.10 2008/07/09 00:29:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap.h,v 1.312.2.18 2009/01/26 23:29:53 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -108,6 +108,17 @@
 #define LDAP_OPT_ERROR_STRING			LDAP_OPT_DIAGNOSTIC_MESSAGE
 #define LDAP_OPT_MATCHED_DN			0x0033
 /* 0x0034 - 0x3fff not defined */
+/* 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT */
+#define LDAP_OPT_SSPI_FLAGS			0x0092
+/* 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO */
+/* 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG */
+#define LDAP_OPT_SIGN				0x0095
+#define LDAP_OPT_ENCRYPT			0x0096
+#define LDAP_OPT_SASL_METHOD			0x0097
+/* 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE */
+#define LDAP_OPT_SECURITY_CONTEXT		0x0099
+/* 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE */
+/* 0x009B - 0x3fff not defined */
 
 /* API Extensions */
 #define LDAP_OPT_API_EXTENSION_BASE 0x4000  /* API extensions */
@@ -123,19 +134,20 @@
 #define LDAP_OPT_SOCKBUF            0x5008  /* sockbuf */
 #define LDAP_OPT_DEFBASE		0x5009	/* searchbase */
 #define	LDAP_OPT_CONNECT_ASYNC		0x5010	/* create connections asynchronously */
+#define	LDAP_OPT_CONNECT_CB			0x5011	/* connection callbacks */
 
 /* OpenLDAP TLS options */
 #define LDAP_OPT_X_TLS				0x6000
-#define LDAP_OPT_X_TLS_CTX			0x6001	/* OpenSSL CTX */
+#define LDAP_OPT_X_TLS_CTX			0x6001	/* OpenSSL CTX* */
 #define LDAP_OPT_X_TLS_CACERTFILE	0x6002
 #define LDAP_OPT_X_TLS_CACERTDIR	0x6003
 #define LDAP_OPT_X_TLS_CERTFILE		0x6004
 #define LDAP_OPT_X_TLS_KEYFILE		0x6005
 #define LDAP_OPT_X_TLS_REQUIRE_CERT	0x6006
-/* #define LDAP_OPT_X_TLS_PROTOCOL		0x6007 */
+#define LDAP_OPT_X_TLS_PROTOCOL_MIN	0x6007
 #define LDAP_OPT_X_TLS_CIPHER_SUITE	0x6008
 #define LDAP_OPT_X_TLS_RANDOM_FILE	0x6009
-#define LDAP_OPT_X_TLS_SSL_CTX		0x600a
+#define LDAP_OPT_X_TLS_SSL_CTX		0x600a	/* OpenSSL SSL* */
 #define LDAP_OPT_X_TLS_CRLCHECK		0x600b
 #define LDAP_OPT_X_TLS_CONNECT_CB	0x600c
 #define LDAP_OPT_X_TLS_CONNECT_ARG	0x600d
@@ -153,6 +165,14 @@
 #define LDAP_OPT_X_TLS_CRL_PEER	1
 #define LDAP_OPT_X_TLS_CRL_ALL	2
 
+/* for LDAP_OPT_X_TLS_PROTOCOL_MIN */
+#define LDAP_OPT_X_TLS_PROTOCOL(maj,min)	(((maj) << 8) + (min))
+#define LDAP_OPT_X_TLS_PROTOCOL_SSL2		(2 << 8)
+#define LDAP_OPT_X_TLS_PROTOCOL_SSL3		(3 << 8)
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_0		((3 << 8) + 1)
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_1		((3 << 8) + 2)
+#define LDAP_OPT_X_TLS_PROTOCOL_TLS1_2		((3 << 8) + 3)
+
 /* OpenLDAP SASL options */
 #define LDAP_OPT_X_SASL_MECH			0x6100
 #define LDAP_OPT_X_SASL_REALM			0x6101
@@ -163,8 +183,15 @@
 #define LDAP_OPT_X_SASL_SECPROPS		0x6106 /* write-only */
 #define LDAP_OPT_X_SASL_SSF_MIN			0x6107
 #define LDAP_OPT_X_SASL_SSF_MAX			0x6108
-#define	LDAP_OPT_X_SASL_MAXBUFSIZE		0x6109
+#define LDAP_OPT_X_SASL_MAXBUFSIZE		0x6109
+#define LDAP_OPT_X_SASL_MECHLIST		0x610a /* read-only */
+#define LDAP_OPT_X_SASL_NOCANON			0x610b
 
+/* OpenLDAP GSSAPI options */
+#define LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT      0x6200
+#define LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL   0x6201
+
+
 /* Private API Extensions -- reserved for application use */
 #define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x7000  /* Private API inclusive */
 
@@ -270,8 +297,9 @@
 #define LDAP_CONTROL_SLURP				"1.3.6.1.4.1.4203.666.5.13"
 #define LDAP_CONTROL_VALSORT			"1.3.6.1.4.1.4203.666.5.14"
 #define LDAP_CONTROL_DONTUSECOPY		"1.3.6.1.4.1.4203.666.5.15"
+#define	LDAP_CONTROL_X_DEREF			"1.3.6.1.4.1.4203.666.5.16"
+#define	LDAP_CONTROL_X_WHATFAILED		"1.3.6.1.4.1.4203.666.5.17"
 
-
 /* LDAP Chaining Behavior Control *//* work in progress */
 /* <draft-sermersheim-ldap-chaining>;
  * see also LDAP_NO_REFERRALS_FOUND, LDAP_CANNOT_CHAIN */
@@ -480,6 +508,8 @@
 #define LDAP_AUTH_KRBV41 ((ber_tag_t) 0x81U) /* context specific + primitive */
 #define LDAP_AUTH_KRBV42 ((ber_tag_t) 0x82U) /* context specific + primitive */
 
+/* used by the Windows API but not used on the wire */
+#define LDAP_AUTH_NEGOTIATE ((ber_tag_t) 0x04FFU)
 
 /* filter types */
 #define LDAP_FILTER_AND	((ber_tag_t) 0xa0U)	/* context specific + constructed */
@@ -882,6 +912,27 @@
  */
 
 /*
+ * Connection callbacks...
+ */
+struct ldap_conncb;
+struct sockaddr;
+
+/* Called after a connection is established */
+typedef int (ldap_conn_add_f) LDAP_P(( LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, struct sockaddr *addr,
+	struct ldap_conncb *ctx ));
+/* Called before a connection is closed */
+typedef void (ldap_conn_del_f) LDAP_P(( LDAP *ld, Sockbuf *sb, struct ldap_conncb *ctx ));
+
+/* Callbacks are pushed on a stack. Last one pushed is first one executed. The
+ * delete callback is called with a NULL Sockbuf just before freeing the LDAP handle.
+ */
+typedef struct ldap_conncb {
+	ldap_conn_add_f *lc_add;
+	ldap_conn_del_f *lc_del;
+	void *lc_arg;
+} ldap_conncb;
+
+/*
  * The API draft spec says we should declare (or cause to be declared)
  * 'struct timeval'.   We don't.  See IETF LDAPext discussions.
  */
@@ -2359,5 +2410,56 @@
 	int		iscritical,
 	LDAPControl	**ctrlp ));
 
+/*
+ * in deref.c
+ */
+
+typedef struct LDAPDerefSpec {
+	char *derefAttr;
+	char **attributes;
+} LDAPDerefSpec;
+
+typedef struct LDAPDerefVal {
+	char *type;
+	BerVarray vals;
+	struct LDAPDerefVal *next;
+} LDAPDerefVal;
+
+typedef struct LDAPDerefRes {
+	char *derefAttr;
+	struct berval derefVal;
+	LDAPDerefVal *attrVals;
+	struct LDAPDerefRes *next;
+} LDAPDerefRes;
+
+LDAP_F( int )
+ldap_create_deref_control_value LDAP_P((
+	LDAP *ld,
+	LDAPDerefSpec *ds,
+	struct berval *value ));
+
+LDAP_F( int )
+ldap_create_deref_control LDAP_P((
+	LDAP		*ld,
+	LDAPDerefSpec	*ds,
+	int		iscritical,
+	LDAPControl	**ctrlp ));
+
+LDAP_F( void )
+ldap_derefresponse_free LDAP_P((
+	LDAPDerefRes *dr ));
+
+LDAP_F( int )
+ldap_parse_derefresponse_control LDAP_P((
+	LDAP *ld,
+	LDAPControl *ctrl,
+	LDAPDerefRes **drp ));
+
+LDAP_F( int )
+ldap_parse_deref_control LDAP_P((
+	LDAP		*ld,
+	LDAPControl	**ctrls,
+	LDAPDerefRes	**drp ));
+
 LDAP_END_DECL
 #endif /* _LDAP_H */

Modified: openldap/vendor/openldap-release/include/ldap_cdefs.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_cdefs.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_cdefs.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_cdefs.h,v 1.29.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_cdefs.h,v 1.29.2.5 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_config.hin
===================================================================
--- openldap/vendor/openldap-release/include/ldap_config.hin	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_config.hin	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_config.hin,v 1.3.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_config.hin,v 1.3.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_defaults.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_defaults.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_defaults.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_defaults.h,v 1.33.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_defaults.h,v 1.33.2.5 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_features.hin
===================================================================
--- openldap/vendor/openldap-release/include/ldap_features.hin	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_features.hin	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_features.hin,v 1.3.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_features.hin,v 1.3.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_int_thread.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_int_thread.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_int_thread.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldap_int_thread.h - ldap internal thread wrappers header file */
-/* $OpenLDAP: pkg/ldap/include/ldap_int_thread.h,v 1.20.2.5 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_int_thread.h,v 1.20.2.7 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -80,7 +80,7 @@
 
 #if defined( HAVE_MACH_CTHREADS_H )
 #	include <mach/cthreads.h>
-#elif defined( HAVE_CTHREAD_H
+#elif defined( HAVE_CTHREADS_H )
 #	include <cthreads.h>
 #endif
 

Modified: openldap/vendor/openldap-release/include/ldap_log.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_log.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_log.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_log.h,v 1.40.2.5 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_log.h,v 1.40.2.6 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_pvt.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_pvt.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt.h,v 1.91.2.6 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt.h,v 1.91.2.9 2009/02/02 22:53:14 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -21,6 +21,7 @@
 #define _LDAP_PVT_H 1
 
 #include <lber.h>				/* get ber_slen_t */
+#include <lber_pvt.h>				/* get Sockbuf_Buf */
 
 LDAP_BEGIN_DECL
 
@@ -217,12 +218,52 @@
 LDAP_F (int) ldap_pvt_sasl_mutex_lock LDAP_P((void *mutex));
 LDAP_F (int) ldap_pvt_sasl_mutex_unlock LDAP_P((void *mutex));
 LDAP_F (void) ldap_pvt_sasl_mutex_dispose LDAP_P((void *mutex));
+#endif /* HAVE_CYRUS_SASL */
 
 struct sockbuf; /* avoid pulling in <lber.h> */
 LDAP_F (int) ldap_pvt_sasl_install LDAP_P(( struct sockbuf *, void * ));
 LDAP_F (void) ldap_pvt_sasl_remove LDAP_P(( struct sockbuf * ));
-#endif /* HAVE_CYRUS_SASL */
 
+/*
+ * SASL encryption support for LBER Sockbufs
+ */
+
+struct sb_sasl_generic_data;
+
+struct sb_sasl_generic_ops {
+	void (*init)(struct sb_sasl_generic_data *p,
+		     ber_len_t *min_send,
+		     ber_len_t *max_send,
+		     ber_len_t *max_recv);
+	ber_int_t (*encode)(struct sb_sasl_generic_data *p,
+			    unsigned char *buf,
+			    ber_len_t len,
+			    Sockbuf_Buf *dst);
+	ber_int_t (*decode)(struct sb_sasl_generic_data *p,
+			    const Sockbuf_Buf *src,
+			    Sockbuf_Buf *dst);
+	void (*reset_buf)(struct sb_sasl_generic_data *p,
+			  Sockbuf_Buf *buf);
+	void (*fini)(struct sb_sasl_generic_data *p);
+};
+
+struct sb_sasl_generic_install {
+	const struct sb_sasl_generic_ops 	*ops;
+	void					*ops_private;
+};
+
+struct sb_sasl_generic_data {
+	const struct sb_sasl_generic_ops 	*ops;
+	void					*ops_private;
+	Sockbuf_IO_Desc				*sbiod;
+	ber_len_t				min_send;
+	ber_len_t				max_send;
+	ber_len_t				max_recv;
+	Sockbuf_Buf				sec_buf_in;
+	Sockbuf_Buf				buf_in;
+	Sockbuf_Buf				buf_out;
+};
+ 
 #ifndef LDAP_PVT_SASL_LOCAL_SSF
 #define LDAP_PVT_SASL_LOCAL_SSF	71	/* SSF for Unix Domain Sockets */
 #endif /* ! LDAP_PVT_SASL_LOCAL_SSF */
@@ -263,6 +304,34 @@
 ldap_bv2escaped_filter_value_x LDAP_P(( struct berval *in, struct berval *out,
 	int inplace, void *ctx ));
 
+LDAP_F (int) ldap_pvt_search LDAP_P((
+	struct ldap *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	struct ldapcontrol **sctrls,
+	struct ldapcontrol **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	int *msgidp ));
+
+LDAP_F(int) ldap_pvt_search_s LDAP_P((
+	struct ldap *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	struct ldapcontrol **sctrls,
+	struct ldapcontrol **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	struct ldapmsg **res ));
+
 /* string.c */
 LDAP_F( char * )
 ldap_pvt_str2upper LDAP_P(( char *str ));

Modified: openldap/vendor/openldap-release/include/ldap_pvt_thread.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt_thread.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_pvt_thread.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldap_pvt_thread.h - ldap threads header file */
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.51.2.10 2008/03/21 00:46:03 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_thread.h,v 1.51.2.12 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  * 
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -59,12 +59,12 @@
 
 #ifndef LDAP_PVT_THREAD_H_DONE
 #define	LDAP_PVT_THREAD_SET_STACK_SIZE
-#ifndef LDAP_PVT_THREAD_STACK_SIZE
+/* The size may be explicitly #defined to zero to disable it. */
+#if defined( LDAP_PVT_THREAD_STACK_SIZE ) && LDAP_PVT_THREAD_STACK_SIZE == 0
+#	undef LDAP_PVT_THREAD_SET_STACK_SIZE
+#elif !defined( LDAP_PVT_THREAD_STACK_SIZE )
 	/* LARGE stack. Will be twice as large on 64 bit machine. */
-#define LDAP_PVT_THREAD_STACK_SIZE	( 1 * 1024 * 1024 * sizeof(void *) )
-/* May be explicitly defined to zero to disable it */
-#elif LDAP_PVT_THREAD_STACK_SIZE == 0
-#undef LDAP_PVT_THREAD_SET_STACK_SIZE
+#	define LDAP_PVT_THREAD_STACK_SIZE ( 1 * 1024 * 1024 * sizeof(void *) )
 #endif
 #endif /* !LDAP_PVT_THREAD_H_DONE */
 

Modified: openldap/vendor/openldap-release/include/ldap_pvt_uc.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_pvt_uc.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_pvt_uc.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_pvt_uc.h,v 1.31.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_pvt_uc.h,v 1.31.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_queue.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_queue.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_queue.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldap_queue.h -- queue macros */
-/* $OpenLDAP: pkg/ldap/include/ldap_queue.h,v 1.13.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_queue.h,v 1.13.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_rq.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_rq.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_rq.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_rq.h,v 1.14.2.4 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_rq.h,v 1.14.2.5 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_schema.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_schema.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_schema.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_schema.h,v 1.36.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_schema.h,v 1.36.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldap_utf8.h
===================================================================
--- openldap/vendor/openldap-release/include/ldap_utf8.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldap_utf8.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldap_utf8.h,v 1.13.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldap_utf8.h,v 1.13.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/ldif.h
===================================================================
--- openldap/vendor/openldap-release/include/ldif.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/ldif.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/ldif.h,v 1.31.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/ldif.h,v 1.31.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lutil.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.63.2.5 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil.h,v 1.63.2.7 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -195,6 +195,9 @@
 LDAP_LUTIL_F( char* )
 lutil_strncopy LDAP_P(( char *dst, const char *src, size_t n ));
 
+LDAP_LUTIL_F( char* )
+lutil_memcopy LDAP_P(( char *dst, const char *src, size_t n ));
+
 struct tm;
 
 /* use this macro to statically allocate buffer for lutil_gentime */

Modified: openldap/vendor/openldap-release/include/lutil_hash.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_hash.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lutil_hash.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_hash.h,v 1.8.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_hash.h,v 1.8.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_ldap.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_ldap.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lutil_ldap.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_ldap.h,v 1.11.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_ldap.h,v 1.11.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_lockf.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_lockf.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lutil_lockf.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_lockf.h,v 1.17.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_lockf.h,v 1.17.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/lutil_md5.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_md5.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lutil_md5.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_md5.h,v 1.24.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_md5.h,v 1.24.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/include/lutil_meter.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_meter.h	                        (rev 0)
+++ openldap/vendor/openldap-release/include/lutil_meter.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,70 @@
+/* lutil_meter.h - progress meters */
+/* $OpenLDAP: pkg/ldap/include/lutil_meter.h,v 1.1.2.1 2009/02/05 20:10:59 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright (c) 2009 by Matthew Backes, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Matthew Backes for inclusion
+ * in OpenLDAP software.
+ */
+
+#ifndef _LUTIL_METER_H
+#define _LUTIL_METER_H
+
+#include "portable.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+#include <ac/stdlib.h>
+#include <ac/time.h>
+
+typedef struct {
+	int (*display_open) (void **datap);
+	int (*display_update) (void **datap, double frac, time_t remaining_time, time_t elapsed, double byte_rate);
+	int (*display_close) (void **datap);
+} lutil_meter_display_t;
+
+typedef struct {
+	int (*estimator_open) (void **datap);
+	int (*estimator_update) (void **datap, double start, double frac, time_t *remaining_time);
+	int (*estimator_close) (void **datap);
+} lutil_meter_estimator_t;
+
+typedef struct {
+	const lutil_meter_display_t *display;
+	void * display_data;
+	const lutil_meter_estimator_t *estimator;
+	void * estimator_data;
+	double start_time;
+	double last_update;
+	unsigned long goal_value;
+	unsigned long last_position;
+} lutil_meter_t;
+
+extern const lutil_meter_display_t lutil_meter_text_display;
+extern const lutil_meter_estimator_t lutil_meter_linear_estimator;
+
+extern int lutil_meter_open (
+	lutil_meter_t *lutil_meter,
+	const lutil_meter_display_t *display, 
+	const lutil_meter_estimator_t *estimator,
+	unsigned long goal_value);
+extern int lutil_meter_update (
+	lutil_meter_t *lutil_meter,
+	unsigned long position,
+	int force);
+extern int lutil_meter_close (lutil_meter_t *lutil_meter);
+
+#endif /* _LUTIL_METER_H */

Modified: openldap/vendor/openldap-release/include/lutil_sha1.h
===================================================================
--- openldap/vendor/openldap-release/include/lutil_sha1.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/lutil_sha1.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/lutil_sha1.h,v 1.28.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/lutil_sha1.h,v 1.28.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/include/portable.hin
===================================================================
--- openldap/vendor/openldap-release/include/portable.hin	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/portable.hin	2009-02-17 16:18:54 UTC (rev 1195)
@@ -4,7 +4,7 @@
 /* begin of portable.h.pre */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation
+ * Copyright 1998-2009 The OpenLDAP Foundation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -190,6 +190,9 @@
 /* Define to 1 if you have the `getdtablesize' function. */
 #undef HAVE_GETDTABLESIZE
 
+/* Define to 1 if you have the `geteuid' function. */
+#undef HAVE_GETEUID
+
 /* Define to 1 if you have the `getgrgid' function. */
 #undef HAVE_GETGRGID
 
@@ -250,6 +253,18 @@
 /* Define to 1 if you have the <grp.h> header file. */
 #undef HAVE_GRP_H
 
+/* define if you have GSSAPI */
+#undef HAVE_GSSAPI
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define to 1 if you have the <gssapi.h> header file. */
+#undef HAVE_GSSAPI_H
+
+/* Define to 1 if you have the `gss_oid_to_str' function. */
+#undef HAVE_GSS_OID_TO_STR
+
 /* Define to 1 if you have the `hstrerror' function. */
 #undef HAVE_HSTRERROR
 
@@ -945,6 +960,9 @@
 /* define to support cn=Monitor backend */
 #undef SLAPD_MONITOR
 
+/* define to support NDB backend */
+#undef SLAPD_NDB
+
 /* define to support NULL backend */
 #undef SLAPD_NULL
 
@@ -954,12 +972,18 @@
 /* define for Audit Logging overlay */
 #undef SLAPD_OVER_AUDITLOG
 
+/* define for Collect overlay */
+#undef SLAPD_OVER_COLLECT
+
 /* define for Attribute Constraint overlay */
 #undef SLAPD_OVER_CONSTRAINT
 
 /* define for Dynamic Directory Services overlay */
 #undef SLAPD_OVER_DDS
 
+/* define for Dynamic Directory Services overlay */
+#undef SLAPD_OVER_DEREF
+
 /* define for Dynamic Group overlay */
 #undef SLAPD_OVER_DYNGROUP
 

Modified: openldap/vendor/openldap-release/include/rewrite.h
===================================================================
--- openldap/vendor/openldap-release/include/rewrite.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/rewrite.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
-/* $OpenLDAP: pkg/ldap/include/rewrite.h,v 1.15.2.3 2008/02/11 23:26:40 kurt Exp $
+/* $OpenLDAP: pkg/ldap/include/rewrite.h,v 1.15.2.4 2009/01/22 00:00:52 kurt Exp $
  */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/include/slapi-plugin.h
===================================================================
--- openldap/vendor/openldap-release/include/slapi-plugin.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/slapi-plugin.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/slapi-plugin.h,v 1.52.2.5 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/slapi-plugin.h,v 1.52.2.6 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002,2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/include/sysexits-compat.h
===================================================================
--- openldap/vendor/openldap-release/include/sysexits-compat.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/include/sysexits-compat.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/include/sysexits-compat.h,v 1.11.2.3 2008/02/11 23:26:40 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/include/sysexits-compat.h,v 1.11.2.4 2009/01/22 00:00:52 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Libraries Makefile for OpenLDAP
-# $OpenLDAP: pkg/ldap/libraries/Makefile.in,v 1.26.2.3 2008/02/11 23:26:40 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/Makefile.in,v 1.26.2.4 2009/01/22 00:00:53 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # LIBLBER
-# $OpenLDAP: pkg/ldap/libraries/liblber/Makefile.in,v 1.37.2.4 2008/02/11 23:26:41 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/liblber/Makefile.in,v 1.37.2.5 2009/01/22 00:00:53 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/assert.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/assert.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/assert.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/assert.c,v 1.13.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/assert.c,v 1.13.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/bprint.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/bprint.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/bprint.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.57.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/bprint.c,v 1.57.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/debug.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/debug.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/debug.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/debug.c,v 1.21.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/debug.c,v 1.21.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/decode.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/decode.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/decode.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* decode.c - ber input decoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.105.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/decode.c,v 1.105.2.6 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -69,7 +69,7 @@
 		val |= der[i] & 0x7f;
 		if ( !( der[i] & 0x80 )) {
 			if ( ptr == NULL ) {
-				/* Initial "x.y": val=x*40+y, x<=2, y<40 if x=2 */
+				/* Initial "x.y": val=x*40+y, x<=2, y<40 if x<2 */
 				ptr = out->bv_val;
 				val1 = (val < 80 ? val/40 : 2);
 				val -= val1*40;

Modified: openldap/vendor/openldap-release/libraries/liblber/dtest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/dtest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/dtest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dtest.c - lber decoding test program */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/dtest.c,v 1.37.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/dtest.c,v 1.37.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/encode.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/encode.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/encode.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* encode.c - ber output encoding routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/encode.c,v 1.64.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/encode.c,v 1.64.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/etest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/etest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/etest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* etest.c - lber encoding test program */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/etest.c,v 1.35.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/etest.c,v 1.35.2.5 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/idtest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/idtest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/idtest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* idtest.c - ber decoding test program using isode libraries */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/idtest.c,v 1.18.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/idtest.c,v 1.18.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/io.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/io.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/io.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* io.c - ber general i/o routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.111.2.8 2008/07/09 23:16:48 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/io.c,v 1.111.2.9 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/lber-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/lber-int.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/lber-int.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/lber-int.h,v 1.68.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/lber-int.h,v 1.68.2.4 2009/01/22 00:00:53 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/memory.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/memory.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/memory.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.64.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/memory.c,v 1.64.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/nt_err.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/nt_err.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/nt_err.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/nt_err.c,v 1.15.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/nt_err.c,v 1.15.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/options.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/options.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/options.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/options.c,v 1.43.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/options.c,v 1.43.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/sockbuf.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/sockbuf.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/sockbuf.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* sockbuf.c - i/o routines with support for adding i/o layers. */
-/* $OpenLDAP: pkg/ldap/libraries/liblber/sockbuf.c,v 1.65.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/sockbuf.c,v 1.65.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblber/stdio.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblber/stdio.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblber/stdio.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblber/stdio.c,v 1.11.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblber/stdio.c,v 1.11.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for LDAP -lldap
-# $OpenLDAP: pkg/ldap/libraries/libldap/Makefile.in,v 1.79.2.5 2008/07/09 00:29:57 quanah Exp $
+# $OpenLDAP: pkg/ldap/libraries/libldap/Makefile.in,v 1.79.2.9 2009/01/26 23:29:53 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -20,26 +20,28 @@
 SRCS	= bind.c open.c result.c error.c compare.c search.c \
 	controls.c messages.c references.c extended.c cyrus.c \
 	modify.c add.c modrdn.c delete.c abandon.c \
-	sasl.c sbind.c unbind.c cancel.c  \
+	sasl.c gssapi.c sbind.c unbind.c cancel.c  \
 	filter.c free.c sort.c passwd.c whoami.c \
 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
 	request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
 	init.c options.c print.c string.c util-int.c schema.c \
-	charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+	charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+	tls2.c tls_o.c tls_g.c tls_m.c \
 	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
-	assertion.c
+	assertion.c deref.c
 
 OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
-	sasl.lo sbind.lo unbind.lo cancel.lo \
+	sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
 	request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
 	init.lo options.lo print.lo string.lo util-int.lo schema.lo \
-	charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+	charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+	tls2.lo tls_o.lo tls_g.lo tls_m.lo \
 	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
-	assertion.lo
+	assertion.lo deref.lo
 
 LDAP_INCDIR= ../../include       
 LDAP_LIBDIR= ../../libraries

Modified: openldap/vendor/openldap-release/libraries/libldap/abandon.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/abandon.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/abandon.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* abandon.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/abandon.c,v 1.41.2.7 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/abandon.c,v 1.41.2.10 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -412,7 +412,7 @@
 	assert( np != NULL );
 	assert( *np >= 0 );
 	assert( idx >= 0 );
-	assert( idx <= *np );
+	assert( (unsigned) idx <= *np );
 
 	n = *np;
 
@@ -447,14 +447,13 @@
 ldap_int_bisect_delete( ber_int_t **vp, ber_len_t *np, int id, int idx )
 {
 	ber_int_t	*v;
-	ber_len_t	n;
-	int		i;
+	ber_len_t	i, n;
 
 	assert( vp != NULL );
 	assert( np != NULL );
 	assert( *np >= 0 );
 	assert( idx >= 0 );
-	assert( idx < *np );
+	assert( (unsigned) idx < *np );
 
 	v = *vp;
 

Modified: openldap/vendor/openldap-release/libraries/libldap/add.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* add.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/add.c,v 1.27.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/add.c,v 1.27.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -151,9 +151,32 @@
 		/* for each attribute in the entry... */
 		for ( i = 0; attrs[i] != NULL; i++ ) {
 			if ( ( attrs[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
+				int j;
+
+				if ( attrs[i]->mod_bvalues == NULL ) {
+					ld->ld_errno = LDAP_PARAM_ERROR;
+					ber_free( ber, 1 );
+					return ld->ld_errno;
+				}
+
+				for ( j = 0; attrs[i]->mod_bvalues[ j ] != NULL; j++ ) {
+					if ( attrs[i]->mod_bvalues[ j ]->bv_val == NULL ) {
+						ld->ld_errno = LDAP_PARAM_ERROR;
+						ber_free( ber, 1 );
+						return ld->ld_errno;
+					}
+				}
+
 				rc = ber_printf( ber, "{s[V]N}", attrs[i]->mod_type,
 				    attrs[i]->mod_bvalues );
+
 			} else {
+				if ( attrs[i]->mod_values == NULL ) {
+					ld->ld_errno = LDAP_PARAM_ERROR;
+					ber_free( ber, 1 );
+					return ld->ld_errno;
+				}
+
 				rc = ber_printf( ber, "{s[v]N}", attrs[i]->mod_type,
 				    attrs[i]->mod_values );
 			}

Modified: openldap/vendor/openldap-release/libraries/libldap/addentry.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/addentry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/addentry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* addentry.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/addentry.c,v 1.16.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/addentry.c,v 1.16.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/apitest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/apitest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/apitest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* apitest.c -- OpenLDAP API Test Program */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/apitest.c,v 1.25.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/apitest.c,v 1.25.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap/assertion.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/assertion.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/assertion.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/assertion.c,v 1.1.2.1 2008/07/09 00:29:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/assertion.c,v 1.1.2.2 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/bind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/bind.c,v 1.24.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/bind.c,v 1.24.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -71,6 +71,11 @@
 	case LDAP_AUTH_SIMPLE:
 		return( ldap_simple_bind( ld, dn, passwd ) );
 
+#ifdef HAVE_GSSAPI
+	case LDAP_AUTH_NEGOTIATE:
+		return( ldap_gssapi_bind_s( ld, dn, passwd) );
+#endif
+
 	case LDAP_AUTH_SASL:
 		/* user must use ldap_sasl_bind */
 		/* FALL-THRU */
@@ -107,6 +112,11 @@
 	case LDAP_AUTH_SIMPLE:
 		return( ldap_simple_bind_s( ld, dn, passwd ) );
 
+#ifdef HAVE_GSSAPI
+	case LDAP_AUTH_NEGOTIATE:
+		return( ldap_gssapi_bind_s( ld, dn, passwd) );
+#endif
+
 	case LDAP_AUTH_SASL:
 		/* user must use ldap_sasl_bind */
 		/* FALL-THRU */

Modified: openldap/vendor/openldap-release/libraries/libldap/cancel.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/cancel.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/cancel.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cancel.c,v 1.10.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cancel.c,v 1.10.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/charray.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/charray.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/charray.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* charray.c - routines for dealing with char * arrays */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.16.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/charray.c,v 1.16.2.6 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -191,10 +191,10 @@
 	}
 
 	i = 1;
-	for ( s = str; *s; s++ ) {
-		if ( ldap_utf8_strchr( brkstr, s ) != NULL ) {
-			i++;
-		}
+	for ( s = str; ; LDAP_UTF8_INCR(s) ) {
+		s = ldap_utf8_strpbrk( s, brkstr );
+		if ( !s ) break;
+		i++;
 	}
 
 	res = (char **) LDAP_MALLOC( (i + 1) * sizeof(char *) );

Modified: openldap/vendor/openldap-release/libraries/libldap/compare.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/compare.c,v 1.29.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/compare.c,v 1.29.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/controls.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/controls.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/controls.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.48.2.5 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/controls.c,v 1.48.2.6 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/cyrus.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/cyrus.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/cyrus.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.133.2.8 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/cyrus.c,v 1.133.2.13 2009/02/08 06:06:04 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -133,321 +133,128 @@
 	return -1;
 }
 
-/*
- * SASL encryption support for LBER Sockbufs
- */
-
-struct sb_sasl_data {
-	sasl_conn_t		*sasl_context;
-	unsigned		*sasl_maxbuf;
-	Sockbuf_Buf		sec_buf_in;
-	Sockbuf_Buf		buf_in;
-	Sockbuf_Buf		buf_out;
-};
-
-static int
-sb_sasl_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+static void
+sb_sasl_cyrus_init(
+	struct sb_sasl_generic_data *p,
+	ber_len_t *min_send,
+	ber_len_t *max_send,
+	ber_len_t *max_recv)
 {
-	struct sb_sasl_data	*p;
+	sasl_conn_t *sasl_context = (sasl_conn_t *)p->ops_private;
+	ber_len_t maxbuf;
 
-	assert( sbiod != NULL );
+	sasl_getprop( sasl_context, SASL_MAXOUTBUF,
+		      (SASL_CONST void **)(char *) &maxbuf );
 
-	p = LBER_MALLOC( sizeof( *p ) );
-	if ( p == NULL )
-		return -1;
-	p->sasl_context = (sasl_conn_t *)arg;
-	ber_pvt_sb_buf_init( &p->sec_buf_in );
-	ber_pvt_sb_buf_init( &p->buf_in );
-	ber_pvt_sb_buf_init( &p->buf_out );
-	if ( ber_pvt_sb_grow_buffer( &p->sec_buf_in, SASL_MIN_BUFF_SIZE ) < 0 ) {
-		LBER_FREE( p );
-		sock_errset(ENOMEM);
-		return -1;
-	}
-	sasl_getprop( p->sasl_context, SASL_MAXOUTBUF,
-		(SASL_CONST void **)(char *) &p->sasl_maxbuf );
-	    
-	sbiod->sbiod_pvt = p;
-
-	return 0;
+	*min_send = SASL_MIN_BUFF_SIZE;
+	*max_send = maxbuf;
+	*max_recv = SASL_MAX_BUFF_SIZE;
 }
 
-static int
-sb_sasl_remove( Sockbuf_IO_Desc *sbiod )
+static ber_int_t
+sb_sasl_cyrus_encode(
+	struct sb_sasl_generic_data *p,
+	unsigned char *buf,
+	ber_len_t len,
+	Sockbuf_Buf *dst)
 {
-	struct sb_sasl_data	*p;
+	sasl_conn_t *sasl_context = (sasl_conn_t *)p->ops_private;
+	ber_int_t ret;
+	unsigned tmpsize = dst->buf_size;
 
-	assert( sbiod != NULL );
-	
-	p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
-#if SASL_VERSION_MAJOR >= 2
-	/*
-	 * SASLv2 encode/decode buffers are managed by
-	 * libsasl2. Ensure they are not freed by liblber.
-	 */
-	p->buf_in.buf_base = NULL;
-	p->buf_out.buf_base = NULL;
-#endif
-	ber_pvt_sb_buf_destroy( &p->sec_buf_in );
-	ber_pvt_sb_buf_destroy( &p->buf_in );
-	ber_pvt_sb_buf_destroy( &p->buf_out );
-	LBER_FREE( p );
-	sbiod->sbiod_pvt = NULL;
-	return 0;
-}
+	ret = sasl_encode( sasl_context, (char *)buf, len,
+			   (SASL_CONST char **)&dst->buf_base,
+			   &tmpsize );
 
-static ber_len_t
-sb_sasl_pkt_length( const unsigned char *buf, int debuglevel )
-{
-	ber_len_t		size;
+	dst->buf_size = tmpsize;
+	dst->buf_end = dst->buf_size;
 
-	assert( buf != NULL );
-
-	size = buf[0] << 24
-		| buf[1] << 16
-		| buf[2] << 8
-		| buf[3];
-
-	if ( size > SASL_MAX_BUFF_SIZE ) {
-		/* somebody is trying to mess me up. */
-		ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
-			"sb_sasl_pkt_length: received illegal packet length "
-			"of %lu bytes\n", (unsigned long)size );      
-		size = 16; /* this should lead to an error. */
+	if ( ret != SASL_OK ) {
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_cyrus_encode: failed to encode packet: %s\n",
+				sasl_errstring( ret, NULL, NULL ) );
+		return -1;
 	}
 
-	return size + 4; /* include the size !!! */
+	return 0;
 }
 
-/* Drop a processed packet from the input buffer */
-static void
-sb_sasl_drop_packet ( Sockbuf_Buf *sec_buf_in, int debuglevel )
+static ber_int_t
+sb_sasl_cyrus_decode(
+	struct sb_sasl_generic_data *p,
+	const Sockbuf_Buf *src,
+	Sockbuf_Buf *dst)
 {
-	ber_slen_t			len;
+	sasl_conn_t *sasl_context = (sasl_conn_t *)p->ops_private;
+	ber_int_t ret;
+	unsigned tmpsize = dst->buf_size;
 
-	len = sec_buf_in->buf_ptr - sec_buf_in->buf_end;
-	if ( len > 0 )
-		AC_MEMCPY( sec_buf_in->buf_base, sec_buf_in->buf_base +
-			sec_buf_in->buf_end, len );
-   
-	if ( len >= 4 ) {
-		sec_buf_in->buf_end = sb_sasl_pkt_length(
-			(unsigned char *) sec_buf_in->buf_base, debuglevel);
-	}
-	else {
-		sec_buf_in->buf_end = 0;
-	}
-	sec_buf_in->buf_ptr = len;
-}
+	ret = sasl_decode( sasl_context,
+			   src->buf_base, src->buf_end,
+			   (SASL_CONST char **)&dst->buf_base,
+			   (unsigned *)&tmpsize );
 
-static ber_slen_t
-sb_sasl_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
-{
-	struct sb_sasl_data	*p;
-	ber_slen_t		ret, bufptr;
-   
-	assert( sbiod != NULL );
-	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
 
-	p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
+	dst->buf_size = tmpsize;
+	dst->buf_end = dst->buf_size;
 
-	/* Are there anything left in the buffer? */
-	ret = ber_pvt_sb_copy_out( &p->buf_in, buf, len );
-	bufptr = ret;
-	len -= ret;
-
-	if ( len == 0 )
-		return bufptr;
-
-#if SASL_VERSION_MAJOR >= 2
-	ber_pvt_sb_buf_init( &p->buf_in );
-#else
-	ber_pvt_sb_buf_destroy( &p->buf_in );
-#endif
-
-	/* Read the length of the packet */
-	while ( p->sec_buf_in.buf_ptr < 4 ) {
-		ret = LBER_SBIOD_READ_NEXT( sbiod, p->sec_buf_in.buf_base +
-			p->sec_buf_in.buf_ptr,
-			4 - p->sec_buf_in.buf_ptr );
-#ifdef EINTR
-		if ( ( ret < 0 ) && ( errno == EINTR ) )
-			continue;
-#endif
-		if ( ret <= 0 )
-			return bufptr ? bufptr : ret;
-
-		p->sec_buf_in.buf_ptr += ret;
-	}
-
-	/* The new packet always starts at p->sec_buf_in.buf_base */
-	ret = sb_sasl_pkt_length( (unsigned char *) p->sec_buf_in.buf_base,
-		sbiod->sbiod_sb->sb_debug );
-
-	/* Grow the packet buffer if neccessary */
-	if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) && 
-		ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 )
-	{
-		sock_errset(ENOMEM);
-		return -1;
-	}
-	p->sec_buf_in.buf_end = ret;
-
-	/* Did we read the whole encrypted packet? */
-	while ( p->sec_buf_in.buf_ptr < p->sec_buf_in.buf_end ) {
-		/* No, we have got only a part of it */
-		ret = p->sec_buf_in.buf_end - p->sec_buf_in.buf_ptr;
-
-		ret = LBER_SBIOD_READ_NEXT( sbiod, p->sec_buf_in.buf_base +
-			p->sec_buf_in.buf_ptr, ret );
-#ifdef EINTR
-		if ( ( ret < 0 ) && ( errno == EINTR ) )
-			continue;
-#endif
-		if ( ret <= 0 )
-			return bufptr ? bufptr : ret;
-
-		p->sec_buf_in.buf_ptr += ret;
-   	}
-
-	/* Decode the packet */
-	{
-		unsigned tmpsize = p->buf_in.buf_end;
-		ret = sasl_decode( p->sasl_context, p->sec_buf_in.buf_base,
-			p->sec_buf_in.buf_end,
-			(SASL_CONST char **)&p->buf_in.buf_base,
-			(unsigned *)&tmpsize );
-		p->buf_in.buf_end = tmpsize;
-	}
-
-	/* Drop the packet from the input buffer */
-	sb_sasl_drop_packet( &p->sec_buf_in, sbiod->sbiod_sb->sb_debug );
-
 	if ( ret != SASL_OK ) {
-		ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
-			"sb_sasl_read: failed to decode packet: %s\n",
-			sasl_errstring( ret, NULL, NULL ) );
-		sock_errset(EIO);
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_cyrus_decode: failed to decode packet: %s\n",
+				sasl_errstring( ret, NULL, NULL ) );
 		return -1;
 	}
-	
-	p->buf_in.buf_size = p->buf_in.buf_end;
 
-	bufptr += ber_pvt_sb_copy_out( &p->buf_in, (char*) buf + bufptr, len );
-
-	return bufptr;
+	return 0;
 }
 
-static ber_slen_t
-sb_sasl_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+static void
+sb_sasl_cyrus_reset_buf(
+	struct sb_sasl_generic_data *p,
+	Sockbuf_Buf *buf)
 {
-	struct sb_sasl_data	*p;
-	int			ret;
-
-	assert( sbiod != NULL );
-	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
-
-	p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
-
-	/* Are there anything left in the buffer? */
-	if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
-		ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
-		if ( ret < 0 ) return ret;
-
-		/* Still have something left?? */
-		if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
-			sock_errset(EAGAIN);
-			return -1;
-		}
-	}
-
-	/* now encode the next packet. */
 #if SASL_VERSION_MAJOR >= 2
-	ber_pvt_sb_buf_init( &p->buf_out );
+	ber_pvt_sb_buf_init( buf );
 #else
-	ber_pvt_sb_buf_destroy( &p->buf_out );
+	ber_pvt_sb_buf_destroy( buf );
 #endif
-	if ( len > *p->sasl_maxbuf - 100 ) {
-		len = *p->sasl_maxbuf - 100;	/* For safety margin */
-	}
-
-	{
-		unsigned tmpsize = p->buf_out.buf_size;
-		ret = sasl_encode( p->sasl_context, buf, len,
-			(SASL_CONST char **)&p->buf_out.buf_base,
-			&tmpsize );
-		p->buf_out.buf_size = tmpsize;
-	}
-
-	if ( ret != SASL_OK ) {
-		ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
-			"sb_sasl_write: failed to encode packet: %s\n",
-			sasl_errstring( ret, NULL, NULL ) );
-		sock_errset(EIO);
-		return -1;
-	}
-	p->buf_out.buf_end = p->buf_out.buf_size;
-
-	ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
-
-	/* return number of bytes encoded, not written, to ensure
-	 * no byte is encoded twice (even if only sent once).
-	 */
-	return len;
 }
 
-static int
-sb_sasl_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+static void
+sb_sasl_cyrus_fini(
+	struct sb_sasl_generic_data *p)
 {
-	struct sb_sasl_data	*p;
-
-	p = (struct sb_sasl_data *)sbiod->sbiod_pvt;
-
-	if ( opt == LBER_SB_OPT_DATA_READY ) {
-		if ( p->buf_in.buf_ptr != p->buf_in.buf_end ) return 1;
-	}
-	
-	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+#if SASL_VERSION_MAJOR >= 2
+	/*
+	 * SASLv2 encode/decode buffers are managed by
+	 * libsasl2. Ensure they are not freed by liblber.
+	 */
+	p->buf_in.buf_base = NULL;
+	p->buf_out.buf_base = NULL;
+#endif
 }
 
-Sockbuf_IO ldap_pvt_sockbuf_io_sasl = {
-	sb_sasl_setup,		/* sbi_setup */
-	sb_sasl_remove,		/* sbi_remove */
-	sb_sasl_ctrl,		/* sbi_ctrl */
-	sb_sasl_read,		/* sbi_read */
-	sb_sasl_write,		/* sbi_write */
-	NULL			/* sbi_close */
-};
+static const struct sb_sasl_generic_ops sb_sasl_cyrus_ops = {
+	sb_sasl_cyrus_init,
+	sb_sasl_cyrus_encode,
+	sb_sasl_cyrus_decode,
+	sb_sasl_cyrus_reset_buf,
+	sb_sasl_cyrus_fini
+ };
 
 int ldap_pvt_sasl_install( Sockbuf *sb, void *ctx_arg )
 {
-	Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_install\n",
-		0, 0, 0 );
+	struct sb_sasl_generic_install install_arg;
 
-	/* don't install the stuff unless security has been negotiated */
+	install_arg.ops		= &sb_sasl_cyrus_ops;
+	install_arg.ops_private = ctx_arg;
 
-	if ( !ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO,
-			&ldap_pvt_sockbuf_io_sasl ) )
-	{
-#ifdef LDAP_DEBUG
-		ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
-			LBER_SBIOD_LEVEL_APPLICATION, (void *)"sasl_" );
-#endif
-		ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_sasl,
-			LBER_SBIOD_LEVEL_APPLICATION, ctx_arg );
-	}
-
-	return LDAP_SUCCESS;
+	return ldap_pvt_sasl_generic_install( sb, &install_arg );
 }
 
 void ldap_pvt_sasl_remove( Sockbuf *sb )
 {
-	ber_sockbuf_remove_io( sb, &ldap_pvt_sockbuf_io_sasl,
-		LBER_SBIOD_LEVEL_APPLICATION );
-#ifdef LDAP_DEBUG
-	ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
-		LBER_SBIOD_LEVEL_APPLICATION );
-#endif
+	ldap_pvt_sasl_generic_remove( sb );
 }
 
 static int
@@ -639,16 +446,28 @@
 	}
 
 	{
-		char *saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
+		char *saslhost;
+		int nocanon = (int)LDAP_BOOL_GET( &ld->ld_options,
+			LDAP_BOOL_SASL_NOCANON );
+
+		/* If we don't need to canonicalize just use the host
+		 * from the LDAP URI.
+		 */
+		if ( nocanon )
+			saslhost = ld->ld_defconn->lconn_server->lud_host;
+		else 
+			saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
 			"localhost" );
 		rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
-		LDAP_FREE( saslhost );
+		if ( !nocanon )
+			LDAP_FREE( saslhost );
 	}
 
 	if ( rc != LDAP_SUCCESS ) return rc;
 
 	ctx = ld->ld_defconn->lconn_sasl_authctx;
 
+#ifdef HAVE_TLS
 	/* Check for TLS */
 	ssl = ldap_pvt_tls_sb_ctx( ld->ld_defconn->lconn_sb );
 	if ( ssl ) {
@@ -662,6 +481,7 @@
 		(void) ldap_int_sasl_external( ld, ld->ld_defconn, authid.bv_val, fac );
 		LDAP_FREE( authid.bv_val );
 	}
+#endif
 
 #if !defined(_WIN32)
 	/* Check for local */
@@ -749,7 +569,7 @@
 				/* and server provided us with data? */
 				Debug( LDAP_DEBUG_TRACE,
 					"ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
-					rc, saslrc, scred ? scred->bv_len : -1 );
+					rc, saslrc, scred ? (long) scred->bv_len : -1L );
 				ber_bvfree( scred );
 				scred = NULL;
 			}
@@ -1033,7 +853,7 @@
 	const char *in,
 	sasl_security_properties_t *secprops )
 {
-	int i, j, l;
+	unsigned i, j, l;
 	char **props;
 	unsigned sflags = 0;
 	int got_sflags = 0;
@@ -1123,6 +943,13 @@
 int
 ldap_int_sasl_get_option( LDAP *ld, int option, void *arg )
 {
+	if ( option == LDAP_OPT_X_SASL_MECHLIST ) {
+		if ( ldap_int_sasl_init() )
+			return -1;
+		*(char ***)arg = (char **)sasl_global_listmech();
+		return 0;
+	}
+
 	if ( ld == NULL )
 		return -1;
 
@@ -1182,6 +1009,9 @@
 		case LDAP_OPT_X_SASL_MAXBUFSIZE:
 			*(ber_len_t *)arg = ld->ld_options.ldo_sasl_secprops.maxbufsize;
 			break;
+		case LDAP_OPT_X_SASL_NOCANON:
+			*(int *)arg = (int) LDAP_BOOL_GET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
+			break;
 
 		case LDAP_OPT_X_SASL_SECPROPS:
 			/* this option is write only */
@@ -1196,9 +1026,12 @@
 int
 ldap_int_sasl_set_option( LDAP *ld, int option, void *arg )
 {
-	if ( ld == NULL || arg == NULL )
+	if ( ld == NULL )
 		return -1;
 
+	if ( arg == NULL && option != LDAP_OPT_X_SASL_NOCANON )
+		return -1;
+
 	switch ( option ) {
 	case LDAP_OPT_X_SASL_SSF:
 		/* This option is read-only */
@@ -1249,6 +1082,13 @@
 	case LDAP_OPT_X_SASL_MAXBUFSIZE:
 		ld->ld_options.ldo_sasl_secprops.maxbufsize = *(ber_len_t *)arg;
 		break;
+	case LDAP_OPT_X_SASL_NOCANON:
+		if ( arg == LDAP_OPT_OFF ) {
+			LDAP_BOOL_CLR(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
+		} else {
+			LDAP_BOOL_SET(&ld->ld_options, LDAP_BOOL_SASL_NOCANON );
+		}
+		break;
 
 	case LDAP_OPT_X_SASL_SECPROPS: {
 		int sc;

Modified: openldap/vendor/openldap-release/libraries/libldap/dds.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/dds.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/dds.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/dds.c,v 1.2.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dds.c,v 1.2.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright 2005-2006 SysNet s.n.c.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap/delete.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/delete.c,v 1.26.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/delete.c,v 1.26.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/libraries/libldap/deref.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/deref.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/deref.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,282 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/deref.c,v 1.2.2.2 2009/01/22 00:00:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "ldap-int.h"
+
+int
+ldap_create_deref_control_value(
+	LDAP		*ld,
+	LDAPDerefSpec	*ds,
+	struct berval	*value )
+{
+	BerElement	*ber = NULL;
+	ber_tag_t	tag;
+	int		i;
+
+	if ( ld == NULL || value == NULL || ds == NULL )
+	{
+		if ( ld )
+			ld->ld_errno = LDAP_PARAM_ERROR;
+		return LDAP_PARAM_ERROR;
+	}
+
+	assert( LDAP_VALID( ld ) );
+
+	value->bv_val = NULL;
+	value->bv_len = 0;
+	ld->ld_errno = LDAP_SUCCESS;
+
+	ber = ldap_alloc_ber_with_options( ld );
+	if ( ber == NULL ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	tag = ber_printf( ber, "{" /*}*/ );
+	if ( tag == LBER_ERROR ) {
+		ld->ld_errno = LDAP_ENCODING_ERROR;
+		goto done;
+	}
+
+	for ( i = 0; ds[i].derefAttr != NULL; i++ ) {
+		int j;
+
+		tag = ber_printf( ber, "{s{" /*}}*/ , ds[i].derefAttr );
+		if ( tag == LBER_ERROR ) {
+			ld->ld_errno = LDAP_ENCODING_ERROR;
+			goto done;
+		}
+
+		for ( j = 0; ds[i].attributes[j] != NULL; j++ ) {
+			tag = ber_printf( ber, "s", ds[i].attributes[ j ] );
+			if ( tag == LBER_ERROR ) {
+				ld->ld_errno = LDAP_ENCODING_ERROR;
+				goto done;
+			}
+		}
+
+		tag = ber_printf( ber, /*{{*/ "}N}" );
+		if ( tag == LBER_ERROR ) {
+			ld->ld_errno = LDAP_ENCODING_ERROR;
+			goto done;
+		}
+	}
+
+	tag = ber_printf( ber, /*{*/ "}" );
+	if ( tag == LBER_ERROR ) {
+		ld->ld_errno = LDAP_ENCODING_ERROR;
+		goto done;
+	}
+
+	if ( ber_flatten2( ber, value, 1 ) == -1 ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+	}
+
+done:;
+	if ( ber != NULL ) {
+		ber_free( ber, 1 );
+	}
+
+	return ld->ld_errno;
+}
+
+int
+ldap_create_deref_control(
+	LDAP		*ld,
+	LDAPDerefSpec	*ds,
+	int		iscritical,
+	LDAPControl	**ctrlp )
+{
+	struct berval	value;
+
+	if ( ctrlp == NULL ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	ld->ld_errno = ldap_create_deref_control_value( ld, ds, &value );
+	if ( ld->ld_errno == LDAP_SUCCESS ) {
+		ld->ld_errno = ldap_control_create( LDAP_CONTROL_PAGEDRESULTS,
+			iscritical, &value, 0, ctrlp );
+		if ( ld->ld_errno != LDAP_SUCCESS ) {
+			LDAP_FREE( value.bv_val );
+		}
+	}
+
+	return ld->ld_errno;
+}
+
+void
+ldap_derefresponse_free( LDAPDerefRes *dr )
+{
+	for ( ; dr; ) {
+		LDAPDerefRes *drnext = dr->next;
+		LDAPDerefVal *dv;
+
+		LDAP_FREE( dr->derefAttr );
+		LDAP_FREE( dr->derefVal.bv_val );
+
+		for ( dv = dr->attrVals; dv; ) {
+			LDAPDerefVal *dvnext = dv->next;
+			LDAP_FREE( dv->type );
+			ber_bvarray_free( dv->vals );
+			LDAP_FREE( dv );
+			dv = dvnext;
+		}
+
+		LDAP_FREE( dr );
+
+		dr = drnext;
+	}
+}
+
+int
+ldap_parse_derefresponse_control(
+	LDAP		*ld,
+	LDAPControl	*ctrl,
+	LDAPDerefRes	**drp2 )
+{
+	BerElement *ber;
+	ber_tag_t tag;
+	ber_len_t len;
+	char *last;
+	LDAPDerefRes *drhead = NULL, **drp;
+
+	if ( ld == NULL || ctrl == NULL || drp2 == NULL ) {
+		if ( ld )
+			ld->ld_errno = LDAP_PARAM_ERROR;
+		return LDAP_PARAM_ERROR;
+	}
+
+	/* Create a BerElement from the berval returned in the control. */
+	ber = ber_init( &ctrl->ldctl_value );
+
+	if ( ber == NULL ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	/* Extract the count and cookie from the control. */
+	drp = &drhead;
+	for ( tag = ber_first_element( ber, &len, &last );
+		tag != LBER_DEFAULT;
+		tag = ber_next_element( ber, &len, last ) )
+	{
+		LDAPDerefRes *dr;
+		LDAPDerefVal **dvp;
+		char *last2;
+
+		dr = LDAP_CALLOC( 1, sizeof(LDAPDerefRes) );
+		dvp = &dr->attrVals;
+
+		tag = ber_scanf( ber, "{ao", &dr->derefAttr, &dr->derefVal );
+		if ( tag == LBER_ERROR ) {
+			goto done;
+		}
+
+		tag = ber_peek_tag( ber, &len );
+		if ( tag == (LBER_CONSTRUCTED|LBER_CLASS_CONTEXT) ) {
+			for ( tag = ber_first_element( ber, &len, &last2 );
+				tag != LBER_DEFAULT;
+				tag = ber_next_element( ber, &len, last2 ) )
+			{
+				LDAPDerefVal *dv;
+
+				dv = LDAP_CALLOC( 1, sizeof(LDAPDerefVal) );
+
+				tag = ber_scanf( ber, "{a[W]}", &dv->type, &dv->vals );
+				if ( tag == LBER_ERROR ) {
+					goto done;
+				}
+
+				*dvp = dv;
+				dvp = &dv->next;
+			}
+		}
+
+		tag = ber_scanf( ber, "}" );
+		if ( tag == LBER_ERROR ) {
+			goto done;
+		}
+
+		*drp = dr;
+		drp = &dr->next;
+	}
+
+	tag = 0;
+
+done:;
+        ber_free( ber, 1 );
+
+	if ( tag == LBER_ERROR ) {
+		if ( drhead != NULL ) {
+			ldap_derefresponse_free( drhead );
+		}
+
+		*drp2 = NULL;
+		ld->ld_errno = LDAP_DECODING_ERROR;
+
+	} else {
+		*drp2 = drhead;
+		ld->ld_errno = LDAP_SUCCESS;
+	}
+
+	return ld->ld_errno;
+}
+
+int
+ldap_parse_deref_control(
+	LDAP		*ld,
+	LDAPControl	**ctrls,
+	LDAPDerefRes	**drp )
+{
+	LDAPControl *c;
+
+	if ( drp == NULL ) {
+		ld->ld_errno = LDAP_PARAM_ERROR;
+		return ld->ld_errno;
+	}
+
+	*drp = NULL;
+
+	if ( ctrls == NULL ) {
+		ld->ld_errno =  LDAP_CONTROL_NOT_FOUND;
+		return ld->ld_errno;
+	}
+
+	c = ldap_control_find( LDAP_CONTROL_X_DEREF, ctrls, NULL );
+	if ( c == NULL ) {
+		/* No deref control was found. */
+		ld->ld_errno = LDAP_CONTROL_NOT_FOUND;
+		return ld->ld_errno;
+	}
+
+	ld->ld_errno = ldap_parse_derefresponse_control( ld, c, drp );
+
+	return ld->ld_errno;
+}
+

Modified: openldap/vendor/openldap-release/libraries/libldap/dnssrv.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/dnssrv.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/dnssrv.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/dnssrv.c,v 1.39.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dnssrv.c,v 1.39.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/dntest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/dntest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/dntest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dntest.c -- OpenLDAP DN API Test Program */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/dntest.c,v 1.27.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/dntest.c,v 1.27.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/error.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/error.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/error.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/error.c,v 1.76.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/error.c,v 1.76.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/extended.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/extended.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/extended.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/extended.c,v 1.39.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/extended.c,v 1.39.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/filter.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/filter.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/filter.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/filter.c,v 1.29.2.6 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/filter.c,v 1.29.2.7 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/free.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/free.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/free.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* free.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/free.c,v 1.22.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/free.c,v 1.22.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/ftest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ftest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/ftest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ftest.c -- OpenLDAP Filter API Test */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ftest.c,v 1.15.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ftest.c,v 1.15.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getattr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getattr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/getattr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getattr.c,v 1.35.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getattr.c,v 1.35.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getdn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/getdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getdn.c,v 1.130.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getdn.c,v 1.130.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getentry.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getentry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/getentry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getentry.c,v 1.28.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getentry.c,v 1.28.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/getvalues.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/getvalues.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/getvalues.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/getvalues.c,v 1.26.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/getvalues.c,v 1.26.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/libraries/libldap/gssapi.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/gssapi.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/gssapi.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,1016 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/gssapi.c,v 1.1.2.2 2009/01/22 00:00:54 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Author: Stefan Metzmacher <metze at sernet.de>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ldap-int.h"
+
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#else
+#include <gssapi.h>
+#endif
+
+static char *
+gsserrstr(
+	char *buf,
+	ber_len_t buf_len,
+	gss_OID mech,
+	int gss_rc,
+	OM_uint32 minor_status )
+{
+	OM_uint32 min2;
+	gss_buffer_desc mech_msg = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc gss_msg = GSS_C_EMPTY_BUFFER;
+	gss_buffer_desc minor_msg = GSS_C_EMPTY_BUFFER;
+	OM_uint32 msg_ctx = 0;
+
+	if (buf == NULL) {
+		return NULL;
+	}
+
+	if (buf_len == 0) {
+		return NULL;
+	}
+
+#ifdef HAVE_GSS_OID_TO_STR
+	gss_oid_to_str(&min2, mech, &mech_msg);
+#endif
+	gss_display_status(&min2, gss_rc, GSS_C_GSS_CODE,
+			   mech, &msg_ctx, &gss_msg);
+	gss_display_status(&min2, minor_status, GSS_C_MECH_CODE,
+			   mech, &msg_ctx, &minor_msg);
+
+	snprintf(buf, buf_len, "gss_rc[%d:%*s] mech[%*s] minor[%u:%*s]",
+		 gss_rc, (int)gss_msg.length,
+		 (const char *)(gss_msg.value?gss_msg.value:""),
+		 (int)mech_msg.length,
+		 (const char *)(mech_msg.value?mech_msg.value:""),
+		 minor_status, (int)minor_msg.length,
+		 (const char *)(minor_msg.value?minor_msg.value:""));
+
+	gss_release_buffer(&min2, &mech_msg);
+	gss_release_buffer(&min2, &gss_msg);
+	gss_release_buffer(&min2, &minor_msg);
+
+	buf[buf_len-1] = '\0';
+
+	return buf;
+}
+
+static void
+sb_sasl_gssapi_init(
+	struct sb_sasl_generic_data *p,
+	ber_len_t *min_send,
+	ber_len_t *max_send,
+	ber_len_t *max_recv )
+{
+	gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+	int gss_rc;
+	OM_uint32 minor_status;
+	gss_OID ctx_mech = GSS_C_NO_OID;
+	OM_uint32 ctx_flags = 0;
+	int conf_req_flag = 0;
+	OM_uint32 max_input_size;
+
+	gss_inquire_context(&minor_status,
+			    gss_ctx,
+			    NULL,
+			    NULL,
+			    NULL,
+			    &ctx_mech,
+			    &ctx_flags,
+			    NULL,
+			    NULL);
+
+	if (ctx_flags & (GSS_C_CONF_FLAG)) {
+		conf_req_flag = 1;
+	}
+
+#if defined(HAVE_CYRUS_SASL)
+#define SEND_PREALLOC_SIZE	SASL_MIN_BUFF_SIZE
+#else
+#define SEND_PREALLOC_SIZE      4096
+#endif
+#define SEND_MAX_WIRE_SIZE	0x00A00000
+#define RECV_MAX_WIRE_SIZE	0x0FFFFFFF
+#define FALLBACK_SEND_MAX_SIZE	0x009FFFB8 /* from MIT 1.5.x */
+
+	gss_rc = gss_wrap_size_limit(&minor_status, gss_ctx,
+				     conf_req_flag, GSS_C_QOP_DEFAULT,
+				     SEND_MAX_WIRE_SIZE, &max_input_size);
+	if ( gss_rc != GSS_S_COMPLETE ) {
+		char msg[256];
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_init: failed to wrap size limit: %s\n",
+				gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_init: fallback to default wrap size limit\n");
+		/*
+		 * some libgssglue/libgssapi versions
+		 * have a broken gss_wrap_size_limit()
+		 * implementation
+		 */
+		max_input_size = FALLBACK_SEND_MAX_SIZE;
+	}
+
+	*min_send = SEND_PREALLOC_SIZE;
+	*max_send = max_input_size;
+	*max_recv = RECV_MAX_WIRE_SIZE;
+}
+
+static ber_int_t
+sb_sasl_gssapi_encode(
+	struct sb_sasl_generic_data *p,
+	unsigned char *buf,
+	ber_len_t len,
+	Sockbuf_Buf *dst )
+{
+	gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+	int gss_rc;
+	OM_uint32 minor_status;
+	gss_buffer_desc unwrapped, wrapped;
+	gss_OID ctx_mech = GSS_C_NO_OID;
+	OM_uint32 ctx_flags = 0;
+	int conf_req_flag = 0;
+	int conf_state;
+	unsigned char *b;
+	ber_len_t pkt_len;
+
+	unwrapped.value		= buf;
+	unwrapped.length	= len;
+
+	gss_inquire_context(&minor_status,
+			    gss_ctx,
+			    NULL,
+			    NULL,
+			    NULL,
+			    &ctx_mech,
+			    &ctx_flags,
+			    NULL,
+			    NULL);
+
+	if (ctx_flags & (GSS_C_CONF_FLAG)) {
+		conf_req_flag = 1;
+	}
+
+	gss_rc = gss_wrap(&minor_status, gss_ctx,
+			  conf_req_flag, GSS_C_QOP_DEFAULT,
+			  &unwrapped, &conf_state,
+			  &wrapped);
+	if ( gss_rc != GSS_S_COMPLETE ) {
+		char msg[256];
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_encode: failed to encode packet: %s\n",
+				gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+		return -1;
+	}
+
+	if ( conf_req_flag && conf_state == 0 ) {
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_encode: GSS_C_CONF_FLAG was ignored by our gss_wrap()\n" );
+		return -1;
+	}
+
+	pkt_len = 4 + wrapped.length;
+
+	/* Grow the packet buffer if neccessary */
+	if ( dst->buf_size < pkt_len &&
+		ber_pvt_sb_grow_buffer( dst, pkt_len ) < 0 )
+	{
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_encode: failed to grow the buffer to %lu bytes\n",
+				pkt_len );
+		return -1;
+	}
+
+	dst->buf_end = pkt_len;
+
+	b = (unsigned char *)dst->buf_base;
+
+	b[0] = (unsigned char)(wrapped.length >> 24);
+	b[1] = (unsigned char)(wrapped.length >> 16);
+	b[2] = (unsigned char)(wrapped.length >>  8);
+	b[3] = (unsigned char)(wrapped.length >>  0);
+
+	/* copy the wrapped blob to the right location */
+	memcpy(b + 4, wrapped.value, wrapped.length);
+
+	gss_release_buffer(&minor_status, &wrapped);
+
+	return 0;
+}
+
+static ber_int_t
+sb_sasl_gssapi_decode(
+	struct sb_sasl_generic_data *p,
+	const Sockbuf_Buf *src,
+	Sockbuf_Buf *dst )
+{
+	gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+	int gss_rc;
+	OM_uint32 minor_status;
+	gss_buffer_desc unwrapped, wrapped;
+	gss_OID ctx_mech = GSS_C_NO_OID;
+	OM_uint32 ctx_flags = 0;
+	int conf_req_flag = 0;
+	int conf_state;
+	unsigned char *b;
+	ber_len_t pkt_len;
+
+	wrapped.value	= src->buf_base + 4;
+	wrapped.length	= src->buf_end - 4;
+
+	gss_inquire_context(&minor_status,
+			    gss_ctx,
+			    NULL,
+			    NULL,
+			    NULL,
+			    &ctx_mech,
+			    &ctx_flags,
+			    NULL,
+			    NULL);
+
+	if (ctx_flags & (GSS_C_CONF_FLAG)) {
+		conf_req_flag = 1;
+	}
+
+	gss_rc = gss_unwrap(&minor_status, gss_ctx,
+			    &wrapped, &unwrapped,
+			    &conf_state, GSS_C_QOP_DEFAULT);
+	if ( gss_rc != GSS_S_COMPLETE ) {
+		char msg[256];
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_decode: failed to decode packet: %s\n",
+				gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+		return -1;
+	}
+
+	if ( conf_req_flag && conf_state == 0 ) {
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_encode: GSS_C_CONF_FLAG was ignored by our peer\n" );
+		return -1;
+	}
+
+	/* Grow the packet buffer if neccessary */
+	if ( dst->buf_size < unwrapped.length &&
+		ber_pvt_sb_grow_buffer( dst, unwrapped.length ) < 0 )
+	{
+		ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+				"sb_sasl_gssapi_decode: failed to grow the buffer to %lu bytes\n",
+				pkt_len );
+		return -1;
+	}
+
+	dst->buf_end = unwrapped.length;
+
+	b = (unsigned char *)dst->buf_base;
+
+	/* copy the wrapped blob to the right location */
+	memcpy(b, unwrapped.value, unwrapped.length);
+
+	gss_release_buffer(&minor_status, &unwrapped);
+
+	return 0;
+}
+
+static void
+sb_sasl_gssapi_reset_buf(
+	struct sb_sasl_generic_data *p,
+	Sockbuf_Buf *buf )
+{
+	ber_pvt_sb_buf_destroy( buf );
+}
+
+static void
+sb_sasl_gssapi_fini( struct sb_sasl_generic_data *p )
+{
+}
+
+static const struct sb_sasl_generic_ops sb_sasl_gssapi_ops = {
+	sb_sasl_gssapi_init,
+	sb_sasl_gssapi_encode,
+	sb_sasl_gssapi_decode,
+	sb_sasl_gssapi_reset_buf,
+	sb_sasl_gssapi_fini
+};
+
+static int
+sb_sasl_gssapi_install(
+	Sockbuf *sb,
+	gss_ctx_id_t gss_ctx )
+{
+	struct sb_sasl_generic_install install_arg;
+
+	install_arg.ops		= &sb_sasl_gssapi_ops;
+	install_arg.ops_private = gss_ctx;
+
+	return ldap_pvt_sasl_generic_install( sb, &install_arg );
+}
+
+static void
+sb_sasl_gssapi_remove( Sockbuf *sb )
+{
+	ldap_pvt_sasl_generic_remove( sb );
+}
+
+static int
+map_gsserr2ldap(
+	LDAP *ld,
+	gss_OID mech,
+	int gss_rc,
+	OM_uint32 minor_status )
+{
+	OM_uint32 min2;
+	OM_uint32 msg_ctx = 0;
+	char msg[256];
+
+	Debug( LDAP_DEBUG_ANY, "%s\n",
+	       gsserrstr( msg, sizeof(msg), mech, gss_rc, minor_status ),
+	       NULL, NULL );
+
+	if (gss_rc == GSS_S_COMPLETE) {
+		ld->ld_errno = LDAP_SUCCESS;
+	} else if (GSS_CALLING_ERROR(gss_rc)) {
+		ld->ld_errno = LDAP_LOCAL_ERROR;
+	} else if (GSS_ROUTINE_ERROR(gss_rc)) {
+		ld->ld_errno = LDAP_INAPPROPRIATE_AUTH;
+	} else if (gss_rc == GSS_S_CONTINUE_NEEDED) {
+		ld->ld_errno = LDAP_SASL_BIND_IN_PROGRESS;
+	} else if (GSS_SUPPLEMENTARY_INFO(gss_rc)) {
+		ld->ld_errno = LDAP_AUTH_UNKNOWN;
+	} else if (GSS_ERROR(gss_rc)) {
+		ld->ld_errno = LDAP_AUTH_UNKNOWN;
+	} else {
+		ld->ld_errno = LDAP_OTHER;
+	}
+
+	return ld->ld_errno;
+}
+
+
+static int
+ldap_gssapi_get_rootdse_infos (
+	LDAP *ld,
+	char **pmechlist,
+	char **pldapServiceName,
+	char **pdnsHostName )
+{
+	/* we need to query the server for supported mechs anyway */
+	LDAPMessage *res, *e;
+	char *attrs[] = {
+		"supportedSASLMechanisms",
+		"ldapServiceName",
+		"dnsHostName",
+		NULL
+	};
+	char **values, *mechlist;
+	char *ldapServiceName = NULL;
+	char *dnsHostName = NULL;
+	int rc;
+
+	Debug( LDAP_DEBUG_TRACE, "ldap_gssapi_get_rootdse_infos\n", 0, 0, 0 );
+
+	rc = ldap_search_s( ld, "", LDAP_SCOPE_BASE,
+		NULL, attrs, 0, &res );
+
+	if ( rc != LDAP_SUCCESS ) {
+		return ld->ld_errno;
+	}
+
+	e = ldap_first_entry( ld, res );
+	if ( e == NULL ) {
+		ldap_msgfree( res );
+		if ( ld->ld_errno == LDAP_SUCCESS ) {
+			ld->ld_errno = LDAP_NO_SUCH_OBJECT;
+		}
+		return ld->ld_errno;
+	}
+
+	values = ldap_get_values( ld, e, "supportedSASLMechanisms" );
+	if ( values == NULL ) {
+		ldap_msgfree( res );
+		ld->ld_errno = LDAP_NO_SUCH_ATTRIBUTE;
+		return ld->ld_errno;
+	}
+
+	mechlist = ldap_charray2str( values, " " );
+	if ( mechlist == NULL ) {
+		LDAP_VFREE( values );
+		ldap_msgfree( res );
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	LDAP_VFREE( values );
+
+	values = ldap_get_values( ld, e, "ldapServiceName" );
+	if ( values == NULL ) {
+		goto get_dns_host_name;
+	}
+
+	ldapServiceName = ldap_charray2str( values, " " );
+	if ( ldapServiceName == NULL ) {
+		LDAP_FREE( mechlist );
+		LDAP_VFREE( values );
+		ldap_msgfree( res );
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+	LDAP_VFREE( values );
+
+get_dns_host_name:
+
+	values = ldap_get_values( ld, e, "dnsHostName" );
+	if ( values == NULL ) {
+		goto done;
+	}
+
+	dnsHostName = ldap_charray2str( values, " " );
+	if ( dnsHostName == NULL ) {
+		LDAP_FREE( mechlist );
+		LDAP_FREE( ldapServiceName );
+		LDAP_VFREE( values );
+		ldap_msgfree( res );
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+	LDAP_VFREE( values );
+
+done:
+	ldap_msgfree( res );
+
+	*pmechlist = mechlist;
+	*pldapServiceName = ldapServiceName;
+	*pdnsHostName = dnsHostName;
+
+	return LDAP_SUCCESS;
+}
+
+
+static int check_for_gss_spnego_support( LDAP *ld, const char *mechs_str )
+{
+	int rc;
+	char **mechs_list = NULL;
+
+	mechs_list = ldap_str2charray( mechs_str, " " );
+	if ( mechs_list == NULL ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	rc = ldap_charray_inlist( mechs_list, "GSS-SPNEGO" );
+	ldap_charray_free( mechs_list );
+	if ( rc != 1) {
+		ld->ld_errno = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+		return ld->ld_errno;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+guess_service_principal(
+	LDAP *ld,
+	const char *ldapServiceName,
+	const char *dnsHostName,
+	gss_name_t *principal )
+{
+	gss_buffer_desc input_name;
+	/* GSS_KRB5_NT_PRINCIPAL_NAME */
+	gss_OID_desc nt_principal =
+	{10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
+	const char *host = ld->ld_defconn->lconn_server->lud_host;
+	OM_uint32 minor_status;
+	int gss_rc;
+	int ret;
+	size_t svc_principal_size;
+	char *svc_principal = NULL;
+	const char *principal_fmt = NULL;
+	const char *str = NULL;
+	const char *givenstr = NULL;
+	const char *ignore = "not_defined_in_RFC4178 at please_ignore";
+	int allow_remote = 0;
+
+	if (ldapServiceName) {
+		givenstr = strchr(ldapServiceName, ':');
+		if (givenstr && givenstr[1]) {
+			givenstr++;
+			if (strcmp(givenstr, ignore) == 0) {
+				givenstr = NULL;
+			}
+		} else {
+			givenstr = NULL;
+		}
+	}
+
+	if ( ld->ld_options.ldo_gssapi_options & LDAP_GSSAPI_OPT_ALLOW_REMOTE_PRINCIPAL ) {
+		allow_remote = 1;
+	}
+
+	if (allow_remote && givenstr) {
+		principal_fmt = "%s";
+		svc_principal_size = strlen(givenstr) + 1;
+		str = givenstr;
+
+	} else if (allow_remote && dnsHostName) {
+		principal_fmt = "ldap/%s";
+		svc_principal_size = strlen(dnsHostName) + strlen(principal_fmt);
+		str = dnsHostName;
+
+	} else {
+		principal_fmt = "ldap/%s";
+		svc_principal_size = strlen(host) + strlen(principal_fmt);
+		str = host;
+	}
+
+	svc_principal = (char*) ldap_memalloc(svc_principal_size * sizeof(char));
+	if ( ret < 0 ) {
+		ld->ld_errno = LDAP_NO_MEMORY;
+		return ld->ld_errno;
+	}
+
+	ret = snprintf( svc_principal, svc_principal_size - 1, principal_fmt, str);
+	if (ret < 0 || ret >= svc_principal_size - 1) {
+		ld->ld_errno = LDAP_LOCAL_ERROR;
+		return ld->ld_errno;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "principal for host[%s]: '%s'\n",
+	       host, svc_principal, 0 );
+
+	input_name.value  = svc_principal;
+	input_name.length = strlen( svc_principal );
+
+	gss_rc = gss_import_name( &minor_status, &input_name, &nt_principal, principal );
+	ldap_memfree( svc_principal );
+	if ( gss_rc != GSS_S_COMPLETE ) {
+		return map_gsserr2ldap( ld, GSS_C_NO_OID, gss_rc, minor_status );
+	}
+
+	return LDAP_SUCCESS;
+}
+
+void ldap_int_gssapi_close( LDAP *ld, LDAPConn *lc )
+{
+	if ( lc && lc->lconn_gss_ctx ) {
+		OM_uint32 minor_status;
+		OM_uint32 ctx_flags = 0;
+		gss_ctx_id_t old_gss_ctx = GSS_C_NO_CONTEXT;
+		old_gss_ctx = (gss_ctx_id_t)lc->lconn_gss_ctx;
+
+		gss_inquire_context(&minor_status,
+				    old_gss_ctx,
+				    NULL,
+				    NULL,
+				    NULL,
+				    NULL,
+				    &ctx_flags,
+				    NULL,
+				    NULL);
+
+		if (!( ld->ld_options.ldo_gssapi_options & LDAP_GSSAPI_OPT_DO_NOT_FREE_GSS_CONTEXT )) {
+			gss_delete_sec_context( &minor_status, &old_gss_ctx, GSS_C_NO_BUFFER );
+		}
+		lc->lconn_gss_ctx = GSS_C_NO_CONTEXT;
+
+		if (ctx_flags & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG)) {
+			/* remove wrapping layer */
+			sb_sasl_gssapi_remove( lc->lconn_sb );
+		}
+	}
+}
+
+static void
+ldap_int_gssapi_setup(
+	LDAP *ld,
+	LDAPConn *lc,
+	gss_ctx_id_t gss_ctx)
+{
+	OM_uint32 minor_status;
+	OM_uint32 ctx_flags = 0;
+
+	ldap_int_gssapi_close( ld, lc );
+
+	gss_inquire_context(&minor_status,
+			    gss_ctx,
+			    NULL,
+			    NULL,
+			    NULL,
+			    NULL,
+			    &ctx_flags,
+			    NULL,
+			    NULL);
+
+	lc->lconn_gss_ctx = gss_ctx;
+
+	if (ctx_flags & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG)) {
+		/* setup wrapping layer */
+		sb_sasl_gssapi_install( lc->lconn_sb, gss_ctx );
+	}
+}
+
+#ifdef LDAP_R_COMPILE
+ldap_pvt_thread_mutex_t ldap_int_gssapi_mutex;
+#endif
+
+static int
+ldap_int_gss_spnego_bind_s( LDAP *ld )
+{
+	int rc;
+	int gss_rc;
+	OM_uint32 minor_status;
+	char *mechlist = NULL;
+	char *ldapServiceName = NULL;
+	char *dnsHostName = NULL;
+	gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
+	int spnego_support = 0;
+#define	__SPNEGO_OID_LENGTH 6
+#define	__SPNEGO_OID "\053\006\001\005\005\002"
+	gss_OID_desc spnego_oid = {__SPNEGO_OID_LENGTH, __SPNEGO_OID};
+	gss_OID req_mech = GSS_C_NO_OID;
+	gss_OID ret_mech = GSS_C_NO_OID;
+	gss_ctx_id_t gss_ctx = GSS_C_NO_CONTEXT;
+	gss_name_t principal = GSS_C_NO_NAME;
+	OM_uint32 req_flags;
+	OM_uint32 ret_flags;
+	gss_buffer_desc input_token, output_token = GSS_C_EMPTY_BUFFER;
+	struct berval cred, *scred = NULL;
+
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &ldap_int_gssapi_mutex );
+#endif
+
+	/* get information from RootDSE entry */
+	rc = ldap_gssapi_get_rootdse_infos ( ld, &mechlist,
+					     &ldapServiceName, &dnsHostName);
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	/* check that the server supports GSS-SPNEGO */
+	rc = check_for_gss_spnego_support( ld, mechlist );
+	if ( rc != LDAP_SUCCESS ) {
+		goto rc_error;
+	}
+
+	/* prepare new gss_ctx_id_t */
+	rc = guess_service_principal( ld, ldapServiceName, dnsHostName, &principal );
+	if ( rc != LDAP_SUCCESS ) {
+		goto rc_error;
+	}
+
+	/* see if our gssapi library supports spnego */
+	gss_rc = gss_indicate_mechs( &minor_status, &supported_mechs );
+	if ( gss_rc != GSS_S_COMPLETE ) {
+		goto gss_error;
+	}
+	gss_rc = gss_test_oid_set_member( &minor_status,
+		&spnego_oid, supported_mechs, &spnego_support);
+	gss_release_oid_set( &minor_status, &supported_mechs);
+	if ( gss_rc != GSS_S_COMPLETE ) {
+		goto gss_error;
+	}
+	if ( spnego_support != 0 ) {
+		req_mech = &spnego_oid;
+	}
+
+	req_flags = ld->ld_options.gssapi_flags;
+	req_flags |= GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+
+	/*
+	 * loop around gss_init_sec_context() and ldap_sasl_bind_s()
+	 */
+	input_token.value = NULL;
+	input_token.length = 0;
+	gss_rc = gss_init_sec_context(&minor_status,
+				      GSS_C_NO_CREDENTIAL,
+				      &gss_ctx,
+				      principal,
+				      req_mech,
+				      req_flags,
+				      0,
+				      NULL,
+				      &input_token,
+				      &ret_mech,
+				      &output_token,
+				      &ret_flags,
+				      NULL);
+	if ( gss_rc == GSS_S_COMPLETE ) {
+		rc = LDAP_INAPPROPRIATE_AUTH;
+		goto rc_error;
+	}
+	if ( gss_rc != GSS_S_CONTINUE_NEEDED ) {
+		goto gss_error;
+	}
+	while (1) {
+		cred.bv_val = (char *)output_token.value;
+		cred.bv_len = output_token.length;
+		rc = ldap_sasl_bind_s( ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred );
+		gss_release_buffer( &minor_status, &output_token );
+		if ( rc != LDAP_SUCCESS && rc != LDAP_SASL_BIND_IN_PROGRESS ) {
+			goto rc_error;
+		}
+
+		if ( scred ) {
+			input_token.value = scred->bv_val;
+			input_token.length = scred->bv_len;
+		} else {
+			input_token.value = NULL;
+			input_token.length = 0;
+		}
+
+		gss_rc = gss_init_sec_context(&minor_status,
+					      GSS_C_NO_CREDENTIAL,
+					      &gss_ctx,
+					      principal,
+					      req_mech,
+					      req_flags,
+					      0,
+					      NULL,
+					      &input_token,
+					      &ret_mech,
+					      &output_token,
+					      &ret_flags,
+					      NULL);
+		if ( scred ) {
+			ber_bvfree( scred );
+		}
+		if ( gss_rc == GSS_S_COMPLETE ) {
+			gss_release_buffer( &minor_status, &output_token );
+			break;
+		}
+
+		if ( gss_rc != GSS_S_CONTINUE_NEEDED ) {
+			goto gss_error;
+		}
+	}
+
+ 	ldap_int_gssapi_setup( ld, ld->ld_defconn, gss_ctx);
+	gss_ctx = GSS_C_NO_CONTEXT;
+
+	rc = LDAP_SUCCESS;
+	goto rc_error;
+
+gss_error:
+	rc = map_gsserr2ldap( ld, 
+			      (ret_mech != GSS_C_NO_OID ? ret_mech : req_mech ),
+			      gss_rc, minor_status );
+rc_error:
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &ldap_int_gssapi_mutex );
+#endif
+	LDAP_FREE( mechlist );
+	LDAP_FREE( ldapServiceName );
+	LDAP_FREE( dnsHostName );
+	gss_release_buffer( &minor_status, &output_token );
+	if ( gss_ctx != GSS_C_NO_CONTEXT ) {
+		gss_delete_sec_context( &minor_status, &gss_ctx, GSS_C_NO_BUFFER );
+	}
+	if ( principal != GSS_C_NO_NAME ) {
+		gss_release_name( &minor_status, &principal );
+	}
+	return rc;
+}
+
+int
+ldap_int_gssapi_config( struct ldapoptions *lo, int option, const char *arg )
+{
+	int ok = 0;
+
+	switch( option ) {
+	case LDAP_OPT_SIGN:
+
+		if (!arg) {
+		} else if (strcasecmp(arg, "on") == 0) {
+			ok = 1;
+		} else if (strcasecmp(arg, "yes") == 0) {
+			ok = 1;
+		} else if (strcasecmp(arg, "true") == 0) {
+			ok = 1;
+
+		}
+		if (ok) {
+			lo->ldo_gssapi_flags |= GSS_C_INTEG_FLAG;
+		}
+
+		return 0;
+
+	case LDAP_OPT_ENCRYPT:
+
+		if (!arg) {
+		} else if (strcasecmp(arg, "on") == 0) {
+			ok = 1;
+		} else if (strcasecmp(arg, "yes") == 0) {
+			ok = 1;
+		} else if (strcasecmp(arg, "true") == 0) {
+			ok = 1;
+		}
+
+		if (ok) {
+			lo->ldo_gssapi_flags |= GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
+		}
+
+		return 0;
+
+	case LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL:
+
+		if (!arg) {
+		} else if (strcasecmp(arg, "on") == 0) {
+			ok = 1;
+		} else if (strcasecmp(arg, "yes") == 0) {
+			ok = 1;
+		} else if (strcasecmp(arg, "true") == 0) {
+			ok = 1;
+		}
+
+		if (ok) {
+			lo->ldo_gssapi_options |= LDAP_GSSAPI_OPT_ALLOW_REMOTE_PRINCIPAL;
+		}
+
+		return 0;
+	}
+
+	return -1;
+}
+
+int
+ldap_int_gssapi_get_option( LDAP *ld, int option, void *arg )
+{
+	if ( ld == NULL )
+		return -1;
+
+	switch ( option ) {
+	case LDAP_OPT_SSPI_FLAGS:
+		* (unsigned *) arg = (unsigned) ld->ld_options.gssapi_flags;
+		break;
+
+	case LDAP_OPT_SIGN:
+		if ( ld->ld_options.gssapi_flags & GSS_C_INTEG_FLAG ) {
+			* (int *) arg = (int)-1;
+		} else {
+			* (int *) arg = (int)0;
+		}
+		break;
+
+	case LDAP_OPT_ENCRYPT:
+		if ( ld->ld_options.gssapi_flags & GSS_C_CONF_FLAG ) {
+			* (int *) arg = (int)-1;
+		} else {
+			* (int *) arg = (int)0;
+		}
+		break;
+
+	case LDAP_OPT_SASL_METHOD:
+		* (char **) arg = LDAP_STRDUP("GSS-SPNEGO");
+		break;
+
+	case LDAP_OPT_SECURITY_CONTEXT:
+		if ( ld->ld_defconn && ld->ld_defconn->lconn_gss_ctx ) {
+			* (gss_ctx_id_t *) arg = (gss_ctx_id_t)ld->ld_defconn->lconn_gss_ctx;
+		} else {
+			* (gss_ctx_id_t *) arg = GSS_C_NO_CONTEXT;
+		}
+		break;
+
+	case LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT:
+		if ( ld->ld_options.ldo_gssapi_options & LDAP_GSSAPI_OPT_DO_NOT_FREE_GSS_CONTEXT ) {
+			* (int *) arg = (int)-1;
+		} else {
+			* (int *) arg = (int)0;
+		}
+		break;
+
+	case LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL:
+		if ( ld->ld_options.ldo_gssapi_options & LDAP_GSSAPI_OPT_ALLOW_REMOTE_PRINCIPAL ) {
+			* (int *) arg = (int)-1;
+		} else {
+			* (int *) arg = (int)0;
+		}
+		break;
+
+	default:
+		return -1;
+	}
+
+	return 0;
+}
+
+int
+ldap_int_gssapi_set_option( LDAP *ld, int option, void *arg )
+{
+	if ( ld == NULL )
+		return -1;
+
+	switch ( option ) {
+	case LDAP_OPT_SSPI_FLAGS:
+		if ( arg != LDAP_OPT_OFF ) {
+			ld->ld_options.gssapi_flags = * (unsigned *)arg;
+		}
+		break;
+
+	case LDAP_OPT_SIGN:
+		if ( arg != LDAP_OPT_OFF ) {
+			ld->ld_options.gssapi_flags |= GSS_C_INTEG_FLAG;
+		}
+		break;
+
+	case LDAP_OPT_ENCRYPT:
+		if ( arg != LDAP_OPT_OFF ) {
+			ld->ld_options.gssapi_flags |= GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
+		}
+		break;
+
+	case LDAP_OPT_SASL_METHOD:
+		if ( arg != LDAP_OPT_OFF ) {
+			const char *m = (const char *)arg;
+			if ( strcmp( "GSS-SPNEGO", m ) != 0 ) {
+				/* we currently only support GSS-SPNEGO */
+				return -1;
+			}
+		}
+		break;
+
+	case LDAP_OPT_SECURITY_CONTEXT:
+		if ( arg != LDAP_OPT_OFF && ld->ld_defconn) {
+			ldap_int_gssapi_setup( ld, ld->ld_defconn,
+					       (gss_ctx_id_t) arg);
+		}
+		break;
+
+	case LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT:
+		if ( arg != LDAP_OPT_OFF ) {
+			ld->ld_options.ldo_gssapi_options |= LDAP_GSSAPI_OPT_DO_NOT_FREE_GSS_CONTEXT;
+		}
+		break;
+
+	case LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL:
+		if ( arg != LDAP_OPT_OFF ) {
+			ld->ld_options.ldo_gssapi_options |= LDAP_GSSAPI_OPT_ALLOW_REMOTE_PRINCIPAL;
+		}
+		break;
+
+	default:
+		return -1;
+	}
+
+	return 0;
+}
+
+#else /* HAVE_GSSAPI */
+#define ldap_int_gss_spnego_bind_s(ld) LDAP_NOT_SUPPORTED
+#endif /* HAVE_GSSAPI */
+
+int
+ldap_gssapi_bind(
+	LDAP *ld,
+	LDAP_CONST char *dn,
+	LDAP_CONST char *creds )
+{ return LDAP_NOT_SUPPORTED; }
+
+int
+ldap_gssapi_bind_s(
+	LDAP *ld,
+	LDAP_CONST char *dn,
+	LDAP_CONST char *creds )
+{
+	if ( dn != NULL ) {
+		return LDAP_NOT_SUPPORTED;
+	}
+
+	if ( creds != NULL ) {
+		return LDAP_NOT_SUPPORTED;
+	}
+
+	return ldap_int_gss_spnego_bind_s(ld);
+}

Modified: openldap/vendor/openldap-release/libraries/libldap/init.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/init.c,v 1.102.2.5 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/init.c,v 1.102.2.11 2009/01/26 23:29:53 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -18,6 +18,10 @@
 #include <stdio.h>
 #include <ac/stdlib.h>
 
+#ifdef HAVE_GETEUID
+#include <ac/unistd.h>
+#endif
+
 #include <ac/socket.h>
 #include <ac/string.h>
 #include <ac/ctype.h>
@@ -47,6 +51,8 @@
 #define ATTR_OPT_TV	8
 #define ATTR_OPT_INT	9
 
+#define ATTR_GSSAPI	10
+
 struct ol_keyvalue {
 	const char *		key;
 	int			value;
@@ -100,8 +106,15 @@
 	{1, ATTR_STRING,	"SASL_AUTHZID",		NULL,
 		offsetof(struct ldapoptions, ldo_def_sasl_authzid)},
 	{0, ATTR_SASL,		"SASL_SECPROPS",	NULL,	LDAP_OPT_X_SASL_SECPROPS},
+	{0, ATTR_BOOL,		"SASL_NOCANON",	NULL,	LDAP_BOOL_SASL_NOCANON},
 #endif
 
+#ifdef HAVE_GSSAPI
+	{0, ATTR_GSSAPI,"GSSAPI_SIGN",			NULL,	LDAP_OPT_SIGN},
+	{0, ATTR_GSSAPI,"GSSAPI_ENCRYPT",		NULL,	LDAP_OPT_ENCRYPT},
+	{0, ATTR_GSSAPI,"GSSAPI_ALLOW_REMOTE_PRINCIPAL",NULL,	LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL},
+#endif
+
 #ifdef HAVE_TLS
 	{1, ATTR_TLS,	"TLS_CERT",			NULL,	LDAP_OPT_X_TLS_CERTFILE},
 	{1, ATTR_TLS,	"TLS_KEY",			NULL,	LDAP_OPT_X_TLS_KEYFILE},
@@ -110,12 +123,13 @@
   	{0, ATTR_TLS,	"TLS_REQCERT",		NULL,	LDAP_OPT_X_TLS_REQUIRE_CERT},
 	{0, ATTR_TLS,	"TLS_RANDFILE",		NULL,	LDAP_OPT_X_TLS_RANDOM_FILE},
 	{0, ATTR_TLS,	"TLS_CIPHER_SUITE",	NULL,	LDAP_OPT_X_TLS_CIPHER_SUITE},
+	{0, ATTR_TLS,	"TLS_PROTOCOL_MIN",	NULL,	LDAP_OPT_X_TLS_PROTOCOL_MIN},
 
 #ifdef HAVE_OPENSSL_CRL
 	{0, ATTR_TLS,	"TLS_CRLCHECK",		NULL,	LDAP_OPT_X_TLS_CRLCHECK},
 #endif
 #ifdef HAVE_GNUTLS
-	{0, ATTR_TLS,	"TLS_CRL",			NULL,	LDAP_OPT_X_TLS_CRLFILE},
+	{0, ATTR_TLS,	"TLS_CRLFILE",			NULL,	LDAP_OPT_X_TLS_CRLFILE},
 #endif
         
 #endif
@@ -123,7 +137,7 @@
 	{0, ATTR_NONE,		NULL,		NULL,	0}
 };
 
-#define MAX_LDAP_ATTR_LEN  sizeof("TLS_CIPHER_SUITE")
+#define MAX_LDAP_ATTR_LEN  sizeof("GSSAPI_ALLOW_REMOTE_PRINCIPAL")
 #define MAX_LDAP_ENV_PREFIX_LEN 8
 
 static void openldap_ldap_init_w_conf(
@@ -254,6 +268,11 @@
 			   	ldap_int_sasl_config( gopts, attrs[i].offset, opt );
 #endif
 				break;
+			case ATTR_GSSAPI:
+#ifdef HAVE_GSSAPI
+				ldap_int_gssapi_config( gopts, attrs[i].offset, opt );
+#endif
+				break;
 			case ATTR_TLS:
 #ifdef HAVE_TLS
 			   	ldap_int_tls_config( NULL, attrs[i].offset, opt );
@@ -616,6 +635,12 @@
 #endif
 
 	openldap_ldap_init_w_sysconf(LDAP_CONF_FILE);
+
+#ifdef HAVE_GETEUID
+	if ( geteuid() != getuid() )
+		return;
+#endif
+
 	openldap_ldap_init_w_userconf(LDAP_USERRC_FILE);
 
 	{

Modified: openldap/vendor/openldap-release/libraries/libldap/ldap-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ldap-int.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/ldap-int.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /*  ldap-int.h - defines & prototypes internal to the LDAP library */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.168.2.7 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-int.h,v 1.168.2.13 2009/02/02 22:53:14 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -121,6 +121,7 @@
 #define LDAP_BOOL_RESTART		1
 #define LDAP_BOOL_TLS			3
 #define	LDAP_BOOL_CONNECT_ASYNC		4
+#define	LDAP_BOOL_SASL_NOCANON		5
 
 #define LDAP_BOOLEANS	unsigned long
 #define LDAP_BOOL(n)	((LDAP_BOOLEANS)1 << (n))
@@ -154,12 +155,17 @@
 	char		*lt_cacertfile;
 	char		*lt_cacertdir;
 	char		*lt_ciphersuite;
-#ifdef HAVE_GNUTLS
 	char		*lt_crlfile;
-#endif
+	char		*lt_randfile;	/* OpenSSL only */
+	int		lt_protocol_min;
 };
 #endif
 
+typedef struct ldaplist {
+	struct ldaplist *ll_next;
+	void *ll_data;
+} ldaplist;
+
 /*
  * structure representing get/set'able options
  * which have global defaults.
@@ -199,9 +205,12 @@
 #define ldo_tls_cacertfile	ldo_tls_info.lt_cacertfile
 #define ldo_tls_cacertdir	ldo_tls_info.lt_cacertdir
 #define ldo_tls_ciphersuite	ldo_tls_info.lt_ciphersuite
+#define ldo_tls_protocol_min	ldo_tls_info.lt_protocol_min
 #define ldo_tls_crlfile	ldo_tls_info.lt_crlfile
+#define ldo_tls_randfile	ldo_tls_info.lt_randfile
    	int			ldo_tls_mode;
    	int			ldo_tls_require_cert;
+	int			ldo_tls_impl;
 #ifdef HAVE_OPENSSL_CRL
    	int			ldo_tls_crlcheck;
 #endif
@@ -222,6 +231,15 @@
 	struct sasl_security_properties	ldo_sasl_secprops;
 #endif
 
+#ifdef HAVE_GSSAPI
+	unsigned gssapi_flags;
+
+	unsigned ldo_gssapi_flags;
+#define LDAP_GSSAPI_OPT_DO_NOT_FREE_GSS_CONTEXT	0x0001
+#define LDAP_GSSAPI_OPT_ALLOW_REMOTE_PRINCIPAL	0x0002
+	unsigned ldo_gssapi_options;
+#endif
+
 	int		ldo_refhoplimit;	/* limit on referral nesting */
 
 	/* LDAPv3 server and client controls */
@@ -236,6 +254,9 @@
 	LDAP_URLLIST_PROC *ldo_urllist_proc;
 	void *ldo_urllist_params;
 
+	/* LDAP connection callback stack */
+	ldaplist *ldo_conn_cbs;
+
 	LDAP_BOOLEANS ldo_booleans;	/* boolean options */
 };
 
@@ -249,6 +270,9 @@
 	void		*lconn_sasl_authctx;	/* context for bind */
 	void		*lconn_sasl_sockctx;	/* for security layer */
 #endif
+#ifdef HAVE_GSSAPI
+	void		*lconn_gss_ctx;		/* gss_ctx_id_t */
+#endif
 	int			lconn_refcnt;
 	time_t		lconn_created;	/* time */
 	time_t		lconn_lastused;	/* time */
@@ -393,7 +417,10 @@
 #ifdef HAVE_CYRUS_SASL
 LDAP_V( ldap_pvt_thread_mutex_t ) ldap_int_sasl_mutex;
 #endif
+#ifdef HAVE_GSSAPI
+LDAP_V( ldap_pvt_thread_mutex_t ) ldap_int_gssapi_mutex;
 #endif
+#endif
 
 #ifdef LDAP_R_COMPILE
 #define	LDAP_NEXT_MSGID(ld, id) \
@@ -503,7 +530,7 @@
 LDAP_F (int) ldap_int_timeval_dup( struct timeval **dest,
 	const struct timeval *tm );
 LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb,
-	int proto, const char *host, int port, int async );
+	int proto, LDAPURLDesc *srv, int async );
 LDAP_F (int) ldap_int_poll( LDAP *ld, ber_socket_t s,
 	struct timeval *tvp );
 
@@ -522,12 +549,15 @@
 LDAP_F (int) ldap_is_read_ready( LDAP *ld, Sockbuf *sb );
 LDAP_F (int) ldap_is_write_ready( LDAP *ld, Sockbuf *sb );
 
+LDAP_F (int) ldap_int_connect_cbs( LDAP *ld, Sockbuf *sb,
+	ber_socket_t *s, LDAPURLDesc *srv, struct sockaddr *addr );
+
 /*
  * in os-local.c
  */
 #ifdef LDAP_PF_LOCAL
 LDAP_F (int) ldap_connect_to_path( LDAP *ld, Sockbuf *sb,
-	const char *path, int async );
+	LDAPURLDesc *srv, int async );
 #endif /* LDAP_PF_LOCAL */
 
 /*
@@ -572,6 +602,7 @@
 	LDAPControl **cctrls,
 	ber_int_t timelimit,
 	ber_int_t sizelimit,
+	ber_int_t deref,
 	ber_int_t *msgidp));
 
 

Added: openldap/vendor/openldap-release/libraries/libldap/ldap-tls.h
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ldap-tls.h	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/ldap-tls.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,77 @@
+/*  ldap-tls.h - TLS defines & prototypes internal to the LDAP library */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap-tls.h,v 1.3.2.1 2009/01/26 23:29:53 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef	_LDAP_TLS_H
+#define	_LDAP_TLS_H 1
+
+struct tls_impl;
+
+struct tls_ctx;
+struct tls_session;
+
+typedef struct tls_ctx tls_ctx;
+typedef struct tls_session tls_session;
+
+typedef int (TI_tls_init)(void);
+typedef void (TI_tls_destroy)(void);
+
+typedef tls_ctx *(TI_ctx_new)(struct ldapoptions *lo);
+typedef void (TI_ctx_ref)(tls_ctx *ctx);
+typedef void (TI_ctx_free)(tls_ctx *ctx);
+typedef int (TI_ctx_init)(struct ldapoptions *lo, struct ldaptls *lt, int is_server);
+
+typedef tls_session *(TI_session_new)(tls_ctx *ctx, int is_server);
+typedef int (TI_session_connect)(LDAP *ld, tls_session *s);
+typedef int (TI_session_accept)(tls_session *s);
+typedef int (TI_session_upflags)(Sockbuf *sb, tls_session *s, int rc);
+typedef char *(TI_session_errmsg)(int rc, char *buf, size_t len );
+typedef int (TI_session_dn)(tls_session *sess, struct berval *dn);
+typedef int (TI_session_chkhost)(LDAP *ld, tls_session *s, const char *name_in);
+typedef int (TI_session_strength)(tls_session *sess);
+
+typedef void (TI_thr_init)(void);
+
+typedef struct tls_impl {
+	const char *ti_name;
+
+	TI_tls_init *ti_tls_init;	/* library initialization */
+	TI_tls_destroy *ti_tls_destroy;
+
+	TI_ctx_new *ti_ctx_new;
+	TI_ctx_ref *ti_ctx_ref;
+	TI_ctx_free *ti_ctx_free;
+	TI_ctx_init *ti_ctx_init;
+
+	TI_session_new *ti_session_new;
+	TI_session_connect *ti_session_connect;
+	TI_session_accept *ti_session_accept;
+	TI_session_upflags *ti_session_upflags;
+	TI_session_errmsg *ti_session_errmsg;
+	TI_session_dn *ti_session_my_dn;
+	TI_session_dn *ti_session_peer_dn;
+	TI_session_chkhost *ti_session_chkhost;
+	TI_session_strength *ti_session_strength;
+
+	Sockbuf_IO *ti_sbio;
+
+	TI_thr_init *ti_thr_init;
+
+	int ti_inited;
+} tls_impl;
+
+extern tls_impl ldap_int_tls_impl;
+
+#endif /* _LDAP_TLS_H */

Modified: openldap/vendor/openldap-release/libraries/libldap/ldap_sync.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ldap_sync.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/ldap_sync.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap_sync.c,v 1.2.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ldap_sync.c,v 1.2.2.5 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2006-2008 The OpenLDAP Foundation.
+ * Copyright 2006-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -691,7 +691,7 @@
 		rc ? "!!! " : "",
 		rc );
 #endif /* LDAP_SYNC_TRACE */
-	if ( rc == LBER_ERROR ) {
+	if ( rc < 0 ) {
 		rc = LDAP_OTHER;
                 goto done;
         }

Modified: openldap/vendor/openldap-release/libraries/libldap/messages.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/messages.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/messages.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* messages.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/messages.c,v 1.17.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/messages.c,v 1.17.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/modify.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/modify.c,v 1.25.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/modify.c,v 1.25.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/modrdn.c,v 1.30.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/modrdn.c,v 1.30.2.4 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/open.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/open.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/open.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/open.c,v 1.110.2.7 2008/02/11 23:56:32 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/open.c,v 1.110.2.10 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -123,6 +123,7 @@
 	ld->ld_options.ldo_sctrls = NULL;
 	ld->ld_options.ldo_cctrls = NULL;
 	ld->ld_options.ldo_defludp = NULL;
+	ld->ld_options.ldo_conn_cbs = NULL;
 
 #ifdef HAVE_CYRUS_SASL
 	ld->ld_options.ldo_def_sasl_mech = gopts->ldo_def_sasl_mech
@@ -336,34 +337,16 @@
 	int async )
 {
 	int rc = -1;
-	char *host;
-	int port, proto;
+	int proto;
 
 	Debug( LDAP_DEBUG_TRACE, "ldap_int_open_connection\n", 0, 0, 0 );
 
 	switch ( proto = ldap_pvt_url_scheme2proto( srv->lud_scheme ) ) {
 		case LDAP_PROTO_TCP:
-			port = srv->lud_port;
-
-			if ( srv->lud_host == NULL || *srv->lud_host == 0 ) {
-				host = NULL;
-			} else {
-				host = srv->lud_host;
-			}
-
-			if( !port ) {
-				if( strcmp(srv->lud_scheme, "ldaps") == 0 ) {
-					port = LDAPS_PORT;
-				} else {
-					port = LDAP_PORT;
-				}
-			}
-
 			rc = ldap_connect_to_host( ld, conn->lconn_sb,
-				proto, host, port, async );
+				proto, srv, async );
 
 			if ( rc == -1 ) return rc;
-
 #ifdef LDAP_DEBUG
 			ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,
 				LBER_SBIOD_LEVEL_PROVIDER, (void *)"tcp_" );
@@ -375,19 +358,9 @@
 
 #ifdef LDAP_CONNECTIONLESS
 		case LDAP_PROTO_UDP:
-			port = srv->lud_port;
-
-			if ( srv->lud_host == NULL || *srv->lud_host == 0 ) {
-				host = NULL;
-			} else {
-				host = srv->lud_host;
-			}
-
-			if( !port ) port = LDAP_PORT;
-
 			LDAP_IS_UDP(ld) = 1;
 			rc = ldap_connect_to_host( ld, conn->lconn_sb,
-				proto, host, port, async );
+				proto, srv, async );
 
 			if ( rc == -1 ) return rc;
 #ifdef LDAP_DEBUG
@@ -406,7 +379,7 @@
 #ifdef LDAP_PF_LOCAL
 			/* only IPC mechanism supported is PF_LOCAL (PF_UNIX) */
 			rc = ldap_connect_to_path( ld, conn->lconn_sb,
-				srv->lud_host, async );
+				srv, async );
 			if ( rc == -1 ) return rc;
 #ifdef LDAP_DEBUG
 			ber_sockbuf_add_io( conn->lconn_sb, &ber_sockbuf_io_debug,

Modified: openldap/vendor/openldap-release/libraries/libldap/options.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/options.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/options.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/options.c,v 1.75.2.6 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/options.c,v 1.75.2.10 2009/01/22 00:00:54 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -249,7 +249,22 @@
 	case LDAP_OPT_CONNECT_ASYNC:
 		* (int *) outvalue = (int) LDAP_BOOL_GET(lo, LDAP_BOOL_CONNECT_ASYNC);
 		return LDAP_OPT_SUCCESS;
-		
+
+	case LDAP_OPT_CONNECT_CB:
+		{
+			/* Getting deletes the specified callback */
+			ldaplist **ll = &lo->ldo_conn_cbs;
+			for (;*ll;ll = &(*ll)->ll_next) {
+				if ((*ll)->ll_data == outvalue) {
+					ldaplist *lc = *ll;
+					*ll = lc->ll_next;
+					LDAP_FREE(lc);
+					break;
+				}
+			}
+		}
+		return LDAP_OPT_SUCCESS;
+
 	case LDAP_OPT_RESULT_CODE:
 		if(ld == NULL) {
 			/* bad param */
@@ -339,6 +354,11 @@
 			return LDAP_OPT_SUCCESS;
 		}
 #endif
+#ifdef HAVE_GSSAPI
+		if ( ldap_int_gssapi_get_option( ld, option, outvalue ) == 0 ) {
+			return LDAP_OPT_SUCCESS;
+		}
+#endif
 		/* bad param */
 		break;
 	}
@@ -660,6 +680,7 @@
 	case LDAP_OPT_DEBUG_LEVEL:
 	case LDAP_OPT_TIMEOUT:
 	case LDAP_OPT_NETWORK_TIMEOUT:
+	case LDAP_OPT_CONNECT_CB:
 		if(invalue == NULL) {
 			/* no place to set from */
 			return LDAP_OPT_ERROR;
@@ -675,6 +696,10 @@
 		if ( ldap_int_sasl_set_option( ld, option, (void *)invalue ) == 0 )
 			return LDAP_OPT_SUCCESS;
 #endif
+#ifdef HAVE_GSSAPI
+		if ( ldap_int_gssapi_set_option( ld, option, (void *)invalue ) == 0 )
+			return LDAP_OPT_SUCCESS;
+#endif
 		/* bad param */
 		return LDAP_OPT_ERROR;
 	}
@@ -734,6 +759,17 @@
 	case LDAP_OPT_DEBUG_LEVEL:
 		lo->ldo_debug = * (const int *) invalue;
 		return LDAP_OPT_SUCCESS;
+
+	case LDAP_OPT_CONNECT_CB:
+		{
+			/* setting pushes the callback */
+			ldaplist *ll;
+			ll = LDAP_MALLOC( sizeof( *ll ));
+			ll->ll_data = (void *)invalue;
+			ll->ll_next = lo->ldo_conn_cbs;
+			lo->ldo_conn_cbs = ll;
+		}
+		return LDAP_OPT_SUCCESS;
 	}
 	return LDAP_OPT_ERROR;
 }

Modified: openldap/vendor/openldap-release/libraries/libldap/os-ip.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/os-ip.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/os-ip.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* os-ip.c -- platform-specific TCP & UDP related code */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/os-ip.c,v 1.118.2.8 2008/05/20 00:05:30 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/os-ip.c,v 1.118.2.14 2009/02/10 23:42:16 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Lars Uffmann.
  * All rights reserved.
  *
@@ -207,7 +207,7 @@
 		== AC_SOCKET_ERROR )
 	{
 		/* XXX: needs to be replace with ber_stream_read() */
-		read(s, &ch, 1);
+		int rc = read(s, &ch, 1);
 		TRACE;
 		return -1;
 	}
@@ -424,16 +424,66 @@
 }
 #endif
 
+int
+ldap_int_connect_cbs(LDAP *ld, Sockbuf *sb, ber_socket_t *s, LDAPURLDesc *srv, struct sockaddr *addr)
+{
+	struct ldapoptions *lo;
+	ldaplist *ll;
+	ldap_conncb *cb;
+	int rc;
 
+	ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, s );
+
+	/* Invoke all handle-specific callbacks first */
+	lo = &ld->ld_options;
+	for (ll = lo->ldo_conn_cbs; ll; ll = ll->ll_next) {
+		cb = ll->ll_data;
+		rc = cb->lc_add( ld, sb, srv, addr, cb );
+		/* on any failure, call the teardown functions for anything
+		 * that previously succeeded
+		 */
+		if ( rc ) {
+			ldaplist *l2;
+			for (l2 = lo->ldo_conn_cbs; l2 != ll; l2 = l2->ll_next) {
+				cb = l2->ll_data;
+				cb->lc_del( ld, sb, cb );
+			}
+			/* a failure might have implicitly closed the fd */
+			ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, s );
+			return rc;
+		}
+	}
+	lo = LDAP_INT_GLOBAL_OPT();
+	for (ll = lo->ldo_conn_cbs; ll; ll = ll->ll_next) {
+		cb = ll->ll_data;
+		rc = cb->lc_add( ld, sb, srv, addr, cb );
+		if ( rc ) {
+			ldaplist *l2;
+			for (l2 = lo->ldo_conn_cbs; l2 != ll; l2 = l2->ll_next) {
+				cb = l2->ll_data;
+				cb->lc_del( ld, sb, cb );
+			}
+			lo = &ld->ld_options;
+			for (l2 = lo->ldo_conn_cbs; l2; l2 = l2->ll_next) {
+				cb = l2->ll_data;
+				cb->lc_del( ld, sb, cb );
+			}
+			ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, s );
+			return rc;
+		}
+	}
+	return 0;
+}
+
 int
 ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
-	int proto,
-	const char *host, int port,
+	int proto, LDAPURLDesc *srv,
 	int async )
 {
 	int	rc;
-	int	socktype;
+	int	socktype, port;
 	ber_socket_t		s = AC_SOCKET_INVALID;
+	char *host;
 
 #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
 	char serv[7];
@@ -448,8 +498,22 @@
 	char *ha_buf=NULL;
 #endif
 
-	if( host == NULL ) host = "localhost";
-	
+	if ( srv->lud_host == NULL || *srv->lud_host == 0 ) {
+		host = "localhost";
+	} else {
+		host = srv->lud_host;
+	}
+
+	port = srv->lud_port;
+
+	if( !port ) {
+		if( strcmp(srv->lud_scheme, "ldaps") == 0 ) {
+			port = LDAPS_PORT;
+		} else {
+			port = LDAP_PORT;
+		}
+	}
+
 	switch(proto) {
 	case LDAP_PROTO_TCP: socktype = SOCK_STREAM;
 		osip_debug( ld,
@@ -469,9 +533,9 @@
 
 #if defined( HAVE_GETADDRINFO ) && defined( HAVE_INET_NTOP )
 	memset( &hints, '\0', sizeof(hints) );
-#ifdef USE_AI_ATTRCONFIG /* FIXME: configure test needed */
-	/* Use AI_ATTRCONFIG only on systems where its known to be needed. */
-	hints.ai_flags = AI_ATTRCONFIG;
+#ifdef USE_AI_ADDRCONFIG /* FIXME: configure test needed */
+	/* Use AI_ADDRCONFIG only on systems where its known to be needed. */
+	hints.ai_flags = AI_ADDRCONFIG;
 #endif
 	hints.ai_family = ldap_int_inet4or6;
 	hints.ai_socktype = socktype;
@@ -537,8 +601,11 @@
 		rc = ldap_pvt_connect( ld, s,
 			sai->ai_addr, sai->ai_addrlen, async );
 		if ( rc == 0 || rc == -2 ) {
-			ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
-			break;
+			err = ldap_int_connect_cbs( ld, sb, &s, srv, sai->ai_addr );
+			if ( err )
+				rc = err;
+			else
+				break;
 		}
 		ldap_pvt_close_socket(ld, s);
 	}
@@ -609,8 +676,11 @@
 			async);
    
 		if ( (rc == 0) || (rc == -2) ) {
-			ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
-			break;
+			i = ldap_int_connect_cbs( ld, sb, &s, srv, (struct sockaddr *)&sin );
+			if ( i )
+				rc = i;
+			else
+				break;
 		}
 
 		ldap_pvt_close_socket(ld, s);
@@ -699,7 +769,7 @@
 		char *herr;
 #ifdef NI_MAXHOST
 		char hbuf[NI_MAXHOST];
-#elif defined( MAXHOSTNAMELEN
+#elif defined( MAXHOSTNAMELEN )
 		char hbuf[MAXHOSTNAMELEN];
 #else
 		char hbuf[256];
@@ -887,6 +957,9 @@
 
 	sip = (struct selectinfo *)ld->ld_selectinfo;
 
+	if (ber_sockbuf_ctrl( sb, LBER_SB_OPT_DATA_READY, NULL ))
+		return 1;
+
 	ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
 
 #ifdef HAVE_POLL

Modified: openldap/vendor/openldap-release/libraries/libldap/os-local.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/os-local.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/os-local.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* os-local.c -- platform-specific domain socket code */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/os-local.c,v 1.44.2.4 2008/05/20 00:05:30 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/os-local.c,v 1.44.2.7 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -149,7 +149,7 @@
 		== AC_SOCKET_ERROR )
 	{
 		/* XXX: needs to be replace with ber_stream_read() */
-		read(s, &ch, 1);
+		int rc = read(s, &ch, 1);
 		TRACE;
 		return -1;
 	}
@@ -319,11 +319,12 @@
 }
 
 int
-ldap_connect_to_path(LDAP *ld, Sockbuf *sb, const char *path, int async)
+ldap_connect_to_path(LDAP *ld, Sockbuf *sb, LDAPURLDesc *srv, int async)
 {
 	struct sockaddr_un	server;
 	ber_socket_t		s;
 	int			rc;
+	const char *path = srv->lud_host;
 
 	oslocal_debug(ld, "ldap_connect_to_path\n",0,0,0);
 
@@ -350,8 +351,12 @@
 	rc = ldap_pvt_connect(ld, s, &server, async);
 
 	if (rc == 0) {
-		ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, (void *)&s );
-	} else {
+		int err;
+		err = ldap_int_connect_cbs( ld, sb, &s, srv, (struct sockaddr *)&server );
+		if ( err )
+			rc = err;
+	}
+	if ( rc ) {
 		ldap_pvt_close_socket(ld, s);
 	}
 	return rc;

Modified: openldap/vendor/openldap-release/libraries/libldap/pagectrl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/pagectrl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/pagectrl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
+/* $OpenLDAP: pkg/ldap/libraries/libldap/pagectrl.c,v 1.5.2.6 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Copyright 2006 Hans Leidekker
  * All rights reserved.
  *
@@ -71,6 +72,7 @@
 
 	value->bv_val = NULL;
 	value->bv_len = 0;
+	ld->ld_errno = LDAP_SUCCESS;
 
 	if ( cookie == NULL ) {
 		cookie = &null_cookie;

Modified: openldap/vendor/openldap-release/libraries/libldap/passwd.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/passwd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/passwd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/passwd.c,v 1.18.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/passwd.c,v 1.18.2.4 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/ppolicy.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/ppolicy.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/ppolicy.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.11.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ppolicy.c,v 1.11.2.5 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Hewlett-Packard Company.
  * Portions Copyright 2004 Howard Chu, Symas Corp.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/libraries/libldap/print.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/print.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/print.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/print.c,v 1.16.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/print.c,v 1.16.2.4 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/references.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/references.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/references.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* references.c */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/references.c,v 1.24.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/references.c,v 1.24.2.4 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/request.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/request.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/request.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.125.2.8 2008/05/27 20:08:37 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/request.c,v 1.125.2.14 2009/02/09 20:37:57 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -352,6 +352,32 @@
 	return( msgid );
 }
 
+/* return 0 if no StartTLS ext, 1 if present, 2 if critical */
+static int
+find_tls_ext( LDAPURLDesc *srv )
+{
+	int i, crit;
+	char *ext;
+
+	if ( !srv->lud_exts )
+		return 0;
+
+	for (i=0; srv->lud_exts[i]; i++) {
+		crit = 0;
+		ext = srv->lud_exts[i];
+		if ( ext[0] == '!') {
+			ext++;
+			crit = 1;
+		}
+		if ( !strcasecmp( ext, "StartTLS" ) ||
+			!strcasecmp( ext, "X-StartTLS" ) ||
+			!strcmp( ext, LDAP_EXOP_START_TLS )) {
+			return crit + 1;
+		}
+	}
+	return 0;
+}
+
 LDAPConn *
 ldap_new_connection( LDAP *ld, LDAPURLDesc **srvlist, int use_ldsb,
 	int connect, LDAPreqinfo *bind )
@@ -426,6 +452,38 @@
 	ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
 #endif
 
+	if ( connect ) {
+#ifdef HAVE_TLS
+		if ( lc->lconn_server->lud_exts ) {
+			int rc, ext = find_tls_ext( lc->lconn_server );
+			if ( ext ) {
+				LDAPConn	*savedefconn;
+
+				savedefconn = ld->ld_defconn;
+				++lc->lconn_refcnt;	/* avoid premature free */
+				ld->ld_defconn = lc;
+
+#ifdef LDAP_R_COMPILE
+				ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+				ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+				rc = ldap_start_tls_s( ld, NULL, NULL );
+#ifdef LDAP_R_COMPILE
+				ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+				ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
+				ld->ld_defconn = savedefconn;
+				--lc->lconn_refcnt;
+
+				if ( rc != LDAP_SUCCESS && ext == 2 ) {
+					ldap_free_connection( ld, lc, 1, 0 );
+					return NULL;
+				}
+			}
+		}
+#endif
+	}
+
 	if ( bind != NULL ) {
 		int		err = 0;
 		LDAPConn	*savedefconn;
@@ -642,6 +700,28 @@
 		ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
 #endif
 
+		/* process connection callbacks */
+		{
+			struct ldapoptions *lo;
+			ldaplist *ll;
+			ldap_conncb *cb;
+
+			lo = &ld->ld_options;
+			if ( lo->ldo_conn_cbs ) {
+				for ( ll=lo->ldo_conn_cbs; ll; ll=ll->ll_next ) {
+					cb = ll->ll_data;
+					cb->lc_del( ld, lc->lconn_sb, cb );
+				}
+			}
+			lo = LDAP_INT_GLOBAL_OPT();
+			if ( lo->ldo_conn_cbs ) {
+				for ( ll=lo->ldo_conn_cbs; ll; ll=ll->ll_next ) {
+					cb = ll->ll_data;
+					cb->lc_del( ld, lc->lconn_sb, cb );
+				}
+			}
+		}
+
 		if ( lc->lconn_status == LDAP_CONNST_CONNECTED ) {
 			ldap_mark_select_clear( ld, lc->lconn_sb );
 			if ( unbind ) {
@@ -655,6 +735,9 @@
 		}
 
 		ldap_int_sasl_close( ld, lc );
+#ifdef HAVE_GSSAPI
+		ldap_int_gssapi_close( ld, lc );
+#endif
 
 		ldap_free_urllist( lc->lconn_server );
 
@@ -996,10 +1079,18 @@
 		}
 
 		if( srv->lud_crit_exts ) {
-			/* we do not support any extensions */
-			ld->ld_errno = LDAP_NOT_SUPPORTED;
-			rc = -1;
-			goto done;
+			int ok = 0;
+#ifdef HAVE_TLS
+			/* If StartTLS is the only critical ext, OK. */
+			if ( find_tls_ext( srv ) == 2 && srv->lud_crit_exts == 1 )
+				ok = 1;
+#endif
+			if ( !ok ) {
+				/* we do not support any other extensions */
+				ld->ld_errno = LDAP_NOT_SUPPORTED;
+				rc = -1;
+				goto done;
+			}
 		}
 
 		/* check connection for re-bind in progress */
@@ -1007,7 +1098,7 @@
 			/* See if we've already requested this DN with this conn */
 			LDAPRequest *lp;
 			int looped = 0;
-			int len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
+			ber_len_t len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
 			for ( lp = origreq; lp; ) {
 				if ( lp->lr_conn == lc
 					&& len == lp->lr_dn.bv_len
@@ -1266,7 +1357,7 @@
 		if (( lc = find_connection( ld, srv, 1 )) != NULL ) {
 			LDAPRequest *lp;
 			int looped = 0;
-			int len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
+			ber_len_t len = srv->lud_dn ? strlen( srv->lud_dn ) : 0;
 			for ( lp = lr; lp; lp = lp->lr_parent ) {
 				if ( lp->lr_conn == lc
 					&& len == lp->lr_dn.bv_len )

Modified: openldap/vendor/openldap-release/libraries/libldap/result.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/result.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/result.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* result.c - wait for an ldap result */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.124.2.12 2008/07/09 23:16:48 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/result.c,v 1.124.2.17 2009/02/10 23:42:16 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -71,7 +71,7 @@
 static int wait4msg LDAP_P(( LDAP *ld, ber_int_t msgid, int all, struct timeval *timeout,
 	LDAPMessage **result ));
 static ber_tag_t try_read1msg LDAP_P(( LDAP *ld, ber_int_t msgid,
-	int all, LDAPConn **lc, LDAPMessage **result ));
+	int all, LDAPConn *lc, LDAPMessage **result ));
 static ber_tag_t build_result_ber LDAP_P(( LDAP *ld, BerElement **bp, LDAPRequest *lr ));
 static void merge_error_info LDAP_P(( LDAP *ld, LDAPRequest *parentr, LDAPRequest *lr ));
 static LDAPMessage * chkResponseList LDAP_P(( LDAP *ld, int msgid, int all));
@@ -106,7 +106,7 @@
 	struct timeval *timeout,
 	LDAPMessage **result )
 {
-	LDAPMessage	*lm = NULL;
+	LDAPMessage	*lm;
 	int		rc;
 
 	assert( ld != NULL );
@@ -118,20 +118,8 @@
 	ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
 #endif
 
-#if 0
-	/* this is already done inside wait4msg(), right?... */
-	lm = chkResponseList( ld, msgid, all );
-#endif
+	rc = wait4msg( ld, msgid, all, timeout, result );
 
-	if ( lm == NULL ) {
-		rc = wait4msg( ld, msgid, all, timeout, result );
-
-	} else {
-		*result = lm;
-		ld->ld_errno = LDAP_SUCCESS;
-		rc = lm->lm_msgtype;
-	}
-
 #ifdef LDAP_R_COMPILE
 	ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
 #endif
@@ -335,13 +323,6 @@
 				if ( ber_sockbuf_ctrl( lc->lconn_sb,
 					LBER_SB_OPT_DATA_READY, NULL ) )
 				{
-#ifdef LDAP_R_COMPILE
-					ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
-#endif
-					rc = try_read1msg( ld, msgid, all, &lc, result );
-#ifdef LDAP_R_COMPILE
-					ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
-#endif
 					lc_ready = 1;
 					break;
 				}
@@ -375,54 +356,63 @@
 					rc = LDAP_MSG_X_KEEP_LOOKING;	/* select interrupted: loop */
 
 				} else {
-					rc = LDAP_MSG_X_KEEP_LOOKING;
+					lc_ready = 1;
+				}
+			}
+			if ( lc_ready ) {
+				LDAPConn *lnext;
+				rc = LDAP_MSG_X_KEEP_LOOKING;
 #ifdef LDAP_R_COMPILE
-					ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+				ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
 #endif
-					if ( ld->ld_requests &&
-						ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
-						ldap_is_write_ready( ld,
-							ld->ld_requests->lr_conn->lconn_sb ) )
-					{
-						ldap_int_flush_request( ld, ld->ld_requests );
-					}
+				if ( ld->ld_requests &&
+					ld->ld_requests->lr_status == LDAP_REQST_WRITING &&
+					ldap_is_write_ready( ld,
+						ld->ld_requests->lr_conn->lconn_sb ) )
+				{
+					ldap_int_flush_request( ld, ld->ld_requests );
+				}
 #ifdef LDAP_R_COMPILE
-					ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
-					ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+				ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+				ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
 #endif
-					for ( lc = ld->ld_conns;
-						rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL; )
+				for ( lc = ld->ld_conns;
+					rc == LDAP_MSG_X_KEEP_LOOKING && lc != NULL;
+					lc = lnext )
+				{
+					if ( lc->lconn_status == LDAP_CONNST_CONNECTED &&
+						ldap_is_read_ready( ld, lc->lconn_sb ) )
 					{
-						if ( lc->lconn_status == LDAP_CONNST_CONNECTED &&
-							ldap_is_read_ready( ld, lc->lconn_sb ) )
-						{
+						/* Don't let it get freed out from under us */
+						++lc->lconn_refcnt;
 #ifdef LDAP_R_COMPILE
-							ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+						ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
 #endif
-							rc = try_read1msg( ld, msgid, all, &lc, result );
+						rc = try_read1msg( ld, msgid, all, lc, result );
+						lnext = lc->lconn_next;
+
+						/* Only take locks if we're really freeing */
+						if ( lc->lconn_refcnt <= 1 ) {
 #ifdef LDAP_R_COMPILE
-							ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
+							ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
 #endif
-							if ( lc == NULL ) {
-								/* if lc gets free()'d,
-								 * there's no guarantee
-								 * lc->lconn_next is still
-								 * sane; better restart
-								 * (ITS#4405) */
-								lc = ld->ld_conns;
-
-								/* don't get to next conn! */
-								break;
-							}
+							ldap_free_connection( ld, lc, 0, 1 );
+#ifdef LDAP_R_COMPILE
+							ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+						} else {
+							--lc->lconn_refcnt;
 						}
-
-						/* next conn */
-						lc = lc->lconn_next;
-					}
 #ifdef LDAP_R_COMPILE
-					ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+						ldap_pvt_thread_mutex_lock( &ld->ld_conn_mutex );
 #endif
+					} else {
+						lnext = lc->lconn_next;
+					}
 				}
+#ifdef LDAP_R_COMPILE
+				ldap_pvt_thread_mutex_unlock( &ld->ld_conn_mutex );
+#endif
 			}
 		}
 
@@ -482,7 +472,7 @@
 	LDAP *ld,
 	ber_int_t msgid,
 	int all,
-	LDAPConn **lcp,
+	LDAPConn *lc,
 	LDAPMessage **result )
 {
 	BerElement	*ber;
@@ -493,7 +483,6 @@
 	ber_len_t	len;
 	int		foundit = 0;
 	LDAPRequest	*lr, *tmplr, dummy_lr = { 0 };
-	LDAPConn	*lc;
 	BerElement	tmpber;
 	int		rc, refer_cnt, hadref, simple_request, err;
 	ber_int_t	lderr;
@@ -504,8 +493,7 @@
 #endif
 
 	assert( ld != NULL );
-	assert( lcp != NULL );
-	assert( *lcp != NULL );
+	assert( lc != NULL );
 	
 #ifdef LDAP_R_COMPILE
 	LDAP_PVT_THREAD_ASSERT_MUTEX_OWNER( &ld->ld_res_mutex );
@@ -514,8 +502,6 @@
 	Debug( LDAP_DEBUG_TRACE, "read1msg: ld %p msgid %d all %d\n",
 		(void *)ld, msgid, all );
 
-	lc = *lcp;
-
 retry:
 	if ( lc->lconn_ber == NULL ) {
 		lc->lconn_ber = ldap_alloc_ber_with_options( ld );
@@ -561,14 +547,8 @@
 		if ( err == EAGAIN ) return LDAP_MSG_X_KEEP_LOOKING;
 #endif
 		ld->ld_errno = LDAP_SERVER_DOWN;
-#ifdef LDAP_R_COMPILE
-		ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
-#endif
-		ldap_free_connection( ld, lc, 1, 0 );
-#ifdef LDAP_R_COMPILE
-		ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
-#endif
-		lc = *lcp = NULL;
+		--lc->lconn_refcnt;
+		lc->lconn_status = 0;
 		return -1;
 
 	default:
@@ -648,6 +628,7 @@
 			ber_scanf(ber, "x{");
 		}
 nextresp2:
+		;
 #endif
 	}
 
@@ -937,14 +918,8 @@
 			 * shouldn't necessarily end the connection
 			 */
 			if ( lc != NULL && id != 0 ) {
-#ifdef LDAP_R_COMPILE
-				ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
-#endif
-				ldap_free_connection( ld, lc, 0, 1 );
-#ifdef LDAP_R_COMPILE
-				ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
-#endif
-				lc = *lcp = NULL;
+				--lc->lconn_refcnt;
+				lc = NULL;
 			}
 		}
 	}
@@ -1010,14 +985,7 @@
 
 			/* get rid of the connection... */
 			if ( lc != NULL ) {
-#ifdef LDAP_R_COMPILE
-				ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
-#endif
-				ldap_free_connection( ld, lc, 0, 1 );
-#ifdef LDAP_R_COMPILE
-				ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
-#endif
-				lc = *lcp = NULL;
+				--lc->lconn_refcnt;
 			}
 
 			/* need to return -1, because otherwise
@@ -1126,7 +1094,8 @@
 	if ( msgid == LDAP_RES_ANY || id == msgid ) {
 		if ( all == LDAP_MSG_ONE
 			|| ( newmsg->lm_msgtype != LDAP_RES_SEARCH_RESULT
-			    	&& newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
+				&& newmsg->lm_msgtype != LDAP_RES_SEARCH_ENTRY
+				&& newmsg->lm_msgtype != LDAP_RES_INTERMEDIATE
 			  	&& newmsg->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) )
 		{
 			*result = newmsg;
@@ -1434,7 +1403,7 @@
 
 	/* NOTE: those assertions are repeated in ldap_int_bisect_delete() */
 	assert( idx >= 0 );
-	assert( idx < ld->ld_nabandoned );
+	assert( (unsigned) idx < ld->ld_nabandoned );
 	assert( ld->ld_abandoned[ idx ] == msgid );
 
 	return ldap_int_bisect_delete( &ld->ld_abandoned, &ld->ld_nabandoned,

Modified: openldap/vendor/openldap-release/libraries/libldap/sasl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sasl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/sasl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.64.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sasl.c,v 1.64.2.6 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -473,3 +473,305 @@
 
 	return rc;
 }
+
+#ifdef HAVE_CYRUS_SASL
+
+#ifdef HAVE_SASL_SASL_H
+#include <sasl/sasl.h>
+#else
+#include <sasl.h>
+#endif
+
+#endif /* HAVE_CYRUS_SASL */
+
+static int
+sb_sasl_generic_remove( Sockbuf_IO_Desc *sbiod );
+
+static int
+sb_sasl_generic_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+	struct sb_sasl_generic_data	*p;
+	struct sb_sasl_generic_install	*i;
+
+	assert( sbiod != NULL );
+
+	i = (struct sb_sasl_generic_install *)arg;
+
+	p = LBER_MALLOC( sizeof( *p ) );
+	if ( p == NULL )
+		return -1;
+	p->ops = i->ops;
+	p->ops_private = i->ops_private;
+	p->sbiod = sbiod;
+	ber_pvt_sb_buf_init( &p->sec_buf_in );
+	ber_pvt_sb_buf_init( &p->buf_in );
+	ber_pvt_sb_buf_init( &p->buf_out );
+
+	sbiod->sbiod_pvt = p;
+
+	p->ops->init( p, &p->min_send, &p->max_send, &p->max_recv );
+
+	if ( ber_pvt_sb_grow_buffer( &p->sec_buf_in, p->min_send ) < 0 ) {
+		sb_sasl_generic_remove( sbiod );
+		sock_errset(ENOMEM);
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+sb_sasl_generic_remove( Sockbuf_IO_Desc *sbiod )
+{
+	struct sb_sasl_generic_data	*p;
+
+	assert( sbiod != NULL );
+
+	p = (struct sb_sasl_generic_data *)sbiod->sbiod_pvt;
+
+	p->ops->fini(p);
+
+	ber_pvt_sb_buf_destroy( &p->sec_buf_in );
+	ber_pvt_sb_buf_destroy( &p->buf_in );
+	ber_pvt_sb_buf_destroy( &p->buf_out );
+	LBER_FREE( p );
+	sbiod->sbiod_pvt = NULL;
+	return 0;
+}
+
+static ber_len_t
+sb_sasl_generic_pkt_length(
+	struct sb_sasl_generic_data *p,
+	const unsigned char *buf,
+	int debuglevel )
+{
+	ber_len_t		size;
+
+	assert( buf != NULL );
+
+	size = buf[0] << 24
+		| buf[1] << 16
+		| buf[2] << 8
+		| buf[3];
+
+	if ( size > p->max_recv ) {
+		/* somebody is trying to mess me up. */
+		ber_log_printf( LDAP_DEBUG_ANY, debuglevel,
+			"sb_sasl_generic_pkt_length: "
+			"received illegal packet length of %lu bytes\n",
+			(unsigned long)size );
+		size = 16; /* this should lead to an error. */
+	}
+
+	return size + 4; /* include the size !!! */
+}
+
+/* Drop a processed packet from the input buffer */
+static void
+sb_sasl_generic_drop_packet (
+	struct sb_sasl_generic_data *p,
+	int debuglevel )
+{
+	ber_slen_t			len;
+
+	len = p->sec_buf_in.buf_ptr - p->sec_buf_in.buf_end;
+	if ( len > 0 )
+		AC_MEMCPY( p->sec_buf_in.buf_base, p->sec_buf_in.buf_base +
+			p->sec_buf_in.buf_end, len );
+
+	if ( len >= 4 ) {
+		p->sec_buf_in.buf_end = sb_sasl_generic_pkt_length(p,
+			(unsigned char *) p->sec_buf_in.buf_base, debuglevel);
+	}
+	else {
+		p->sec_buf_in.buf_end = 0;
+	}
+	p->sec_buf_in.buf_ptr = len;
+}
+
+static ber_slen_t
+sb_sasl_generic_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct sb_sasl_generic_data	*p;
+	ber_slen_t			ret, bufptr;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct sb_sasl_generic_data *)sbiod->sbiod_pvt;
+
+	/* Are there anything left in the buffer? */
+	ret = ber_pvt_sb_copy_out( &p->buf_in, buf, len );
+	bufptr = ret;
+	len -= ret;
+
+	if ( len == 0 )
+		return bufptr;
+
+	p->ops->reset_buf( p, &p->buf_in );
+
+	/* Read the length of the packet */
+	while ( p->sec_buf_in.buf_ptr < 4 ) {
+		ret = LBER_SBIOD_READ_NEXT( sbiod, p->sec_buf_in.buf_base +
+			p->sec_buf_in.buf_ptr,
+			4 - p->sec_buf_in.buf_ptr );
+#ifdef EINTR
+		if ( ( ret < 0 ) && ( errno == EINTR ) )
+			continue;
+#endif
+		if ( ret <= 0 )
+			return bufptr ? bufptr : ret;
+
+		p->sec_buf_in.buf_ptr += ret;
+	}
+
+	/* The new packet always starts at p->sec_buf_in.buf_base */
+	ret = sb_sasl_generic_pkt_length(p, (unsigned char *) p->sec_buf_in.buf_base,
+		sbiod->sbiod_sb->sb_debug );
+
+	/* Grow the packet buffer if neccessary */
+	if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) && 
+		ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 )
+	{
+		sock_errset(ENOMEM);
+		return -1;
+	}
+	p->sec_buf_in.buf_end = ret;
+
+	/* Did we read the whole encrypted packet? */
+	while ( p->sec_buf_in.buf_ptr < p->sec_buf_in.buf_end ) {
+		/* No, we have got only a part of it */
+		ret = p->sec_buf_in.buf_end - p->sec_buf_in.buf_ptr;
+
+		ret = LBER_SBIOD_READ_NEXT( sbiod, p->sec_buf_in.buf_base +
+			p->sec_buf_in.buf_ptr, ret );
+#ifdef EINTR
+		if ( ( ret < 0 ) && ( errno == EINTR ) )
+			continue;
+#endif
+		if ( ret <= 0 )
+			return bufptr ? bufptr : ret;
+
+		p->sec_buf_in.buf_ptr += ret;
+   	}
+
+	/* Decode the packet */
+	ret = p->ops->decode( p, &p->sec_buf_in, &p->buf_in );
+
+	/* Drop the packet from the input buffer */
+	sb_sasl_generic_drop_packet( p, sbiod->sbiod_sb->sb_debug );
+
+	if ( ret != 0 ) {
+		ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
+			"sb_sasl_generic_read: failed to decode packet\n" );
+		sock_errset(EIO);
+		return -1;
+	}
+
+	bufptr += ber_pvt_sb_copy_out( &p->buf_in, (char*) buf + bufptr, len );
+
+	return bufptr;
+}
+
+static ber_slen_t
+sb_sasl_generic_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct sb_sasl_generic_data	*p;
+	int				ret;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct sb_sasl_generic_data *)sbiod->sbiod_pvt;
+
+	/* Are there anything left in the buffer? */
+	if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
+		ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
+		if ( ret < 0 ) return ret;
+
+		/* Still have something left?? */
+		if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
+			sock_errset(EAGAIN);
+			return -1;
+		}
+	}
+
+	/* now encode the next packet. */
+	p->ops->reset_buf( p, &p->buf_out );
+
+	if ( len > p->max_send - 100 ) {
+		len = p->max_send - 100;	/* For safety margin */
+	}
+
+	ret = p->ops->encode( p, buf, len, &p->buf_out );
+
+	if ( ret != 0 ) {
+		ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
+			"sb_sasl_generic_write: failed to encode packet\n" );
+		sock_errset(EIO);
+		return -1;
+	}
+
+	ret = ber_pvt_sb_do_write( sbiod, &p->buf_out );
+
+	/* return number of bytes encoded, not written, to ensure
+	 * no byte is encoded twice (even if only sent once).
+	 */
+	return len;
+}
+
+static int
+sb_sasl_generic_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+	struct sb_sasl_generic_data	*p;
+
+	p = (struct sb_sasl_generic_data *)sbiod->sbiod_pvt;
+
+	if ( opt == LBER_SB_OPT_DATA_READY ) {
+		if ( p->buf_in.buf_ptr != p->buf_in.buf_end ) return 1;
+	}
+
+	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+Sockbuf_IO ldap_pvt_sockbuf_io_sasl_generic = {
+	sb_sasl_generic_setup,		/* sbi_setup */
+	sb_sasl_generic_remove,		/* sbi_remove */
+	sb_sasl_generic_ctrl,		/* sbi_ctrl */
+	sb_sasl_generic_read,		/* sbi_read */
+	sb_sasl_generic_write,		/* sbi_write */
+	NULL			/* sbi_close */
+};
+
+int ldap_pvt_sasl_generic_install(
+	Sockbuf *sb,
+	struct sb_sasl_generic_install *install_arg )
+{
+	Debug( LDAP_DEBUG_TRACE, "ldap_pvt_sasl_generic_install\n",
+		0, 0, 0 );
+
+	/* don't install the stuff unless security has been negotiated */
+
+	if ( !ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO,
+			&ldap_pvt_sockbuf_io_sasl_generic ) )
+	{
+#ifdef LDAP_DEBUG
+		ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+			LBER_SBIOD_LEVEL_APPLICATION, (void *)"sasl_generic_" );
+#endif
+		ber_sockbuf_add_io( sb, &ldap_pvt_sockbuf_io_sasl_generic,
+			LBER_SBIOD_LEVEL_APPLICATION, install_arg );
+	}
+
+	return LDAP_SUCCESS;
+}
+
+void ldap_pvt_sasl_generic_remove( Sockbuf *sb )
+{
+	ber_sockbuf_remove_io( sb, &ldap_pvt_sockbuf_io_sasl_generic,
+		LBER_SBIOD_LEVEL_APPLICATION );
+#ifdef LDAP_DEBUG
+	ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
+		LBER_SBIOD_LEVEL_APPLICATION );
+#endif
+}

Modified: openldap/vendor/openldap-release/libraries/libldap/sbind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/sbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sbind.c,v 1.25.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sbind.c,v 1.25.2.4 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/schema.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/schema.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/schema.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/schema.c,v 1.77.2.4 2008/04/14 22:32:48 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/schema.c,v 1.77.2.5 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/search.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/search.c,v 1.76.2.5 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/search.c,v 1.76.2.8 2009/02/02 22:53:14 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -66,6 +66,25 @@
 	int sizelimit,
 	int *msgidp )
 {
+	return ldap_pvt_search( ld, base, scope, filter, attrs,
+		attrsonly, sctrls, cctrls, timeout, sizelimit, -1, msgidp );
+}
+
+int
+ldap_pvt_search(
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	int *msgidp )
+{
 	int rc;
 	BerElement	*ber;
 	int timelimit;
@@ -98,7 +117,7 @@
 	}
 
 	ber = ldap_build_search_req( ld, base, scope, filter, attrs,
-	    attrsonly, sctrls, cctrls, timelimit, sizelimit, &id ); 
+	    attrsonly, sctrls, cctrls, timelimit, sizelimit, deref, &id ); 
 
 	if ( ber == NULL ) {
 		return ld->ld_errno;
@@ -128,11 +147,30 @@
 	int sizelimit,
 	LDAPMessage **res )
 {
+	return ldap_pvt_search_s( ld, base, scope, filter, attrs,
+		attrsonly, sctrls, cctrls, timeout, sizelimit, -1, res );
+}
+
+int
+ldap_pvt_search_s(
+	LDAP *ld,
+	LDAP_CONST char *base,
+	int scope,
+	LDAP_CONST char *filter,
+	char **attrs,
+	int attrsonly,
+	LDAPControl **sctrls,
+	LDAPControl **cctrls,
+	struct timeval *timeout,
+	int sizelimit,
+	int deref,
+	LDAPMessage **res )
+{
 	int rc;
 	int	msgid;
 
-	rc = ldap_search_ext( ld, base, scope, filter, attrs, attrsonly,
-		sctrls, cctrls, timeout, sizelimit, &msgid );
+	rc = ldap_pvt_search( ld, base, scope, filter, attrs, attrsonly,
+		sctrls, cctrls, timeout, sizelimit, deref, &msgid );
 
 	if ( rc != LDAP_SUCCESS ) {
 		return( rc );
@@ -188,7 +226,7 @@
 	assert( LDAP_VALID( ld ) );
 
 	ber = ldap_build_search_req( ld, base, scope, filter, attrs,
-	    attrsonly, NULL, NULL, -1, -1, &id ); 
+	    attrsonly, NULL, NULL, -1, -1, -1, &id ); 
 
 	if ( ber == NULL ) {
 		return( -1 );
@@ -212,6 +250,7 @@
 	LDAPControl **cctrls,
 	ber_int_t timelimit,
 	ber_int_t sizelimit,
+	ber_int_t deref,
 	ber_int_t *idp)
 {
 	BerElement	*ber;
@@ -267,7 +306,8 @@
 	    char *dn = ld->ld_options.ldo_cldapdn;
 	    if (!dn) dn = "";
 	    err = ber_printf( ber, "{ist{seeiib", *idp, dn,
-		LDAP_REQ_SEARCH, base, (ber_int_t) scope, ld->ld_deref,
+		LDAP_REQ_SEARCH, base, (ber_int_t) scope,
+		(deref < 0) ? ld->ld_deref : deref,
 		(sizelimit < 0) ? ld->ld_sizelimit : sizelimit,
 		(timelimit < 0) ? ld->ld_timelimit : timelimit,
 		attrsonly );
@@ -301,27 +341,25 @@
 
 #ifdef LDAP_DEBUG
 	if ( ldap_debug & LDAP_DEBUG_ARGS ) {
-		char	buf[ BUFSIZ ] = { ' ', '*', '\0' };
+		char	buf[ BUFSIZ ], *ptr = " *";
 
 		if ( attrs != NULL ) {
-			char	*ptr;
-			int	i;
+			int	i, len, rest = sizeof( buf );
 
-			for ( ptr = buf, i = 0;
-				attrs[ i ] != NULL && ptr < &buf[ sizeof( buf ) ];
-				i++ )
-			{
-				ptr += snprintf( ptr, sizeof( buf ) - ( ptr - buf ),
-					" %s", attrs[ i ] );
+			for ( i = 0; attrs[ i ] != NULL && rest > 0; i++ ) {
+				ptr = &buf[ sizeof( buf ) - rest ];
+				len = snprintf( ptr, rest, " %s", attrs[ i ] );
+				rest -= (len >= 0 ? len : (int) sizeof( buf ));
 			}
 
-			if ( ptr >= &buf[ sizeof( buf ) ] ) {
+			if ( rest <= 0 ) {
 				AC_MEMCPY( &buf[ sizeof( buf ) - STRLENOF( "...(truncated)" ) - 1 ],
 					"...(truncated)", STRLENOF( "...(truncated)" ) + 1 );
 			} 
+			ptr = buf;
 		}
 
-		Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", buf, 0, 0 );
+		Debug( LDAP_DEBUG_ARGS, "ldap_build_search_req ATTRS:%s\n", ptr, 0,0 );
 	}
 #endif /* LDAP_DEBUG */
 

Modified: openldap/vendor/openldap-release/libraries/libldap/sort.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sort.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/sort.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* sort.c -- LDAP library entry and value sort routines */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sort.c,v 1.27.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sort.c,v 1.27.2.5 2009/01/22 00:00:55 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/sortctrl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/sortctrl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/sortctrl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/sortctrl.c,v 1.19.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/sortctrl.c,v 1.19.2.6 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -304,6 +304,7 @@
 
 	value->bv_val = NULL;
 	value->bv_len = 0;
+	ld->ld_errno = LDAP_SUCCESS;
 
 	ber = ldap_alloc_ber_with_options( ld );
 	if ( ber == NULL) {

Modified: openldap/vendor/openldap-release/libraries/libldap/stctrl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/stctrl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/stctrl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/stctrl.c,v 1.3.2.2 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/stctrl.c,v 1.3.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 2007 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -60,6 +60,7 @@
 	}
 
 	assert( LDAP_VALID( ld ) );
+	ld->ld_errno = LDAP_SUCCESS;
 
 	/* check sizes according to I.D. */
 	if ( sessionSourceIp == NULL ) {

Modified: openldap/vendor/openldap-release/libraries/libldap/string.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/string.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/string.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/string.c,v 1.23.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/string.c,v 1.23.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/t61.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/t61.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/t61.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/t61.c,v 1.9.2.4 2008/06/02 17:20:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/t61.c,v 1.9.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/test.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/test.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/test.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/test.c,v 1.55.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/test.c,v 1.55.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Deleted: openldap/vendor/openldap-release/libraries/libldap/tls.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/tls.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,3134 +0,0 @@
-/* tls.c - Handle tls/ssl using SSLeay, OpenSSL or GNUTLS. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/tls.c,v 1.133.2.11 2008/07/09 23:56:44 quanah Exp $ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2008 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* ACKNOWLEDGEMENTS: GNUTLS support written by Howard Chu and
- * Matt Backes; sponsored by The Written Word (thewrittenword.com)
- * and Stanford University (stanford.edu).
- */
-
-#include "portable.h"
-#include "ldap_config.h"
-
-#include <stdio.h>
-
-#include <ac/stdlib.h>
-#include <ac/errno.h>
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/ctype.h>
-#include <ac/time.h>
-#include <ac/unistd.h>
-#include <ac/param.h>
-#include <ac/dirent.h>
-
-#include "ldap-int.h"
-
-#ifdef HAVE_TLS
-
-#ifdef LDAP_R_COMPILE
-#include <ldap_pvt_thread.h>
-#endif
-
-#ifdef HAVE_GNUTLS
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-#include <gcrypt.h>
-
-#define DH_BITS	(1024)
-
-#else
-#ifdef HAVE_OPENSSL_SSL_H
-#include <openssl/ssl.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/safestack.h>
-#elif defined( HAVE_SSL_H )
-#include <ssl.h>
-#endif
-#endif
-
-#define HAS_TLS( sb )	ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
-				(void *)&sb_tls_sbio )
-
-#endif /* HAVE_TLS */
-
-/* RFC2459 minimum required set of supported attribute types
- * in a certificate DN
- */
-typedef struct oid_name {
-	struct berval oid;
-	struct berval name;
-} oid_name;
-
-#define	CN_OID	oids[0].oid.bv_val
-
-static oid_name oids[] = {
-	{ BER_BVC("2.5.4.3"), BER_BVC("cn") },
-	{ BER_BVC("2.5.4.4"), BER_BVC("sn") },
-	{ BER_BVC("2.5.4.6"), BER_BVC("c") },
-	{ BER_BVC("2.5.4.7"), BER_BVC("l") },
-	{ BER_BVC("2.5.4.8"), BER_BVC("st") },
-	{ BER_BVC("2.5.4.10"), BER_BVC("o") },
-	{ BER_BVC("2.5.4.11"), BER_BVC("ou") },
-	{ BER_BVC("2.5.4.12"), BER_BVC("title") },
-	{ BER_BVC("2.5.4.41"), BER_BVC("name") },
-	{ BER_BVC("2.5.4.42"), BER_BVC("givenName") },
-	{ BER_BVC("2.5.4.43"), BER_BVC("initials") },
-	{ BER_BVC("2.5.4.44"), BER_BVC("generationQualifier") },
-	{ BER_BVC("2.5.4.46"), BER_BVC("dnQualifier") },
-	{ BER_BVC("1.2.840.113549.1.9.1"), BER_BVC("email") },
-	{ BER_BVC("0.9.2342.19200300.100.1.25"), BER_BVC("dc") },
-	{ BER_BVNULL, BER_BVNULL }
-};
-
-#ifdef HAVE_TLS
-#ifdef HAVE_GNUTLS
-
-typedef struct tls_cipher_suite {
-	const char *name;
-	gnutls_kx_algorithm_t kx;
-	gnutls_cipher_algorithm_t cipher;
-	gnutls_mac_algorithm_t mac;
-	gnutls_protocol_t version;
-} tls_cipher_suite;
-
-static tls_cipher_suite *ciphers;
-static int n_ciphers;
-
-/* sorta replacing SSL_CTX */
-typedef struct tls_ctx {
-	struct ldapoptions *lo;
-	gnutls_certificate_credentials_t cred;
-	gnutls_dh_params_t dh_params;
-	unsigned long verify_depth;
-	int refcount;
-	int *kx_list;
-	int *cipher_list;
-	int *mac_list;
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_t ref_mutex;
-#endif
-} tls_ctx;
-
-/* sorta replacing SSL */
-typedef struct tls_session {
-	tls_ctx *ctx;
-	gnutls_session_t session;
-	struct berval peer_der_dn;
-} tls_session;
-
-#ifdef LDAP_R_COMPILE
-
-static int
-ldap_pvt_gcry_mutex_init( void **priv )
-{
-	int err = 0;
-	ldap_pvt_thread_mutex_t *lock = LDAP_MALLOC( sizeof( ldap_pvt_thread_mutex_t ));
-
-	if ( !lock )
-		err = ENOMEM;
-	if ( !err ) {
-		err = ldap_pvt_thread_mutex_init( lock );
-		if ( err )
-			LDAP_FREE( lock );
-		else
-			*priv = lock;
-	}
-	return err;
-}
-static int
-ldap_pvt_gcry_mutex_destroy( void **lock )
-{
-	int err = ldap_pvt_thread_mutex_destroy( *lock );
-	LDAP_FREE( *lock );
-	return err;
-}
-static int
-ldap_pvt_gcry_mutex_lock( void **lock )
-{
-	return ldap_pvt_thread_mutex_lock( *lock );
-}
-static int
-ldap_pvt_gcry_mutex_unlock( void **lock )
-{
-	return ldap_pvt_thread_mutex_unlock( *lock );
-}
-
-static struct gcry_thread_cbs ldap_generic_thread_cbs = {
-	GCRY_THREAD_OPTION_USER,
-	NULL,
-	ldap_pvt_gcry_mutex_init,
-	ldap_pvt_gcry_mutex_destroy,
-	ldap_pvt_gcry_mutex_lock,
-	ldap_pvt_gcry_mutex_unlock,
-	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
-};
-
-static void
-tls_init_threads( void )
-{
-	gcry_control (GCRYCTL_SET_THREAD_CBS, &ldap_generic_thread_cbs);
-}
-#endif /* LDAP_R_COMPILE */
-
-void
-ldap_pvt_tls_ctx_free ( void *c )
-{
-	int refcount;
-	tls_ctx *ctx = c;
-
-	if ( !ctx ) return;
-
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_lock( &ctx->ref_mutex );
-#endif
-	refcount = --ctx->refcount;
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_unlock( &ctx->ref_mutex );
-#endif
-	if ( refcount )
-		return;
-	LDAP_FREE( ctx->kx_list );
-	gnutls_certificate_free_credentials( ctx->cred );
-	ber_memfree ( ctx );
-}
-
-static void *
-tls_ctx_new ( struct ldapoptions *lo )
-{
-	tls_ctx *ctx;
-
-	ctx = ber_memcalloc ( 1, sizeof (*ctx) );
-	if ( ctx ) {
-		ctx->lo = lo;
-		if ( gnutls_certificate_allocate_credentials( &ctx->cred )) {
-			ber_memfree( ctx );
-			return NULL;
-		}
-		ctx->refcount = 1;
-#ifdef LDAP_R_COMPILE
-		ldap_pvt_thread_mutex_init( &ctx->ref_mutex );
-#endif
-	}
-	return ctx;
-}
-
-static void
-tls_ctx_ref( tls_ctx *ctx )
-{
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_lock( &ctx->ref_mutex );
-#endif
-	ctx->refcount++;
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_unlock( &ctx->ref_mutex );
-#endif
-}
-
-tls_session *
-tls_session_new ( tls_ctx * ctx, int is_server )
-{
-	tls_session *session;
-
-	session = ber_memcalloc ( 1, sizeof (*session) );
-	if ( !session )
-		return NULL;
-
-	session->ctx = ctx;
-	gnutls_init( &session->session, is_server ? GNUTLS_SERVER : GNUTLS_CLIENT );
-	gnutls_set_default_priority( session->session );
-	if ( ctx->kx_list ) {
-		gnutls_kx_set_priority( session->session, ctx->kx_list );
-		gnutls_cipher_set_priority( session->session, ctx->cipher_list );
-		gnutls_mac_set_priority( session->session, ctx->mac_list );
-	}
-	if ( ctx->cred )
-		gnutls_credentials_set( session->session, GNUTLS_CRD_CERTIFICATE, ctx->cred );
-	
-	if ( is_server ) {
-		int flag = 0;
-		if ( ctx->lo->ldo_tls_require_cert ) {
-			flag = GNUTLS_CERT_REQUEST;
-			if ( ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
-				ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD )
-				flag = GNUTLS_CERT_REQUIRE;
-			gnutls_certificate_server_set_request( session->session, flag );
-		}
-	}
-	return session;
-} 
-
-void
-tls_session_free ( tls_session * session )
-{
-	ber_memfree ( session );
-}
-
-#define	tls_session_connect( ssl )	gnutls_handshake( ssl->session )
-#define	tls_session_accept( ssl )	gnutls_handshake( ssl->session )
-
-/* suites is a string of colon-separated cipher suite names. */
-static int
-tls_parse_ciphers( tls_ctx *ctx, char *suites )
-{
-	char *ptr, *end;
-	int i, j, len, num;
-	int *list, nkx = 0, ncipher = 0, nmac = 0;
-	int *kx, *cipher, *mac;
-
-	num = 0;
-	ptr = suites;
-	do {
-		end = strchr(ptr, ':');
-		if ( end )
-			len = end - ptr;
-		else
-			len = strlen(ptr);
-		for (i=0; i<n_ciphers; i++) {
-			if ( !strncasecmp( ciphers[i].name, ptr, len )) {
-				num++;
-				break;
-			}
-		}
-		if ( i == n_ciphers ) {
-			/* unrecognized cipher suite */
-			return -1;
-		}
-		ptr += len + 1;
-	} while (end);
-
-	/* Space for all 3 lists */
-	list = LDAP_MALLOC( (num+1) * sizeof(int) * 3 );
-	if ( !list )
-		return -1;
-	kx = list;
-	cipher = kx+num+1;
-	mac = cipher+num+1;
-
-	ptr = suites;
-	do {
-		end = strchr(ptr, ':');
-		if ( end )
-			len = end - ptr;
-		else
-			len = strlen(ptr);
-		for (i=0; i<n_ciphers; i++) {
-			/* For each cipher suite, insert its algorithms into
-			 * their respective priority lists. Make sure they
-			 * only appear once in each list.
-			 */
-			if ( !strncasecmp( ciphers[i].name, ptr, len )) {
-				for (j=0; j<nkx; j++)
-					if ( kx[j] == ciphers[i].kx )
-						break;
-				if ( j == nkx )
-					kx[nkx++] = ciphers[i].kx;
-				for (j=0; j<ncipher; j++)
-					if ( cipher[j] == ciphers[i].cipher )
-						break;
-				if ( j == ncipher ) 
-					cipher[ncipher++] = ciphers[i].cipher;
-				for (j=0; j<nmac; j++)
-					if ( mac[j] == ciphers[i].mac )
-						break;
-				if ( j == nmac )
-					mac[nmac++] = ciphers[i].mac;
-				break;
-			}
-		}
-		ptr += len + 1;
-	} while (end);
-	kx[nkx] = 0;
-	cipher[ncipher] = 0;
-	mac[nmac] = 0;
-	ctx->kx_list = kx;
-	ctx->cipher_list = cipher;
-	ctx->mac_list = mac;
-	return 0;
-}
-
-#else /* OpenSSL */
-
-typedef SSL_CTX tls_ctx;
-typedef SSL tls_session;
-
-static int  tls_opt_trace = 1;
-static char *tls_opt_randfile = NULL;
-
-static void tls_report_error( void );
-
-static void tls_info_cb( const SSL *ssl, int where, int ret );
-static int tls_verify_cb( int ok, X509_STORE_CTX *ctx );
-static int tls_verify_ok( int ok, X509_STORE_CTX *ctx );
-static RSA * tls_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
-
-static DH * tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length );
-
-typedef struct dhplist {
-	struct dhplist *next;
-	int keylength;
-	DH *param;
-} dhplist;
-
-static dhplist *dhparams;
-
-static int tls_seed_PRNG( const char *randfile );
-
-#ifdef LDAP_R_COMPILE
-/*
- * provide mutexes for the SSLeay library.
- */
-static ldap_pvt_thread_mutex_t	tls_mutexes[CRYPTO_NUM_LOCKS];
-
-static void tls_locking_cb( int mode, int type, const char *file, int line )
-{
-	if ( mode & CRYPTO_LOCK ) {
-		ldap_pvt_thread_mutex_lock( &tls_mutexes[type] );
-	} else {
-		ldap_pvt_thread_mutex_unlock( &tls_mutexes[type] );
-	}
-}
-
-static unsigned long tls_thread_self( void )
-{
-	/* FIXME: CRYPTO_set_id_callback only works when ldap_pvt_thread_t
-	 * is an integral type that fits in an unsigned long
-	 */
-
-	/* force an error if the ldap_pvt_thread_t type is too large */
-	enum { ok = sizeof( ldap_pvt_thread_t ) <= sizeof( unsigned long ) };
-	typedef struct { int dummy: ok ? 1 : -1; } Check[ok ? 1 : -1];
-
-	return (unsigned long) ldap_pvt_thread_self();
-}
-
-static void tls_init_threads( void )
-{
-	int i;
-
-	for( i=0; i< CRYPTO_NUM_LOCKS ; i++ ) {
-		ldap_pvt_thread_mutex_init( &tls_mutexes[i] );
-	}
-	CRYPTO_set_locking_callback( tls_locking_cb );
-	CRYPTO_set_id_callback( tls_thread_self );
-}
-#endif /* LDAP_R_COMPILE */
-
-void
-ldap_pvt_tls_ctx_free ( void *c )
-{
-
-	SSL_CTX_free( c );
-}
-
-static void *
-tls_ctx_new( struct ldapoptions *lo )
-{
-	return SSL_CTX_new( SSLv23_method() );
-}
-
-static void
-tls_ctx_ref( void *c )
-{
-	SSL_CTX *ctx = c;
-	CRYPTO_add( &ctx->references, 1, CRYPTO_LOCK_SSL_CTX );
-}
-
-static tls_session *
-tls_session_new( tls_ctx *ctx, int is_server )
-{
-	return SSL_new( ctx );
-}
-
-#define	tls_session_connect( ssl )	SSL_connect( ssl )
-#define	tls_session_accept( ssl )	SSL_accept( ssl )
-
-static STACK_OF(X509_NAME) *
-get_ca_list( char * bundle, char * dir )
-{
-	STACK_OF(X509_NAME) *ca_list = NULL;
-
-	if ( bundle ) {
-		ca_list = SSL_load_client_CA_file( bundle );
-	}
-#if defined(HAVE_DIRENT_H) || defined(dirent)
-	if ( dir ) {
-		int freeit = 0;
-
-		if ( !ca_list ) {
-			ca_list = sk_X509_NAME_new_null();
-			freeit = 1;
-		}
-		if ( !SSL_add_dir_cert_subjects_to_stack( ca_list, dir ) &&
-			freeit ) {
-			sk_X509_NAME_free( ca_list );
-			ca_list = NULL;
-		}
-	}
-#endif
-	return ca_list;
-}
-
-#endif /* HAVE_GNUTLS */
-
-#ifdef LDAP_R_COMPILE
-/*
- * an extra mutex for the default ctx.
- */
-static ldap_pvt_thread_mutex_t tls_def_ctx_mutex;
-#endif
-
-void
-ldap_int_tls_destroy( struct ldapoptions *lo )
-{
-	if ( lo->ldo_tls_ctx ) {
-		ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
-		lo->ldo_tls_ctx = NULL;
-	}
-
-	if ( lo->ldo_tls_certfile ) {
-		LDAP_FREE( lo->ldo_tls_certfile );
-		lo->ldo_tls_certfile = NULL;
-	}
-	if ( lo->ldo_tls_keyfile ) {
-		LDAP_FREE( lo->ldo_tls_keyfile );
-		lo->ldo_tls_keyfile = NULL;
-	}
-	if ( lo->ldo_tls_dhfile ) {
-		LDAP_FREE( lo->ldo_tls_dhfile );
-		lo->ldo_tls_dhfile = NULL;
-	}
-	if ( lo->ldo_tls_cacertfile ) {
-		LDAP_FREE( lo->ldo_tls_cacertfile );
-		lo->ldo_tls_cacertfile = NULL;
-	}
-	if ( lo->ldo_tls_cacertdir ) {
-		LDAP_FREE( lo->ldo_tls_cacertdir );
-		lo->ldo_tls_cacertdir = NULL;
-	}
-	if ( lo->ldo_tls_ciphersuite ) {
-		LDAP_FREE( lo->ldo_tls_ciphersuite );
-		lo->ldo_tls_ciphersuite = NULL;
-	}
-#ifdef HAVE_GNUTLS
-	if ( lo->ldo_tls_crlfile ) {
-		LDAP_FREE( lo->ldo_tls_crlfile );
-		lo->ldo_tls_crlfile = NULL;
-	}
-#endif
-}
-
-/*
- * Tear down the TLS subsystem. Should only be called once.
- */
-void
-ldap_pvt_tls_destroy( void )
-{
-	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
-
-	ldap_int_tls_destroy( lo );
-
-#ifdef HAVE_GNUTLS
-	LDAP_FREE( ciphers );
-	ciphers = NULL;
-
-	gnutls_global_deinit();
-#else
-	EVP_cleanup();
-	ERR_remove_state(0);
-	ERR_free_strings();
-
-	if ( tls_opt_randfile ) {
-		LDAP_FREE( tls_opt_randfile );
-		tls_opt_randfile = NULL;
-	}
-#endif
-}
-
-/*
- * Initialize TLS subsystem. Should be called only once.
- */
-int
-ldap_pvt_tls_init( void )
-{
-	static int tls_initialized = 0;
-
-	if ( tls_initialized++ ) return 0;
-
-#ifdef LDAP_R_COMPILE
-	tls_init_threads();
-	ldap_pvt_thread_mutex_init( &tls_def_ctx_mutex );
-#endif
-
-#ifdef HAVE_GNUTLS
-	gnutls_global_init ();
-
-	/* GNUtls cipher suite handling: The library ought to parse suite
-	 * names for us, but it doesn't. It will return a list of suite names
-	 * that it supports, so we can do parsing ourselves. It ought to tell
-	 * us how long the list is, but it doesn't do that either, so we just
-	 * have to count it manually...
-	 */
-	{
-		int i = 0;
-		tls_cipher_suite *ptr, tmp;
-		char cs_id[2];
-
-		while ( gnutls_cipher_suite_info( i, cs_id, &tmp.kx, &tmp.cipher,
-			&tmp.mac, &tmp.version ))
-			i++;
-		n_ciphers = i;
-
-		/* Store a copy */
-		ciphers = LDAP_MALLOC(n_ciphers * sizeof(tls_cipher_suite));
-		if ( !ciphers )
-			return -1;
-		for ( i=0; i<n_ciphers; i++ ) {
-			ciphers[i].name = gnutls_cipher_suite_info( i, cs_id,
-				&ciphers[i].kx, &ciphers[i].cipher, &ciphers[i].mac,
-				&ciphers[i].version );
-		}
-	}
-
-#else /* !HAVE_GNUTLS */
-
-#ifdef HAVE_EBCDIC
-	{
-		char *file = LDAP_STRDUP( tls_opt_randfile );
-		if ( file ) __atoe( file );
-		(void) tls_seed_PRNG( file );
-		LDAP_FREE( file );
-	}
-#else
-	(void) tls_seed_PRNG( tls_opt_randfile );
-#endif
-
-	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
-
-	/* FIXME: mod_ssl does this */
-	X509V3_add_standard_extensions();
-
-#endif /* HAVE_GNUTLS */
-	return 0;
-}
-
-/*
- * initialize a new TLS context
- */
-static int
-ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server )
-{
-	int i, rc = 0;
-	char *ciphersuite = lo->ldo_tls_ciphersuite;
-	char *cacertfile = lo->ldo_tls_cacertfile;
-	char *cacertdir = lo->ldo_tls_cacertdir;
-	char *certfile = lo->ldo_tls_certfile;
-	char *keyfile = lo->ldo_tls_keyfile;
-#ifdef HAVE_GNUTLS
-	char *crlfile = lo->ldo_tls_crlfile;
-#else
-	char *dhfile = lo->ldo_tls_dhfile;
-#endif
-
-	if ( lo->ldo_tls_ctx )
-		return 0;
-
-	ldap_pvt_tls_init();
-
-	if ( is_server && !certfile && !keyfile && !cacertfile && !cacertdir ) {
-		/* minimum configuration not provided */
-		return LDAP_NOT_SUPPORTED;
-	}
-
-#ifdef HAVE_EBCDIC
-	/* This ASCII/EBCDIC handling is a real pain! */
-	if ( ciphersuite ) {
-		ciphersuite = LDAP_STRDUP( ciphersuite );
-		__atoe( ciphersuite );
-	}
-	if ( cacertfile ) {
-		cacertfile = LDAP_STRDUP( cacertfile );
-		__atoe( cacertfile );
-	}
-	if ( certfile ) {
-		certfile = LDAP_STRDUP( certfile );
-		__atoe( certfile );
-	}
-	if ( keyfile ) {
-		keyfile = LDAP_STRDUP( keyfile );
-		__atoe( keyfile );
-	}
-#ifdef HAVE_GNUTLS
-	if ( crlfile ) {
-		crlfile = LDAP_STRDUP( crlfile );
-		__atoe( crlfile );
-	}
-#else
-	if ( cacertdir ) {
-		cacertdir = LDAP_STRDUP( cacertdir );
-		__atoe( cacertdir );
-	}
-	if ( dhfile ) {
-		dhfile = LDAP_STRDUP( dhfile );
-		__atoe( dhfile );
-	}
-#endif
-#endif
-	lo->ldo_tls_ctx = tls_ctx_new( lo );
-	if ( lo->ldo_tls_ctx == NULL ) {
-#ifdef HAVE_GNUTLS
-		Debug( LDAP_DEBUG_ANY,
-		   "TLS: could not allocate default ctx.\n",
-			0,0,0);
-#else
-		Debug( LDAP_DEBUG_ANY,
-		   "TLS: could not allocate default ctx (%lu).\n",
-			ERR_peek_error(),0,0);
-#endif
-		rc = -1;
-		goto error_exit;
-	}
-
-#ifdef HAVE_GNUTLS
- 	if ( lo->ldo_tls_ciphersuite &&
-		tls_parse_ciphers( lo->ldo_tls_ctx,
-			ciphersuite )) {
- 		Debug( LDAP_DEBUG_ANY,
- 			   "TLS: could not set cipher list %s.\n",
- 			   lo->ldo_tls_ciphersuite, 0, 0 );
- 		rc = -1;
- 		goto error_exit;
- 	}
-
-	if (lo->ldo_tls_cacertdir != NULL) {
-		Debug( LDAP_DEBUG_ANY, 
-		       "TLS: warning: cacertdir not implemented for gnutls\n",
-		       NULL, NULL, NULL );
-	}
-
-	if (lo->ldo_tls_cacertfile != NULL) {
-		rc = gnutls_certificate_set_x509_trust_file( 
-			((tls_ctx*) lo->ldo_tls_ctx)->cred,
-			cacertfile,
-			GNUTLS_X509_FMT_PEM );
-		if ( rc < 0 ) goto error_exit;
-	}
-
-	if ( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) {
-		rc = gnutls_certificate_set_x509_key_file( 
-			((tls_ctx*) lo->ldo_tls_ctx)->cred,
-			certfile,
-			keyfile,
-			GNUTLS_X509_FMT_PEM );
-		if ( rc ) goto error_exit;
-	} else if ( lo->ldo_tls_certfile || lo->ldo_tls_keyfile ) {
-		Debug( LDAP_DEBUG_ANY, 
-		       "TLS: only one of certfile and keyfile specified\n",
-		       NULL, NULL, NULL );
-		rc = 1;
-		goto error_exit;
-	}
-
-	if ( lo->ldo_tls_dhfile ) {
-		Debug( LDAP_DEBUG_ANY, 
-		       "TLS: warning: ignoring dhfile\n", 
-		       NULL, NULL, NULL );
-	}
-
-	if ( lo->ldo_tls_crlfile ) {
-		rc = gnutls_certificate_set_x509_crl_file( 
-			((tls_ctx*) lo->ldo_tls_ctx)->cred,
-			crlfile,
-			GNUTLS_X509_FMT_PEM );
-		if ( rc < 0 ) goto error_exit;
-		rc = 0;
-	}
-	if ( is_server ) {
-		gnutls_dh_params_init (&((tls_ctx*) 
-					lo->ldo_tls_ctx)->dh_params);
-		gnutls_dh_params_generate2 (((tls_ctx*) 
-						 lo->ldo_tls_ctx)->dh_params, 
-						DH_BITS);
-	}
-
-#else /* !HAVE_GNUTLS */
-
-	if ( is_server ) {
-		SSL_CTX_set_session_id_context( lo->ldo_tls_ctx,
-			(const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
-	}
-
-	if ( lo->ldo_tls_ciphersuite &&
-		!SSL_CTX_set_cipher_list( lo->ldo_tls_ctx, ciphersuite ) )
-	{
-		Debug( LDAP_DEBUG_ANY,
-			   "TLS: could not set cipher list %s.\n",
-			   lo->ldo_tls_ciphersuite, 0, 0 );
-		tls_report_error();
-		rc = -1;
-		goto error_exit;
-	}
-
-	if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) {
-		if ( !SSL_CTX_load_verify_locations( lo->ldo_tls_ctx,
-				cacertfile, cacertdir ) ||
-			!SSL_CTX_set_default_verify_paths( lo->ldo_tls_ctx ) )
-		{
-			Debug( LDAP_DEBUG_ANY, "TLS: "
-				"could not load verify locations (file:`%s',dir:`%s').\n",
-				lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
-				lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
-				0 );
-			tls_report_error();
-			rc = -1;
-			goto error_exit;
-		}
-
-		if ( is_server ) {
-			STACK_OF(X509_NAME) *calist;
-			/* List of CA names to send to a client */
-			calist = get_ca_list( cacertfile, cacertdir );
-			if ( !calist ) {
-				Debug( LDAP_DEBUG_ANY, "TLS: "
-					"could not load client CA list (file:`%s',dir:`%s').\n",
-					lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
-					lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
-					0 );
-				tls_report_error();
-				rc = -1;
-				goto error_exit;
-			}
-
-			SSL_CTX_set_client_CA_list( lo->ldo_tls_ctx, calist );
-		}
-	}
-
-	if ( lo->ldo_tls_certfile &&
-		!SSL_CTX_use_certificate_file( lo->ldo_tls_ctx,
-			certfile, SSL_FILETYPE_PEM ) )
-	{
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: could not use certificate `%s'.\n",
-			lo->ldo_tls_certfile,0,0);
-		tls_report_error();
-		rc = -1;
-		goto error_exit;
-	}
-
-	/* Key validity is checked automatically if cert has already been set */
-	if ( lo->ldo_tls_keyfile &&
-		!SSL_CTX_use_PrivateKey_file( lo->ldo_tls_ctx,
-			keyfile, SSL_FILETYPE_PEM ) )
-	{
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: could not use key file `%s'.\n",
-			lo->ldo_tls_keyfile,0,0);
-		tls_report_error();
-		rc = -1;
-		goto error_exit;
-	}
-
-	if ( lo->ldo_tls_dhfile ) {
-		DH *dh = NULL;
-		BIO *bio;
-		dhplist *p;
-
-		if (( bio=BIO_new_file( dhfile,"r" )) == NULL ) {
-			Debug( LDAP_DEBUG_ANY,
-				"TLS: could not use DH parameters file `%s'.\n",
-				lo->ldo_tls_dhfile,0,0);
-			tls_report_error();
-			rc = -1;
-			goto error_exit;
-		}
-		while (( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
-			p = LDAP_MALLOC( sizeof(dhplist) );
-			if ( p != NULL ) {
-				p->keylength = DH_size( dh ) * 8;
-				p->param = dh;
-				p->next = dhparams;
-				dhparams = p;
-			}
-		}
-		BIO_free( bio );
-	}
-
-	if ( tls_opt_trace ) {
-		SSL_CTX_set_info_callback( (SSL_CTX *)lo->ldo_tls_ctx, tls_info_cb );
-	}
-
-	i = SSL_VERIFY_NONE;
-	if ( lo->ldo_tls_require_cert ) {
-		i = SSL_VERIFY_PEER;
-		if ( lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
-			 lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) {
-			i |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-		}
-	}
-
-	SSL_CTX_set_verify( lo->ldo_tls_ctx, i,
-		lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
-		tls_verify_ok : tls_verify_cb );
-	SSL_CTX_set_tmp_rsa_callback( lo->ldo_tls_ctx, tls_tmp_rsa_cb );
-	if ( lo->ldo_tls_dhfile ) {
-		SSL_CTX_set_tmp_dh_callback( lo->ldo_tls_ctx, tls_tmp_dh_cb );
-	}
-#ifdef HAVE_OPENSSL_CRL
-	if ( lo->ldo_tls_crlcheck ) {
-		X509_STORE *x509_s = SSL_CTX_get_cert_store( lo->ldo_tls_ctx );
-		if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_PEER ) {
-			X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK );
-		} else if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_ALL ) {
-			X509_STORE_set_flags( x509_s, 
-					X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL  );
-		}
-	}
-#endif
-
-#endif /* HAVE_GNUTLS */
-
-error_exit:
-	if ( rc == -1 && lo->ldo_tls_ctx != NULL ) {
-		ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
-		lo->ldo_tls_ctx = NULL;
-	}
-#ifdef HAVE_EBCDIC
-	LDAP_FREE( ciphersuite );
-	LDAP_FREE( cacertfile );
-	LDAP_FREE( certfile );
-	LDAP_FREE( keyfile );
-#ifdef HAVE_GNUTLS
-	LDAP_FREE( crlfile );
-#else
-	LDAP_FREE( cacertdir );
-	LDAP_FREE( dhfile );
-#endif
-#endif
-	return rc;
-}
-
-/*
- * initialize the default context
- */
-int
-ldap_pvt_tls_init_def_ctx( int is_server )
-{
-	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
-	int rc;
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
-#endif
-	rc = ldap_int_tls_init_ctx( lo, is_server );
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
-#endif
-	return rc;
-}
-
-static tls_session *
-alloc_handle( void *ctx_arg, int is_server )
-{
-	tls_ctx	*ctx;
-	tls_session	*ssl;
-
-	if ( ctx_arg ) {
-		ctx = ctx_arg;
-	} else {
-		struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
-		if ( ldap_pvt_tls_init_def_ctx( is_server ) < 0 ) return NULL;
-		ctx = lo->ldo_tls_ctx;
-	}
-
-	ssl = tls_session_new( ctx, is_server );
-	if ( ssl == NULL ) {
-		Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0);
-		return NULL;
-	}
-	return ssl;
-}
-
-static int
-update_flags( Sockbuf *sb, tls_session * ssl, int rc )
-{
-	sb->sb_trans_needs_read  = 0;
-	sb->sb_trans_needs_write = 0;
-
-#ifdef HAVE_GNUTLS
-	if ( rc != GNUTLS_E_INTERRUPTED && rc != GNUTLS_E_AGAIN )
-		return 0;
-
-	switch (gnutls_record_get_direction (ssl->session)) {
-	case 0: 
-		sb->sb_trans_needs_read = 1;
-		return 1;
-	case 1:
-		sb->sb_trans_needs_write = 1;
-		return 1;
-	}
-#else /* !HAVE_GNUTLS */
-	rc = SSL_get_error(ssl, rc);
-	if (rc == SSL_ERROR_WANT_READ) {
-		sb->sb_trans_needs_read  = 1;
-		return 1;
-
-	} else if (rc == SSL_ERROR_WANT_WRITE) {
-		sb->sb_trans_needs_write = 1;
-		return 1;
-
-	} else if (rc == SSL_ERROR_WANT_CONNECT) {
-		return 1;
-	}
-#endif /* HAVE_GNUTLS */
-	return 0;
-}
-
-/*
- * TLS support for LBER Sockbufs
- */
-
-struct tls_data {
-	tls_session			*ssl;
-	Sockbuf_IO_Desc		*sbiod;
-};
-
-#ifdef HAVE_GNUTLS
-
-static ssize_t
-sb_gtls_recv( gnutls_transport_ptr_t ptr, void *buf, size_t len )
-{
-	struct tls_data		*p;
-
-	if ( buf == NULL || len <= 0 ) return 0;
-
-	p = (struct tls_data *)ptr;
-
-	if ( p == NULL || p->sbiod == NULL ) {
-		return 0;
-	}
-
-	return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
-}
-
-static ssize_t
-sb_gtls_send( gnutls_transport_ptr_t ptr, const void *buf, size_t len )
-{
-	struct tls_data		*p;
-	
-	if ( buf == NULL || len <= 0 ) return 0;
-	
-	p = (struct tls_data *)ptr;
-
-	if ( p == NULL || p->sbiod == NULL ) {
-		return 0;
-	}
-
-	return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
-}
-
-static int
-sb_tls_setup( Sockbuf_IO_Desc *sbiod, void *arg )
-{
-	struct tls_data		*p;
-	tls_session	*session = arg;
-
-	assert( sbiod != NULL );
-
-	p = LBER_MALLOC( sizeof( *p ) );
-	if ( p == NULL ) {
-		return -1;
-	}
-	
-	gnutls_transport_set_ptr( session->session, (gnutls_transport_ptr)p );
-	gnutls_transport_set_pull_function( session->session, sb_gtls_recv );
-	gnutls_transport_set_push_function( session->session, sb_gtls_send );
-	p->ssl = arg;
-	p->sbiod = sbiod;
-	sbiod->sbiod_pvt = p;
-	return 0;
-}
-
-static int
-sb_tls_remove( Sockbuf_IO_Desc *sbiod )
-{
-	struct tls_data		*p;
-	
-	assert( sbiod != NULL );
-	assert( sbiod->sbiod_pvt != NULL );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-	gnutls_deinit ( p->ssl->session );
-	LBER_FREE( p->ssl );
-	LBER_FREE( sbiod->sbiod_pvt );
-	sbiod->sbiod_pvt = NULL;
-	return 0;
-}
-
-static int
-sb_tls_close( Sockbuf_IO_Desc *sbiod )
-{
-	struct tls_data		*p;
-	
-	assert( sbiod != NULL );
-	assert( sbiod->sbiod_pvt != NULL );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-	gnutls_bye ( p->ssl->session, GNUTLS_SHUT_RDWR );
-	return 0;
-}
-
-static int
-sb_tls_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
-{
-	struct tls_data		*p;
-	
-	assert( sbiod != NULL );
-	assert( sbiod->sbiod_pvt != NULL );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-	
-	if ( opt == LBER_SB_OPT_GET_SSL ) {
-		*((tls_session **)arg) = p->ssl;
-		return 1;
-		
-	} else if ( opt == LBER_SB_OPT_DATA_READY ) {
-		if( gnutls_record_check_pending( p->ssl->session ) > 0 ) {
-			return 1;
-		}
-	}
-	
-	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
-}
-
-static ber_slen_t
-sb_tls_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
-{
-	struct tls_data		*p;
-	ber_slen_t		ret;
-	int			err;
-
-	assert( sbiod != NULL );
-	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-
-	ret = gnutls_record_recv ( p->ssl->session, buf, len );
-	switch (ret) {
-	case GNUTLS_E_INTERRUPTED:
-	case GNUTLS_E_AGAIN:
-		sbiod->sbiod_sb->sb_trans_needs_read = 1;
-		sock_errset(EWOULDBLOCK);
-		ret = 0;
-		break;
-	case GNUTLS_E_REHANDSHAKE:
-		for ( ret = gnutls_handshake ( p->ssl->session );
-		      ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN;
-		      ret = gnutls_handshake ( p->ssl->session ) );
-		sbiod->sbiod_sb->sb_trans_needs_read = 1;
-		ret = 0;
-		break;
-	default:
-		sbiod->sbiod_sb->sb_trans_needs_read = 0;
-	}
-	return ret;
-}
-
-static ber_slen_t
-sb_tls_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
-{
-	struct tls_data		*p;
-	ber_slen_t		ret;
-	int			err;
-
-	assert( sbiod != NULL );
-	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-
-	ret = gnutls_record_send ( p->ssl->session, (char *)buf, len );
-
-	if ( ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN ) {
-		sbiod->sbiod_sb->sb_trans_needs_write = 1;
-		sock_errset(EWOULDBLOCK);
-		ret = 0;
-	} else {
-		sbiod->sbiod_sb->sb_trans_needs_write = 0;
-	}
-	return ret;
-}
-
-#else /* !HAVE_GNUTLS */
-
-static int
-sb_tls_bio_create( BIO *b ) {
-	b->init = 1;
-	b->num = 0;
-	b->ptr = NULL;
-	b->flags = 0;
-	return 1;
-}
-
-static int
-sb_tls_bio_destroy( BIO *b )
-{
-	if ( b == NULL ) return 0;
-
-	b->ptr = NULL;		/* sb_tls_remove() will free it */
-	b->init = 0;
-	b->flags = 0;
-	return 1;
-}
-
-static int
-sb_tls_bio_read( BIO *b, char *buf, int len )
-{
-	struct tls_data		*p;
-	int			ret;
-		
-	if ( buf == NULL || len <= 0 ) return 0;
-
-	p = (struct tls_data *)b->ptr;
-
-	if ( p == NULL || p->sbiod == NULL ) {
-		return 0;
-	}
-
-	ret = LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
-
-	BIO_clear_retry_flags( b );
-	if ( ret < 0 ) {
-		int err = sock_errno();
-		if ( err == EAGAIN || err == EWOULDBLOCK ) {
-			BIO_set_retry_read( b );
-		}
-	}
-
-	return ret;
-}
-
-static int
-sb_tls_bio_write( BIO *b, const char *buf, int len )
-{
-	struct tls_data		*p;
-	int			ret;
-	
-	if ( buf == NULL || len <= 0 ) return 0;
-	
-	p = (struct tls_data *)b->ptr;
-
-	if ( p == NULL || p->sbiod == NULL ) {
-		return 0;
-	}
-
-	ret = LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
-
-	BIO_clear_retry_flags( b );
-	if ( ret < 0 ) {
-		int err = sock_errno();
-		if ( err == EAGAIN || err == EWOULDBLOCK ) {
-			BIO_set_retry_write( b );
-		}
-	}
-
-	return ret;
-}
-
-static long
-sb_tls_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
-{
-	if ( cmd == BIO_CTRL_FLUSH ) {
-		/* The OpenSSL library needs this */
-		return 1;
-	}
-	return 0;
-}
-
-static int
-sb_tls_bio_gets( BIO *b, char *buf, int len )
-{
-	return -1;
-}
-
-static int
-sb_tls_bio_puts( BIO *b, const char *str )
-{
-	return sb_tls_bio_write( b, str, strlen( str ) );
-}
-	
-static BIO_METHOD sb_tls_bio_method =
-{
-	( 100 | 0x400 ),		/* it's a source/sink BIO */
-	"sockbuf glue",
-	sb_tls_bio_write,
-	sb_tls_bio_read,
-	sb_tls_bio_puts,
-	sb_tls_bio_gets,
-	sb_tls_bio_ctrl,
-	sb_tls_bio_create,
-	sb_tls_bio_destroy
-};
-
-static int
-sb_tls_setup( Sockbuf_IO_Desc *sbiod, void *arg )
-{
-	struct tls_data		*p;
-	BIO			*bio;
-
-	assert( sbiod != NULL );
-
-	p = LBER_MALLOC( sizeof( *p ) );
-	if ( p == NULL ) {
-		return -1;
-	}
-	
-	p->ssl = (SSL *)arg;
-	p->sbiod = sbiod;
-	bio = BIO_new( &sb_tls_bio_method );
-	bio->ptr = (void *)p;
-	SSL_set_bio( p->ssl, bio, bio );
-	sbiod->sbiod_pvt = p;
-	return 0;
-}
-
-static int
-sb_tls_remove( Sockbuf_IO_Desc *sbiod )
-{
-	struct tls_data		*p;
-	
-	assert( sbiod != NULL );
-	assert( sbiod->sbiod_pvt != NULL );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-	SSL_free( p->ssl );
-	LBER_FREE( sbiod->sbiod_pvt );
-	sbiod->sbiod_pvt = NULL;
-	return 0;
-}
-
-static int
-sb_tls_close( Sockbuf_IO_Desc *sbiod )
-{
-	struct tls_data		*p;
-	
-	assert( sbiod != NULL );
-	assert( sbiod->sbiod_pvt != NULL );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-	SSL_shutdown( p->ssl );
-	return 0;
-}
-
-static int
-sb_tls_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
-{
-	struct tls_data		*p;
-	
-	assert( sbiod != NULL );
-	assert( sbiod->sbiod_pvt != NULL );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-	
-	if ( opt == LBER_SB_OPT_GET_SSL ) {
-		*((SSL **)arg) = p->ssl;
-		return 1;
-
-	} else if ( opt == LBER_SB_OPT_DATA_READY ) {
-		if( SSL_pending( p->ssl ) > 0 ) {
-			return 1;
-		}
-	}
-	
-	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
-}
-
-static ber_slen_t
-sb_tls_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
-{
-	struct tls_data		*p;
-	ber_slen_t		ret;
-	int			err;
-
-	assert( sbiod != NULL );
-	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-
-	ret = SSL_read( p->ssl, (char *)buf, len );
-#ifdef HAVE_WINSOCK
-	errno = WSAGetLastError();
-#endif
-	err = SSL_get_error( p->ssl, ret );
-	if (err == SSL_ERROR_WANT_READ ) {
-		sbiod->sbiod_sb->sb_trans_needs_read = 1;
-		sock_errset(EWOULDBLOCK);
-	}
-	else
-		sbiod->sbiod_sb->sb_trans_needs_read = 0;
-	return ret;
-}
-
-static ber_slen_t
-sb_tls_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
-{
-	struct tls_data		*p;
-	ber_slen_t		ret;
-	int			err;
-
-	assert( sbiod != NULL );
-	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
-
-	p = (struct tls_data *)sbiod->sbiod_pvt;
-
-	ret = SSL_write( p->ssl, (char *)buf, len );
-#ifdef HAVE_WINSOCK
-	errno = WSAGetLastError();
-#endif
-	err = SSL_get_error( p->ssl, ret );
-	if (err == SSL_ERROR_WANT_WRITE ) {
-		sbiod->sbiod_sb->sb_trans_needs_write = 1;
-		sock_errset(EWOULDBLOCK);
-
-	} else {
-		sbiod->sbiod_sb->sb_trans_needs_write = 0;
-	}
-	return ret;
-}
-
-#endif
-
-static Sockbuf_IO sb_tls_sbio =
-{
-	sb_tls_setup,		/* sbi_setup */
-	sb_tls_remove,		/* sbi_remove */
-	sb_tls_ctrl,		/* sbi_ctrl */
-	sb_tls_read,		/* sbi_read */
-	sb_tls_write,		/* sbi_write */
-	sb_tls_close		/* sbi_close */
-};
-
-#ifdef HAVE_GNUTLS
-/* Certs are not automatically varified during the handshake */
-static int
-tls_cert_verify( tls_session *ssl )
-{
-	unsigned int status = 0;
-	int err;
-	time_t now = time(0);
-
-	err = gnutls_certificate_verify_peers2( ssl->session, &status );
-	if ( err < 0 ) {
-		Debug( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n",
-			err,0,0 );
-		return -1;
-	}
-	if ( status ) {
-		Debug( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n",
-			status, 0,0 );
-		return -1;
-	}
-	if ( gnutls_certificate_expiration_time_peers( ssl->session ) < now ) {
-		Debug( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n",
-			0, 0, 0 );
-		return -1;
-	}
-	if ( gnutls_certificate_activation_time_peers( ssl->session ) > now ) {
-		Debug( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n",
-			0, 0, 0 );
-		return -1;
-	}
-	return 0;
-}
-#endif /* HAVE_GNUTLS */
-
-/*
- * Call this to do a TLS connect on a sockbuf. ctx_arg can be
- * a SSL_CTX * or NULL, in which case the default ctx is used.
- *
- * Return value:
- *
- *  0 - Success. Connection is ready for communication.
- * <0 - Error. Can't create a TLS stream.
- * >0 - Partial success.
- *	  Do a select (using information from lber_pvt_sb_needs_{read,write}
- *		and call again.
- */
-
-static int
-ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
-{
-	Sockbuf *sb = conn->lconn_sb;
-	int	err;
-	tls_session	*ssl;
-
-	if ( HAS_TLS( sb ) ) {
-		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
-
-	} else {
-		struct ldapoptions *lo;
-		tls_ctx *ctx;
-
-		ctx = ld->ld_options.ldo_tls_ctx;
-
-		ssl = alloc_handle( ctx, 0 );
-
-		if ( ssl == NULL ) return -1;
-
-#ifdef LDAP_DEBUG
-		ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
-			LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
-#endif
-		ber_sockbuf_add_io( sb, &sb_tls_sbio,
-			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
-
-		lo = LDAP_INT_GLOBAL_OPT();   
-		if( ctx == NULL ) {
-			ctx = lo->ldo_tls_ctx;
-			ld->ld_options.ldo_tls_ctx = ctx;
-			tls_ctx_ref( ctx );
-		}
-		if ( ld->ld_options.ldo_tls_connect_cb )
-			ld->ld_options.ldo_tls_connect_cb( ld, ssl, ctx,
-			ld->ld_options.ldo_tls_connect_arg );
-		if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
-			ld->ld_options.ldo_tls_connect_cb )
-			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
-	}
-
-	err = tls_session_connect( ssl );
-
-#ifdef HAVE_WINSOCK
-	errno = WSAGetLastError();
-#endif
-
-#ifdef HAVE_GNUTLS
-	if ( err < 0 )
-#else
-	if ( err <= 0 )
-#endif
-	{
-		if ( update_flags( sb, ssl, err )) {
-			return 1;
-		}
-
-#ifndef HAVE_GNUTLS
-		if ((err = ERR_peek_error()))
-#endif
-		{
-			if ( ld->ld_error ) {
-				LDAP_FREE( ld->ld_error );
-			}
-#ifdef HAVE_GNUTLS
-			ld->ld_error = LDAP_STRDUP(gnutls_strerror( err ));
-#else
-			{
-				char buf[256];
-				ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf));
-			}
-#endif
-#ifdef HAVE_EBCDIC
-			if ( ld->ld_error ) __etoa(ld->ld_error);
-#endif
-		}
-
-		Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n",
-			ld->ld_error ? ld->ld_error : "" ,0,0);
-
-		ber_sockbuf_remove_io( sb, &sb_tls_sbio,
-			LBER_SBIOD_LEVEL_TRANSPORT );
-#ifdef LDAP_DEBUG
-		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
-			LBER_SBIOD_LEVEL_TRANSPORT );
-#endif
-		return -1;
-	}
-
-#ifdef HAVE_GNUTLS
-	if ( ld->ld_options.ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) {
-		err = tls_cert_verify( ssl );
-		if ( err && ld->ld_options.ldo_tls_require_cert != LDAP_OPT_X_TLS_ALLOW )
-			return err;
-	}
-#endif
-
-	return 0;
-}
-
-/*
- * Call this to do a TLS accept on a sockbuf.
- * Everything else is the same as with tls_connect.
- */
-int
-ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
-{
-	int	err;
-	tls_session	*ssl;
-
-	if ( HAS_TLS( sb ) ) {
-		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
-
-	} else {
-		ssl = alloc_handle( ctx_arg, 1 );
-		if ( ssl == NULL ) return -1;
-
-#ifdef LDAP_DEBUG
-		ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
-			LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
-#endif
-		ber_sockbuf_add_io( sb, &sb_tls_sbio,
-			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
-	}
-
-	err = tls_session_accept( ssl );
-
-#ifdef HAVE_WINSOCK
-	errno = WSAGetLastError();
-#endif
-
-#ifdef HAVE_GNUTLS
-	if ( err < 0 )
-#else
-	if ( err <= 0 )
-#endif
-	{
-		if ( update_flags( sb, ssl, err )) return 1;
-
-#ifdef HAVE_GNUTLS
-		Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
-			gnutls_strerror( err ),0,0 );
-#else
-		Debug( LDAP_DEBUG_ANY,"TLS: can't accept.\n",0,0,0 );
-		tls_report_error();
-#endif
-		ber_sockbuf_remove_io( sb, &sb_tls_sbio,
-			LBER_SBIOD_LEVEL_TRANSPORT );
-#ifdef LDAP_DEBUG
-		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
-			LBER_SBIOD_LEVEL_TRANSPORT );
-#endif
-		return -1;
-	}
-
-#ifdef HAVE_GNUTLS
-	if ( ssl->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) {
-		err = tls_cert_verify( ssl );
-		if ( err && ssl->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_ALLOW )
-			return err;
-	}
-#endif
-	return 0;
-}
-
-int
-ldap_pvt_tls_inplace ( Sockbuf *sb )
-{
-	return HAS_TLS( sb ) ? 1 : 0;
-}
-
-int
-ldap_tls_inplace( LDAP *ld )
-{
-	Sockbuf		*sb = NULL;
-
-	if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
-		sb = ld->ld_defconn->lconn_sb;
-
-	} else if ( ld->ld_sb ) {
-		sb = ld->ld_sb;
-
-	} else {
-		return 0;
-	}
-
-	return ldap_pvt_tls_inplace( sb );
-}
-
-#ifdef HAVE_GNUTLS
-static void
-x509_cert_get_dn( struct berval *cert, struct berval *dn, int get_subject )
-{
-	BerElementBuffer berbuf;
-	BerElement *ber = (BerElement *)&berbuf;
-	ber_tag_t tag;
-	ber_len_t len;
-	ber_int_t i;
-
-	ber_init2( ber, cert, LBER_USE_DER );
-	tag = ber_skip_tag( ber, &len );	/* Sequence */
-	tag = ber_skip_tag( ber, &len );	/* Sequence */
-	tag = ber_skip_tag( ber, &len );	/* Context + Constructed (version) */
-	if ( tag == 0xa0 )	/* Version is optional */
-		tag = ber_get_int( ber, &i );	/* Int: Version */
-	tag = ber_get_int( ber, &i );	/* Int: Serial */
-	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
-	ber_skip_data( ber, len );
-	if ( !get_subject ) {
-		tag = ber_peek_tag( ber, &len );	/* Sequence: Issuer DN */
-	} else {
-		tag = ber_skip_tag( ber, &len );
-		ber_skip_data( ber, len );
-		tag = ber_skip_tag( ber, &len );	/* Sequence: Validity */
-		ber_skip_data( ber, len );
-		tag = ber_peek_tag( ber, &len );	/* Sequence: Subject DN */
-	}
-	len = ber_ptrlen( ber );
-	dn->bv_val = cert->bv_val + len;
-	dn->bv_len = cert->bv_len - len;
-}
-
-static int
-tls_get_cert_dn( tls_session *session, struct berval *dnbv )
-{
-	if ( !session->peer_der_dn.bv_val ) {
-		const gnutls_datum_t *peer_cert_list;
-		int list_size;
-		struct berval bv;
-
-		peer_cert_list = gnutls_certificate_get_peers( session->session, 
-							&list_size );
-		if ( !peer_cert_list ) return LDAP_INVALID_CREDENTIALS;
-
-		bv.bv_len = peer_cert_list->size;
-		bv.bv_val = peer_cert_list->data;
-
-		x509_cert_get_dn( &bv, &session->peer_der_dn, 1 );
-		*dnbv = session->peer_der_dn;
-	}
-	return 0;
-}
-#else /* !HAVE_GNUTLS */
-static X509 *
-tls_get_cert( SSL *s )
-{
-	/* If peer cert was bad, treat as if no cert was given */
-	if (SSL_get_verify_result(s)) {
-		/* If we can send an alert, do so */
-		if (SSL_version(s) != SSL2_VERSION) {
-			ssl3_send_alert(s,SSL3_AL_WARNING,SSL3_AD_BAD_CERTIFICATE);
-		}
-		return NULL;
-	}
-	return SSL_get_peer_certificate(s);
-}
-
-static int
-tls_get_cert_dn( tls_session *session, struct berval *dnbv )
-{
-	X509_NAME *xn;
-	X509 *x = tls_get_cert( session );
-
-	if ( !x )
-		return LDAP_INVALID_CREDENTIALS;
-
-	xn = X509_get_subject_name(x);
-	dnbv->bv_len = i2d_X509_NAME( xn, NULL );
-	dnbv->bv_val = xn->bytes->data;
-	return 0;
-}
-#endif /* HAVE_GNUTLS */
-
-int
-ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn,
-	LDAPDN_rewrite_dummy *func, unsigned flags )
-{
-	tls_session *session = s;
-	struct berval bvdn;
-	int rc;
-
-	rc = tls_get_cert_dn( session, &bvdn );
-	if ( rc ) return rc;
-
-	rc = ldap_X509dn2bv( &bvdn, dn, 
-			    (LDAPDN_rewrite_func *)func, flags);
-	return rc;
-}
-
-/* what kind of hostname were we given? */
-#define	IS_DNS	0
-#define	IS_IP4	1
-#define	IS_IP6	2
-
-#ifdef HAVE_GNUTLS
-
-int
-ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
-{
-	tls_session *session = s;
-	int i, ret;
-	const gnutls_datum_t *peer_cert_list;
-	int list_size;
-	struct berval bv;
-	char altname[NI_MAXHOST];
-	size_t altnamesize;
-
-	gnutls_x509_crt_t cert;
-	gnutls_datum_t *x;
-	const char *name;
-	char *ptr;
-	char *domain = NULL;
-#ifdef LDAP_PF_INET6
-	struct in6_addr addr;
-#else
-	struct in_addr addr;
-#endif
-	int n, len1 = 0, len2 = 0;
-	int ntype = IS_DNS;
-	time_t now = time(0);
-
-	if( ldap_int_hostname &&
-		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
-	{
-		name = ldap_int_hostname;
-	} else {
-		name = name_in;
-	}
-
-	peer_cert_list = gnutls_certificate_get_peers( session->session, 
-						&list_size );
-	if ( !peer_cert_list ) {
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: unable to get peer certificate.\n",
-			0, 0, 0 );
-		/* If this was a fatal condition, things would have
-		 * aborted long before now.
-		 */
-		return LDAP_SUCCESS;
-	}
-	ret = gnutls_x509_crt_init( &cert );
-	if ( ret < 0 )
-		return LDAP_LOCAL_ERROR;
-	ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER );
-	if ( ret ) {
-		gnutls_x509_crt_deinit( cert );
-		return LDAP_LOCAL_ERROR;
-	}
-
-#ifdef LDAP_PF_INET6
-	if (name[0] == '[' && strchr(name, ']')) {
-		char *n2 = ldap_strdup(name+1);
-		*strchr(n2, ']') = 2;
-		if (inet_pton(AF_INET6, n2, &addr))
-			ntype = IS_IP6;
-		LDAP_FREE(n2);
-	} else 
-#endif
-	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
-		if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
-	}
-	
-	if (ntype == IS_DNS) {
-		len1 = strlen(name);
-		domain = strchr(name, '.');
-		if (domain) {
-			len2 = len1 - (domain-name);
-		}
-	}
-
-	for ( i=0, ret=0; ret >= 0; i++ ) {
-		altnamesize = sizeof(altname);
-		ret = gnutls_x509_crt_get_subject_alt_name( cert, i, 
-			altname, &altnamesize, NULL );
-		if ( ret < 0 ) break;
-
-		/* ignore empty */
-		if ( altnamesize == 0 ) continue;
-
-		if ( ret == GNUTLS_SAN_DNSNAME ) {
-			if (ntype != IS_DNS) continue;
-	
-			/* Is this an exact match? */
-			if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
-				break;
-			}
-
-			/* Is this a wildcard match? */
-			if (domain && (altname[0] == '*') && (altname[1] == '.') &&
-				(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2))
-			{
-				break;
-			}
-		} else if ( ret == GNUTLS_SAN_IPADDRESS ) {
-			if (ntype == IS_DNS) continue;
-
-#ifdef LDAP_PF_INET6
-			if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) {
-				continue;
-			} else
-#endif
-			if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) {
-				continue;
-			}
-			if (!memcmp(altname, &addr, altnamesize)) {
-				break;
-			}
-		}
-	}
-	if ( ret >= 0 ) {
-		ret = LDAP_SUCCESS;
-	} else {
-		altnamesize = sizeof(altname);
-		ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
-			0, 0, altname, &altnamesize );
-		if ( ret < 0 ) {
-			Debug( LDAP_DEBUG_ANY,
-				"TLS: unable to get common name from peer certificate.\n",
-				0, 0, 0 );
-			ret = LDAP_CONNECT_ERROR;
-			if ( ld->ld_error ) {
-				LDAP_FREE( ld->ld_error );
-			}
-			ld->ld_error = LDAP_STRDUP(
-				_("TLS: unable to get CN from peer certificate"));
-
-		} else {
-			ret = LDAP_LOCAL_ERROR;
-			if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) {
-				ret = LDAP_SUCCESS;
-
-			} else if (( altname[0] == '*' ) && ( altname[1] == '.' )) {
-					/* Is this a wildcard match? */
-				if( domain &&
-					(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) {
-					ret = LDAP_SUCCESS;
-				}
-			}
-		}
-
-		if( ret == LDAP_LOCAL_ERROR ) {
-			altname[altnamesize] = '\0';
-			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
-				"common name in certificate (%s).\n", 
-				name, altname, 0 );
-			ret = LDAP_CONNECT_ERROR;
-			if ( ld->ld_error ) {
-				LDAP_FREE( ld->ld_error );
-			}
-			ld->ld_error = LDAP_STRDUP(
-				_("TLS: hostname does not match CN in peer certificate"));
-		}
-	}
-	gnutls_x509_crt_deinit( cert );
-	return ret;
-}
-
-#else /* !HAVE_GNUTLS */
-
-int
-ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
-{
-	int i, ret = LDAP_LOCAL_ERROR;
-	X509 *x;
-	const char *name;
-	char *ptr;
-	int ntype = IS_DNS;
-#ifdef LDAP_PF_INET6
-	struct in6_addr addr;
-#else
-	struct in_addr addr;
-#endif
-
-	if( ldap_int_hostname &&
-		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
-	{
-		name = ldap_int_hostname;
-	} else {
-		name = name_in;
-	}
-
-	x = tls_get_cert((SSL *)s);
-	if (!x) {
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: unable to get peer certificate.\n",
-			0, 0, 0 );
-		/* If this was a fatal condition, things would have
-		 * aborted long before now.
-		 */
-		return LDAP_SUCCESS;
-	}
-
-#ifdef LDAP_PF_INET6
-	if (name[0] == '[' && strchr(name, ']')) {
-		char *n2 = ldap_strdup(name+1);
-		*strchr(n2, ']') = 2;
-		if (inet_pton(AF_INET6, n2, &addr))
-			ntype = IS_IP6;
-		LDAP_FREE(n2);
-	} else 
-#endif
-	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
-		if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
-	}
-	
-	i = X509_get_ext_by_NID(x, NID_subject_alt_name, -1);
-	if (i >= 0) {
-		X509_EXTENSION *ex;
-		STACK_OF(GENERAL_NAME) *alt;
-
-		ex = X509_get_ext(x, i);
-		alt = X509V3_EXT_d2i(ex);
-		if (alt) {
-			int n, len1 = 0, len2 = 0;
-			char *domain = NULL;
-			GENERAL_NAME *gn;
-
-			if (ntype == IS_DNS) {
-				len1 = strlen(name);
-				domain = strchr(name, '.');
-				if (domain) {
-					len2 = len1 - (domain-name);
-				}
-			}
-			n = sk_GENERAL_NAME_num(alt);
-			for (i=0; i<n; i++) {
-				char *sn;
-				int sl;
-				gn = sk_GENERAL_NAME_value(alt, i);
-				if (gn->type == GEN_DNS) {
-					if (ntype != IS_DNS) continue;
-
-					sn = (char *) ASN1_STRING_data(gn->d.ia5);
-					sl = ASN1_STRING_length(gn->d.ia5);
-
-					/* ignore empty */
-					if (sl == 0) continue;
-
-					/* Is this an exact match? */
-					if ((len1 == sl) && !strncasecmp(name, sn, len1)) {
-						break;
-					}
-
-					/* Is this a wildcard match? */
-					if (domain && (sn[0] == '*') && (sn[1] == '.') &&
-						(len2 == sl-1) && !strncasecmp(domain, &sn[1], len2))
-					{
-						break;
-					}
-
-				} else if (gn->type == GEN_IPADD) {
-					if (ntype == IS_DNS) continue;
-
-					sn = (char *) ASN1_STRING_data(gn->d.ia5);
-					sl = ASN1_STRING_length(gn->d.ia5);
-
-#ifdef LDAP_PF_INET6
-					if (ntype == IS_IP6 && sl != sizeof(struct in6_addr)) {
-						continue;
-					} else
-#endif
-					if (ntype == IS_IP4 && sl != sizeof(struct in_addr)) {
-						continue;
-					}
-					if (!memcmp(sn, &addr, sl)) {
-						break;
-					}
-				}
-			}
-
-			GENERAL_NAMES_free(alt);
-			if (i < n) {	/* Found a match */
-				ret = LDAP_SUCCESS;
-			}
-		}
-	}
-
-	if (ret != LDAP_SUCCESS) {
-		X509_NAME *xn;
-		char buf[2048];
-		buf[0] = '\0';
-
-		xn = X509_get_subject_name(x);
-		if( X509_NAME_get_text_by_NID( xn, NID_commonName,
-			buf, sizeof(buf)) == -1)
-		{
-			Debug( LDAP_DEBUG_ANY,
-				"TLS: unable to get common name from peer certificate.\n",
-				0, 0, 0 );
-			ret = LDAP_CONNECT_ERROR;
-			if ( ld->ld_error ) {
-				LDAP_FREE( ld->ld_error );
-			}
-			ld->ld_error = LDAP_STRDUP(
-				_("TLS: unable to get CN from peer certificate"));
-
-		} else if (strcasecmp(name, buf) == 0 ) {
-			ret = LDAP_SUCCESS;
-
-		} else if (( buf[0] == '*' ) && ( buf[1] == '.' )) {
-			char *domain = strchr(name, '.');
-			if( domain ) {
-				size_t dlen = 0;
-				size_t sl;
-
-				sl = strlen(name);
-				dlen = sl - (domain-name);
-				sl = strlen(buf);
-
-				/* Is this a wildcard match? */
-				if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) {
-					ret = LDAP_SUCCESS;
-				}
-			}
-		}
-
-		if( ret == LDAP_LOCAL_ERROR ) {
-			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
-				"common name in certificate (%s).\n", 
-				name, buf, 0 );
-			ret = LDAP_CONNECT_ERROR;
-			if ( ld->ld_error ) {
-				LDAP_FREE( ld->ld_error );
-			}
-			ld->ld_error = LDAP_STRDUP(
-				_("TLS: hostname does not match CN in peer certificate"));
-		}
-	}
-	X509_free(x);
-	return ret;
-}
-#endif
-
-int
-ldap_int_tls_config( LDAP *ld, int option, const char *arg )
-{
-	int i;
-
-	switch( option ) {
-	case LDAP_OPT_X_TLS_CACERTFILE:
-	case LDAP_OPT_X_TLS_CACERTDIR:
-	case LDAP_OPT_X_TLS_CERTFILE:
-	case LDAP_OPT_X_TLS_KEYFILE:
-	case LDAP_OPT_X_TLS_RANDOM_FILE:
-	case LDAP_OPT_X_TLS_CIPHER_SUITE:
-	case LDAP_OPT_X_TLS_DHFILE:
-#ifdef HAVE_GNUTLS
-	case LDAP_OPT_X_TLS_CRLFILE:
-#endif
-		return ldap_pvt_tls_set_option( ld, option, (void *) arg );
-
-	case LDAP_OPT_X_TLS_REQUIRE_CERT:
-	case LDAP_OPT_X_TLS:
-		i = -1;
-		if ( strcasecmp( arg, "never" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_NEVER ;
-
-		} else if ( strcasecmp( arg, "demand" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_DEMAND ;
-
-		} else if ( strcasecmp( arg, "allow" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_ALLOW ;
-
-		} else if ( strcasecmp( arg, "try" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_TRY ;
-
-		} else if ( ( strcasecmp( arg, "hard" ) == 0 ) ||
-			( strcasecmp( arg, "on" ) == 0 ) ||
-			( strcasecmp( arg, "yes" ) == 0) ||
-			( strcasecmp( arg, "true" ) == 0 ) )
-		{
-			i = LDAP_OPT_X_TLS_HARD ;
-		}
-
-		if (i >= 0) {
-			return ldap_pvt_tls_set_option( ld, option, &i );
-		}
-		return -1;
-#ifdef HAVE_OPENSSL_CRL
-	case LDAP_OPT_X_TLS_CRLCHECK:
-		i = -1;
-		if ( strcasecmp( arg, "none" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_CRL_NONE ;
-		} else if ( strcasecmp( arg, "peer" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_CRL_PEER ;
-		} else if ( strcasecmp( arg, "all" ) == 0 ) {
-			i = LDAP_OPT_X_TLS_CRL_ALL ;
-		}
-		if (i >= 0) {
-			return ldap_pvt_tls_set_option( ld, option, &i );
-		}
-		return -1;
-#endif
-	}
-	return -1;
-}
-
-int
-ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
-{
-	struct ldapoptions *lo;
-
-	if( ld != NULL ) {
-		assert( LDAP_VALID( ld ) );
-
-		if( !LDAP_VALID( ld ) ) {
-			return LDAP_OPT_ERROR;
-		}
-
-		lo = &ld->ld_options;
-
-	} else {
-		/* Get pointer to global option structure */
-		lo = LDAP_INT_GLOBAL_OPT();   
-		if ( lo == NULL ) {
-			return LDAP_NO_MEMORY;
-		}
-	}
-
-	switch( option ) {
-	case LDAP_OPT_X_TLS:
-		*(int *)arg = lo->ldo_tls_mode;
-		break;
-	case LDAP_OPT_X_TLS_CTX:
-		*(void **)arg = lo->ldo_tls_ctx;
-		if ( lo->ldo_tls_ctx ) {
-			tls_ctx_ref( lo->ldo_tls_ctx );
-		}
-		break;
-	case LDAP_OPT_X_TLS_CACERTFILE:
-		*(char **)arg = lo->ldo_tls_cacertfile ?
-			LDAP_STRDUP( lo->ldo_tls_cacertfile ) : NULL;
-		break;
-	case LDAP_OPT_X_TLS_CACERTDIR:
-		*(char **)arg = lo->ldo_tls_cacertdir ?
-			LDAP_STRDUP( lo->ldo_tls_cacertdir ) : NULL;
-		break;
-	case LDAP_OPT_X_TLS_CERTFILE:
-		*(char **)arg = lo->ldo_tls_certfile ?
-			LDAP_STRDUP( lo->ldo_tls_certfile ) : NULL;
-		break;
-	case LDAP_OPT_X_TLS_KEYFILE:
-		*(char **)arg = lo->ldo_tls_keyfile ?
-			LDAP_STRDUP( lo->ldo_tls_keyfile ) : NULL;
-		break;
-	case LDAP_OPT_X_TLS_DHFILE:
-		*(char **)arg = lo->ldo_tls_dhfile ?
-			LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL;
-		break;
-#ifdef HAVE_GNUTLS
-	case LDAP_OPT_X_TLS_CRLFILE:
-		*(char **)arg = lo->ldo_tls_crlfile ?
-			LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL;
-		break;
-#endif
-	case LDAP_OPT_X_TLS_REQUIRE_CERT:
-		*(int *)arg = lo->ldo_tls_require_cert;
-		break;
-#ifdef HAVE_OPENSSL_CRL
-	case LDAP_OPT_X_TLS_CRLCHECK:
-		*(int *)arg = lo->ldo_tls_crlcheck;
-		break;
-#endif
-	case LDAP_OPT_X_TLS_CIPHER_SUITE:
-		*(char **)arg = lo->ldo_tls_ciphersuite ?
-			LDAP_STRDUP( lo->ldo_tls_ciphersuite ) : NULL;
-		break;
-	case LDAP_OPT_X_TLS_RANDOM_FILE:
-#ifdef HAVE_OPENSSL
-		*(char **)arg = tls_opt_randfile ?
-			LDAP_STRDUP( tls_opt_randfile ) : NULL;
-#else
-		*(char **)arg = NULL;
-#endif
-		break;
-	case LDAP_OPT_X_TLS_SSL_CTX: {
-		void *retval = 0;
-		if ( ld != NULL ) {
-			LDAPConn *conn = ld->ld_defconn;
-			if ( conn != NULL ) {
-				Sockbuf *sb = conn->lconn_sb;
-				retval = ldap_pvt_tls_sb_ctx( sb );
-			}
-		}
-		*(void **)arg = retval;
-		break;
-	}
-	case LDAP_OPT_X_TLS_CONNECT_CB:
-		*(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
-		break;
-	case LDAP_OPT_X_TLS_CONNECT_ARG:
-		*(void **)arg = lo->ldo_tls_connect_arg;
-		break;
-	default:
-		return -1;
-	}
-	return 0;
-}
-
-int
-ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
-{
-	struct ldapoptions *lo;
-
-	if( ld != NULL ) {
-		assert( LDAP_VALID( ld ) );
-
-		if( !LDAP_VALID( ld ) ) {
-			return LDAP_OPT_ERROR;
-		}
-
-		lo = &ld->ld_options;
-
-	} else {
-		/* Get pointer to global option structure */
-		lo = LDAP_INT_GLOBAL_OPT();   
-		if ( lo == NULL ) {
-			return LDAP_NO_MEMORY;
-		}
-	}
-
-	switch( option ) {
-	case LDAP_OPT_X_TLS:
-		if ( !arg ) return -1;
-
-		switch( *(int *) arg ) {
-		case LDAP_OPT_X_TLS_NEVER:
-		case LDAP_OPT_X_TLS_DEMAND:
-		case LDAP_OPT_X_TLS_ALLOW:
-		case LDAP_OPT_X_TLS_TRY:
-		case LDAP_OPT_X_TLS_HARD:
-			if (lo != NULL) {
-				lo->ldo_tls_mode = *(int *)arg;
-			}
-
-			return 0;
-		}
-		return -1;
-
-	case LDAP_OPT_X_TLS_CTX:
-		if ( lo->ldo_tls_ctx )
-			ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
-		lo->ldo_tls_ctx = arg;
-		tls_ctx_ref( lo->ldo_tls_ctx );
-		return 0;
-	case LDAP_OPT_X_TLS_CONNECT_CB:
-		lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
-		return 0;
-	case LDAP_OPT_X_TLS_CONNECT_ARG:
-		lo->ldo_tls_connect_arg = arg;
-		return 0;
-	case LDAP_OPT_X_TLS_CACERTFILE:
-		if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile );
-		lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-	case LDAP_OPT_X_TLS_CACERTDIR:
-		if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir );
-		lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-	case LDAP_OPT_X_TLS_CERTFILE:
-		if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile );
-		lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-	case LDAP_OPT_X_TLS_KEYFILE:
-		if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile );
-		lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-	case LDAP_OPT_X_TLS_DHFILE:
-		if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
-		lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-#ifdef HAVE_GNUTLS
-	case LDAP_OPT_X_TLS_CRLFILE:
-		if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
-		lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-#endif
-	case LDAP_OPT_X_TLS_REQUIRE_CERT:
-		if ( !arg ) return -1;
-		switch( *(int *) arg ) {
-		case LDAP_OPT_X_TLS_NEVER:
-		case LDAP_OPT_X_TLS_DEMAND:
-		case LDAP_OPT_X_TLS_ALLOW:
-		case LDAP_OPT_X_TLS_TRY:
-		case LDAP_OPT_X_TLS_HARD:
-			lo->ldo_tls_require_cert = * (int *) arg;
-			return 0;
-		}
-		return -1;
-#ifdef HAVE_OPENSSL_CRL
-	case LDAP_OPT_X_TLS_CRLCHECK:
-		if ( !arg ) return -1;
-		switch( *(int *) arg ) {
-		case LDAP_OPT_X_TLS_CRL_NONE:
-		case LDAP_OPT_X_TLS_CRL_PEER:
-		case LDAP_OPT_X_TLS_CRL_ALL:
-			lo->ldo_tls_crlcheck = * (int *) arg;
-			return 0;
-		}
-		return -1;
-#endif
-	case LDAP_OPT_X_TLS_CIPHER_SUITE:
-		if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite );
-		lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-		return 0;
-
-	case LDAP_OPT_X_TLS_RANDOM_FILE:
-		if ( ld != NULL )
-			return -1;
-#ifdef HAVE_OPENSSL
-		if (tls_opt_randfile ) LDAP_FREE (tls_opt_randfile );
-		tls_opt_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
-#endif
-		break;
-
-	case LDAP_OPT_X_TLS_NEWCTX:
-		if ( !arg ) return -1;
-		if ( lo->ldo_tls_ctx )
-			ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
-		lo->ldo_tls_ctx = NULL;
-		return ldap_int_tls_init_ctx( lo, *(int *)arg );
-	default:
-		return -1;
-	}
-	return 0;
-}
-
-int
-ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
-{
-	Sockbuf *sb = conn->lconn_sb;
-	char *host;
-	void *ssl;
-
-	if( srv ) {
-		host = srv->lud_host;
-	} else {
- 		host = conn->lconn_server->lud_host;
-	}
-
-	/* avoid NULL host */
-	if( host == NULL ) {
-		host = "localhost";
-	}
-
-	(void) ldap_pvt_tls_init();
-
-	/*
-	 * Fortunately, the lib uses blocking io...
-	 */
-	if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
-		ld->ld_errno = LDAP_CONNECT_ERROR;
-		return (ld->ld_errno);
-	}
-
-	ssl = ldap_pvt_tls_sb_ctx( sb );
-	assert( ssl != NULL );
-
-	/* 
-	 * compare host with name(s) in certificate
-	 */
-	if (ld->ld_options.ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER) {
-		ld->ld_errno = ldap_pvt_tls_check_hostname( ld, ssl, host );
-		if (ld->ld_errno != LDAP_SUCCESS) {
-			return ld->ld_errno;
-		}
-	}
-
-	return LDAP_SUCCESS;
-}
-
-#ifdef HAVE_OPENSSL
-/* Derived from openssl/apps/s_cb.c */
-static void
-tls_info_cb( const SSL *ssl, int where, int ret )
-{
-	int w;
-	char *op;
-	char *state = (char *) SSL_state_string_long( (SSL *)ssl );
-
-	w = where & ~SSL_ST_MASK;
-	if ( w & SSL_ST_CONNECT ) {
-		op = "SSL_connect";
-	} else if ( w & SSL_ST_ACCEPT ) {
-		op = "SSL_accept";
-	} else {
-		op = "undefined";
-	}
-
-#ifdef HAVE_EBCDIC
-	if ( state ) {
-		state = LDAP_STRDUP( state );
-		__etoa( state );
-	}
-#endif
-	if ( where & SSL_CB_LOOP ) {
-		Debug( LDAP_DEBUG_TRACE,
-			   "TLS trace: %s:%s\n",
-			   op, state, 0 );
-
-	} else if ( where & SSL_CB_ALERT ) {
-		char *atype = (char *) SSL_alert_type_string_long( ret );
-		char *adesc = (char *) SSL_alert_desc_string_long( ret );
-		op = ( where & SSL_CB_READ ) ? "read" : "write";
-#ifdef HAVE_EBCDIC
-		if ( atype ) {
-			atype = LDAP_STRDUP( atype );
-			__etoa( atype );
-		}
-		if ( adesc ) {
-			adesc = LDAP_STRDUP( adesc );
-			__etoa( adesc );
-		}
-#endif
-		Debug( LDAP_DEBUG_TRACE,
-			   "TLS trace: SSL3 alert %s:%s:%s\n",
-			   op, atype, adesc );
-#ifdef HAVE_EBCDIC
-		if ( atype ) LDAP_FREE( atype );
-		if ( adesc ) LDAP_FREE( adesc );
-#endif
-	} else if ( where & SSL_CB_EXIT ) {
-		if ( ret == 0 ) {
-			Debug( LDAP_DEBUG_TRACE,
-				   "TLS trace: %s:failed in %s\n",
-				   op, state, 0 );
-		} else if ( ret < 0 ) {
-			Debug( LDAP_DEBUG_TRACE,
-				   "TLS trace: %s:error in %s\n",
-				   op, state, 0 );
-		}
-	}
-#ifdef HAVE_EBCDIC
-	if ( state ) LDAP_FREE( state );
-#endif
-}
-
-static int
-tls_verify_cb( int ok, X509_STORE_CTX *ctx )
-{
-	X509 *cert;
-	int errnum;
-	int errdepth;
-	X509_NAME *subject;
-	X509_NAME *issuer;
-	char *sname;
-	char *iname;
-	char *certerr = NULL;
-
-	cert = X509_STORE_CTX_get_current_cert( ctx );
-	errnum = X509_STORE_CTX_get_error( ctx );
-	errdepth = X509_STORE_CTX_get_error_depth( ctx );
-
-	/*
-	 * X509_get_*_name return pointers to the internal copies of
-	 * those things requested.  So do not free them.
-	 */
-	subject = X509_get_subject_name( cert );
-	issuer = X509_get_issuer_name( cert );
-	/* X509_NAME_oneline, if passed a NULL buf, allocate memomry */
-	sname = X509_NAME_oneline( subject, NULL, 0 );
-	iname = X509_NAME_oneline( issuer, NULL, 0 );
-	if ( !ok ) certerr = (char *)X509_verify_cert_error_string( errnum );
-#ifdef HAVE_EBCDIC
-	if ( sname ) __etoa( sname );
-	if ( iname ) __etoa( iname );
-	if ( certerr ) {
-		certerr = LDAP_STRDUP( certerr );
-		__etoa( certerr );
-	}
-#endif
-	Debug( LDAP_DEBUG_TRACE,
-		   "TLS certificate verification: depth: %d, err: %d, subject: %s,",
-		   errdepth, errnum,
-		   sname ? sname : "-unknown-" );
-	Debug( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-", 0, 0 );
-	if ( !ok ) {
-		Debug( LDAP_DEBUG_ANY,
-			"TLS certificate verification: Error, %s\n",
-			certerr, 0, 0 );
-	}
-	if ( sname )
-		CRYPTO_free ( sname );
-	if ( iname )
-		CRYPTO_free ( iname );
-#ifdef HAVE_EBCDIC
-	if ( certerr ) LDAP_FREE( certerr );
-#endif
-	return ok;
-}
-
-static int
-tls_verify_ok( int ok, X509_STORE_CTX *ctx )
-{
-	(void) tls_verify_cb( ok, ctx );
-	return 1;
-}
-
-/* Inspired by ERR_print_errors in OpenSSL */
-static void
-tls_report_error( void )
-{
-	unsigned long l;
-	char buf[200];
-	const char *file;
-	int line;
-
-	while ( ( l = ERR_get_error_line( &file, &line ) ) != 0 ) {
-		ERR_error_string_n( l, buf, sizeof( buf ) );
-#ifdef HAVE_EBCDIC
-		if ( file ) {
-			file = LDAP_STRDUP( file );
-			__etoa( (char *)file );
-		}
-		__etoa( buf );
-#endif
-		Debug( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n",
-			buf, file, line );
-#ifdef HAVE_EBCDIC
-		if ( file ) LDAP_FREE( (void *)file );
-#endif
-	}
-}
-
-static RSA *
-tls_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
-{
-	RSA *tmp_rsa;
-
-	/* FIXME:  Pregenerate the key on startup */
-	/* FIXME:  Who frees the key? */
-	tmp_rsa = RSA_generate_key( key_length, RSA_F4, NULL, NULL );
-
-	if ( !tmp_rsa ) {
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: Failed to generate temporary %d-bit %s RSA key\n",
-			key_length, is_export ? "export" : "domestic", 0 );
-		return NULL;
-	}
-	return tmp_rsa;
-}
-
-static int
-tls_seed_PRNG( const char *randfile )
-{
-#ifndef URANDOM_DEVICE
-	/* no /dev/urandom (or equiv) */
-	long total=0;
-	char buffer[MAXPATHLEN];
-
-	if (randfile == NULL) {
-		/* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
-		 * If $HOME is not set or buffer too small to hold the pathname,
-		 * an error occurs.	- From RAND_file_name() man page.
-		 * The fact is that when $HOME is NULL, .rnd is used.
-		 */
-		randfile = RAND_file_name( buffer, sizeof( buffer ) );
-
-	} else if (RAND_egd(randfile) > 0) {
-		/* EGD socket */
-		return 0;
-	}
-
-	if (randfile == NULL) {
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: Use configuration file or $RANDFILE to define seed PRNG\n",
-			0, 0, 0);
-		return -1;
-	}
-
-	total = RAND_load_file(randfile, -1);
-
-	if (RAND_status() == 0) {
-		Debug( LDAP_DEBUG_ANY,
-			"TLS: PRNG not been seeded with enough data\n",
-			0, 0, 0);
-		return -1;
-	}
-
-	/* assume if there was enough bits to seed that it's okay
-	 * to write derived bits to the file
-	 */
-	RAND_write_file(randfile);
-
-#endif
-
-	return 0;
-}
-
-struct dhinfo {
-	int keylength;
-	const char *pem;
-	size_t size;
-};
-
-
-/* From the OpenSSL 0.9.7 distro */
-static const char dhpem512[] =
-"-----BEGIN DH PARAMETERS-----\n\
-MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn\n\
-a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC\n\
------END DH PARAMETERS-----\n";
-
-static const char dhpem1024[] =
-"-----BEGIN DH PARAMETERS-----\n\
-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\
-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\
-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\
------END DH PARAMETERS-----\n";
-
-static const char dhpem2048[] =
-"-----BEGIN DH PARAMETERS-----\n\
-MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o\n\
-AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh\n\
-z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo\n\
-pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW\n\
-aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA\n\
-Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==\n\
------END DH PARAMETERS-----\n";
-
-static const char dhpem4096[] =
-"-----BEGIN DH PARAMETERS-----\n\
-MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7\n\
-vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H\n\
-TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF\n\
-bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1\n\
-rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE\n\
-EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9\n\
-bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3\n\
-W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH\n\
-ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb\n\
-NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR\n\
-jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=\n\
------END DH PARAMETERS-----\n";
-
-static const struct dhinfo dhpem[] = {
-	{ 512, dhpem512, sizeof(dhpem512) },
-	{ 1024, dhpem1024, sizeof(dhpem1024) },
-	{ 2048, dhpem2048, sizeof(dhpem2048) },
-	{ 4096, dhpem4096, sizeof(dhpem4096) },
-	{ 0, NULL, 0 }
-};
-
-static DH *
-tls_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
-{
-	struct dhplist *p = NULL;
-	BIO *b = NULL;
-	DH *dh = NULL;
-	int i;
-
-	/* Do we have params of this length already? */
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
-#endif
-	for ( p = dhparams; p; p=p->next ) {
-		if ( p->keylength == key_length ) {
-#ifdef LDAP_R_COMPILE
-			ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
-#endif
-			return p->param;
-		}
-	}
-
-	/* No - check for hardcoded params */
-
-	for (i=0; dhpem[i].keylength; i++) {
-		if ( dhpem[i].keylength == key_length ) {
-			b = BIO_new_mem_buf( (char *)dhpem[i].pem, dhpem[i].size );
-			break;
-		}
-	}
-
-	if ( b ) {
-		dh = PEM_read_bio_DHparams( b, NULL, NULL, NULL );
-		BIO_free( b );
-	}
-
-	/* Generating on the fly is expensive/slow... */
-	if ( !dh ) {
-		dh = DH_generate_parameters( key_length, DH_GENERATOR_2, NULL, NULL );
-	}
-	if ( dh ) {
-		p = LDAP_MALLOC( sizeof(struct dhplist) );
-		if ( p != NULL ) {
-			p->keylength = key_length;
-			p->param = dh;
-			p->next = dhparams;
-			dhparams = p;
-		}
-	}
-
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
-#endif
-	return dh;
-}
-#endif
-
-#endif /* HAVE_OPENSSL */
-
-void *
-ldap_pvt_tls_sb_ctx( Sockbuf *sb )
-{
-#ifdef HAVE_TLS
-	void			*p;
-	
-	if (HAS_TLS( sb )) {
-		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
-		return p;
-	}
-#endif
-
-	return NULL;
-}
-
-int
-ldap_pvt_tls_get_strength( void *s )
-{
-#ifdef HAVE_OPENSSL
-	SSL_CIPHER *c;
-
-	c = SSL_get_current_cipher((SSL *)s);
-	return SSL_CIPHER_get_bits(c, NULL);
-#elif defined(HAVE_GNUTLS)
-	tls_session *session = s;
-	gnutls_cipher_algorithm_t c;
-
-	c = gnutls_cipher_get( session->session );
-	return gnutls_cipher_get_key_size( c ) * 8;
-#else
-	return 0;
-#endif
-}
-
-
-int
-ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
-{
-#ifdef HAVE_TLS
-	struct berval der_dn;
-	int rc;
-#ifdef HAVE_OPENSSL
-	X509 *x;
-	X509_NAME *xn;
-
-	x = SSL_get_certificate((SSL *)s);
-
-	if (!x) return LDAP_INVALID_CREDENTIALS;
-	
-	xn = X509_get_subject_name(x);
-	der_dn.bv_len = i2d_X509_NAME( xn, NULL );
-	der_dn.bv_val = xn->bytes->data;
-#elif defined(HAVE_GNUTLS)
-	tls_session *session = s;
-	const gnutls_datum_t *x;
-	struct berval bv;
-
-	x = gnutls_certificate_get_ours( session->session );
-
-	if (!x) return LDAP_INVALID_CREDENTIALS;
-	
-	bv.bv_val = x->data;
-	bv.bv_len = x->size;
-
-	x509_cert_get_dn( &bv, &der_dn, 1 );
-#endif
-	rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
-	return rc;
-#else /* !HAVE_TLS */
-	return LDAP_NOT_SUPPORTED;
-#endif
-}
-
-int
-ldap_start_tls( LDAP *ld,
-	LDAPControl **serverctrls,
-	LDAPControl **clientctrls,
-	int *msgidp )
-{
-	return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
-		NULL, serverctrls, clientctrls, msgidp );
-}
-
-int
-ldap_install_tls( LDAP *ld )
-{
-#ifndef HAVE_TLS
-	return LDAP_NOT_SUPPORTED;
-#else
-	if ( ldap_tls_inplace( ld ) ) {
-		return LDAP_LOCAL_ERROR;
-	}
-
-	return ldap_int_tls_start( ld, ld->ld_defconn, NULL );
-#endif
-}
-
-int
-ldap_start_tls_s ( LDAP *ld,
-	LDAPControl **serverctrls,
-	LDAPControl **clientctrls )
-{
-#ifndef HAVE_TLS
-	return LDAP_NOT_SUPPORTED;
-#else
-	int rc;
-	char *rspoid = NULL;
-	struct berval *rspdata = NULL;
-
-	/* XXYYZ: this initiates operation only on default connection! */
-
-	if ( ldap_tls_inplace( ld ) ) {
-		return LDAP_LOCAL_ERROR;
-	}
-
-	rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS,
-		NULL, serverctrls, clientctrls, &rspoid, &rspdata );
-
-	if ( rspoid != NULL ) {
-		LDAP_FREE(rspoid);
-	}
-
-	if ( rspdata != NULL ) {
-		ber_bvfree( rspdata );
-	}
-
-	if ( rc == LDAP_SUCCESS ) {
-		rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL );
-	}
-
-	return rc;
-#endif
-}
-
-/* These tags probably all belong in lber.h, but they're
- * not normally encountered when processing LDAP, so maybe
- * they belong somewhere else instead.
- */
-
-#define LBER_TAG_OID		((ber_tag_t) 0x06UL)
-
-/* Tags for string types used in a DirectoryString.
- *
- * Note that IA5string is not one of the defined choices for
- * DirectoryString in X.520, but it gets used for email AVAs.
- */
-#define	LBER_TAG_UTF8		((ber_tag_t) 0x0cUL)
-#define	LBER_TAG_PRINTABLE	((ber_tag_t) 0x13UL)
-#define	LBER_TAG_TELETEX	((ber_tag_t) 0x14UL)
-#define	LBER_TAG_IA5		((ber_tag_t) 0x16UL)
-#define	LBER_TAG_UNIVERSAL	((ber_tag_t) 0x1cUL)
-#define	LBER_TAG_BMP		((ber_tag_t) 0x1eUL)
-
-static oid_name *
-find_oid( struct berval *oid )
-{
-	int i;
-
-	for ( i=0; !BER_BVISNULL( &oids[i].oid ); i++ ) {
-		if ( oids[i].oid.bv_len != oid->bv_len ) continue;
-		if ( !strcmp( oids[i].oid.bv_val, oid->bv_val ))
-			return &oids[i];
-	}
-	return NULL;
-}
-
-/* Convert a structured DN from an X.509 certificate into an LDAPV3 DN.
- * x509_name must be raw DER. If func is non-NULL, the
- * constructed DN will use numeric OIDs to identify attributeTypes,
- * and the func() will be invoked to rewrite the DN with the given
- * flags.
- *
- * Otherwise the DN will use shortNames from a hardcoded table.
- */
-int
-ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
-	unsigned flags )
-{
-	LDAPDN	newDN;
-	LDAPRDN	newRDN;
-	LDAPAVA *newAVA, *baseAVA;
-	BerElementBuffer berbuf;
-	BerElement *ber = (BerElement *)&berbuf;
-	char oids[8192], *oidptr = oids, *oidbuf = NULL;
-	void *ptrs[2048];
-	char *dn_end, *rdn_end;
-	int i, navas, nrdns, rc = LDAP_SUCCESS;
-	size_t dnsize, oidrem = sizeof(oids), oidsize = 0;
-	int csize;
-	ber_tag_t tag;
-	ber_len_t len;
-	oid_name *oidname;
-
-	struct berval	Oid, Val, oid2, *in = x509_name;
-
-	assert( bv != NULL );
-
-	bv->bv_len = 0;
-	bv->bv_val = NULL;
-
-	navas = 0;
-	nrdns = 0;
-
-	/* A DN is a SEQUENCE of RDNs. An RDN is a SET of AVAs.
-	 * An AVA is a SEQUENCE of attr and value.
-	 * Count the number of AVAs and RDNs
-	 */
-	ber_init2( ber, in, LBER_USE_DER );
-	tag = ber_peek_tag( ber, &len );
-	if ( tag != LBER_SEQUENCE )
-		return LDAP_DECODING_ERROR;
-
-	for ( tag = ber_first_element( ber, &len, &dn_end );
-		tag == LBER_SET;
-		tag = ber_next_element( ber, &len, dn_end )) {
-		nrdns++;
-		for ( tag = ber_first_element( ber, &len, &rdn_end );
-			tag == LBER_SEQUENCE;
-			tag = ber_next_element( ber, &len, rdn_end )) {
-			tag = ber_skip_tag( ber, &len );
-			ber_skip_data( ber, len );
-			navas++;
-		}
-	}
-
-	/* Allocate the DN/RDN/AVA stuff as a single block */    
-	dnsize = sizeof(LDAPRDN) * (nrdns+1);
-	dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
-	dnsize += sizeof(LDAPAVA) * navas;
-	if (dnsize > sizeof(ptrs)) {
-		newDN = (LDAPDN)LDAP_MALLOC( dnsize );
-		if ( newDN == NULL )
-			return LDAP_NO_MEMORY;
-	} else {
-		newDN = (LDAPDN)(char *)ptrs;
-	}
-	
-	newDN[nrdns] = NULL;
-	newRDN = (LDAPRDN)(newDN + nrdns+1);
-	newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
-	baseAVA = newAVA;
-
-	/* Rewind and start extracting */
-	ber_rewind( ber );
-
-	tag = ber_first_element( ber, &len, &dn_end );
-	for ( i = nrdns - 1; i >= 0; i-- ) {
-		newDN[i] = newRDN;
-
-		for ( tag = ber_first_element( ber, &len, &rdn_end );
-			tag == LBER_SEQUENCE;
-			tag = ber_next_element( ber, &len, rdn_end )) {
-
-			*newRDN++ = newAVA;
-			tag = ber_skip_tag( ber, &len );
-			tag = ber_get_stringbv( ber, &Oid, LBER_BV_NOTERM );
-			if ( tag != LBER_TAG_OID ) {
-				rc = LDAP_DECODING_ERROR;
-				goto nomem;
-			}
-
-			oid2.bv_val = oidptr;
-			oid2.bv_len = oidrem;
-			if ( ber_decode_oid( &Oid, &oid2 ) < 0 ) {
-				rc = LDAP_DECODING_ERROR;
-				goto nomem;
-			}
-			oidname = find_oid( &oid2 );
-			if ( !oidname ) {
-				newAVA->la_attr = oid2;
-				oidptr += oid2.bv_len + 1;
-				oidrem -= oid2.bv_len + 1;
-
-				/* Running out of OID buffer space? */
-				if (oidrem < 128) {
-					if ( oidsize == 0 ) {
-						oidsize = sizeof(oids) * 2;
-						oidrem = oidsize;
-						oidbuf = LDAP_MALLOC( oidsize );
-						if ( oidbuf == NULL ) goto nomem;
-						oidptr = oidbuf;
-					} else {
-						char *old = oidbuf;
-						oidbuf = LDAP_REALLOC( oidbuf, oidsize*2 );
-						if ( oidbuf == NULL ) goto nomem;
-						/* Buffer moved! Fix AVA pointers */
-						if ( old != oidbuf ) {
-							LDAPAVA *a;
-							long dif = oidbuf - old;
-
-							for (a=baseAVA; a<=newAVA; a++){
-								if (a->la_attr.bv_val >= old &&
-									a->la_attr.bv_val <= (old + oidsize))
-									a->la_attr.bv_val += dif;
-							}
-						}
-						oidptr = oidbuf + oidsize - oidrem;
-						oidrem += oidsize;
-						oidsize *= 2;
-					}
-				}
-			} else {
-				if ( func ) {
-					newAVA->la_attr = oidname->oid;
-				} else {
-					newAVA->la_attr = oidname->name;
-				}
-			}
-			tag = ber_get_stringbv( ber, &Val, LBER_BV_NOTERM );
-			switch(tag) {
-			case LBER_TAG_UNIVERSAL:
-				/* This uses 32-bit ISO 10646-1 */
-				csize = 4; goto to_utf8;
-			case LBER_TAG_BMP:
-				/* This uses 16-bit ISO 10646-1 */
-				csize = 2; goto to_utf8;
-			case LBER_TAG_TELETEX:
-				/* This uses 8-bit, assume ISO 8859-1 */
-				csize = 1;
-to_utf8:		rc = ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value );
-				newAVA->la_flags |= LDAP_AVA_FREE_VALUE;
-				if (rc != LDAP_SUCCESS) goto nomem;
-				newAVA->la_flags = LDAP_AVA_NONPRINTABLE;
-				break;
-			case LBER_TAG_UTF8:
-				newAVA->la_flags = LDAP_AVA_NONPRINTABLE;
-				/* This is already in UTF-8 encoding */
-			case LBER_TAG_IA5:
-			case LBER_TAG_PRINTABLE:
-				/* These are always 7-bit strings */
-				newAVA->la_value = Val;
-			default:
-				;
-			}
-			newAVA->la_private = NULL;
-			newAVA->la_flags = LDAP_AVA_STRING;
-			newAVA++;
-		}
-		*newRDN++ = NULL;
-		tag = ber_next_element( ber, &len, dn_end );
-	}
-		
-	if ( func ) {
-		rc = func( newDN, flags, NULL );
-		if ( rc != LDAP_SUCCESS )
-			goto nomem;
-	}
-
-	rc = ldap_dn2bv_x( newDN, bv, LDAP_DN_FORMAT_LDAPV3, NULL );
-
-nomem:
-	for (;baseAVA < newAVA; baseAVA++) {
-		if (baseAVA->la_flags & LDAP_AVA_FREE_ATTR)
-			LDAP_FREE( baseAVA->la_attr.bv_val );
-		if (baseAVA->la_flags & LDAP_AVA_FREE_VALUE)
-			LDAP_FREE( baseAVA->la_value.bv_val );
-	}
-
-	if ( oidsize != 0 )
-		LDAP_FREE( oidbuf );
-	if ( newDN != (LDAPDN)(char *) ptrs )
-		LDAP_FREE( newDN );
-	return rc;
-}
-

Copied: openldap/vendor/openldap-release/libraries/libldap/tls2.c (from rev 1194, openldap/vendor/openldap-release/libraries/libldap/tls.c)
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls2.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/tls2.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,1171 @@
+/* tls.c - Handle tls/ssl. */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls2.c,v 1.4.2.3 2009/02/08 06:06:04 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS: restructured by Howard Chu.
+ */
+
+#include "portable.h"
+#include "ldap_config.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <ac/param.h>
+#include <ac/dirent.h>
+
+#include "ldap-int.h"
+
+#ifdef HAVE_TLS
+
+#include "ldap-tls.h"
+
+#ifdef LDAP_R_COMPILE
+#include <ldap_pvt_thread.h>
+#endif
+
+static tls_impl *tls_imp = &ldap_int_tls_impl;
+#define HAS_TLS( sb )	ber_sockbuf_ctrl( sb, LBER_SB_OPT_HAS_IO, \
+				(void *)tls_imp->ti_sbio )
+
+#endif /* HAVE_TLS */
+
+/* RFC2459 minimum required set of supported attribute types
+ * in a certificate DN
+ */
+typedef struct oid_name {
+	struct berval oid;
+	struct berval name;
+} oid_name;
+
+static oid_name oids[] = {
+	{ BER_BVC("2.5.4.3"), BER_BVC("cn") },
+	{ BER_BVC("2.5.4.4"), BER_BVC("sn") },
+	{ BER_BVC("2.5.4.6"), BER_BVC("c") },
+	{ BER_BVC("2.5.4.7"), BER_BVC("l") },
+	{ BER_BVC("2.5.4.8"), BER_BVC("st") },
+	{ BER_BVC("2.5.4.10"), BER_BVC("o") },
+	{ BER_BVC("2.5.4.11"), BER_BVC("ou") },
+	{ BER_BVC("2.5.4.12"), BER_BVC("title") },
+	{ BER_BVC("2.5.4.41"), BER_BVC("name") },
+	{ BER_BVC("2.5.4.42"), BER_BVC("givenName") },
+	{ BER_BVC("2.5.4.43"), BER_BVC("initials") },
+	{ BER_BVC("2.5.4.44"), BER_BVC("generationQualifier") },
+	{ BER_BVC("2.5.4.46"), BER_BVC("dnQualifier") },
+	{ BER_BVC("1.2.840.113549.1.9.1"), BER_BVC("email") },
+	{ BER_BVC("0.9.2342.19200300.100.1.25"), BER_BVC("dc") },
+	{ BER_BVNULL, BER_BVNULL }
+};
+
+#ifdef HAVE_TLS
+
+void
+ldap_pvt_tls_ctx_free ( void *c )
+{
+	if ( !c ) return;
+	tls_imp->ti_ctx_free( c );
+}
+
+static void
+tls_ctx_ref( tls_ctx *ctx )
+{
+	if ( !ctx ) return;
+
+	tls_imp->ti_ctx_ref( ctx );
+}
+
+#ifdef LDAP_R_COMPILE
+/*
+ * an extra mutex for the default ctx.
+ */
+static ldap_pvt_thread_mutex_t tls_def_ctx_mutex;
+#endif
+
+void
+ldap_int_tls_destroy( struct ldapoptions *lo )
+{
+	if ( lo->ldo_tls_ctx ) {
+		ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
+		lo->ldo_tls_ctx = NULL;
+	}
+
+	if ( lo->ldo_tls_certfile ) {
+		LDAP_FREE( lo->ldo_tls_certfile );
+		lo->ldo_tls_certfile = NULL;
+	}
+	if ( lo->ldo_tls_keyfile ) {
+		LDAP_FREE( lo->ldo_tls_keyfile );
+		lo->ldo_tls_keyfile = NULL;
+	}
+	if ( lo->ldo_tls_dhfile ) {
+		LDAP_FREE( lo->ldo_tls_dhfile );
+		lo->ldo_tls_dhfile = NULL;
+	}
+	if ( lo->ldo_tls_cacertfile ) {
+		LDAP_FREE( lo->ldo_tls_cacertfile );
+		lo->ldo_tls_cacertfile = NULL;
+	}
+	if ( lo->ldo_tls_cacertdir ) {
+		LDAP_FREE( lo->ldo_tls_cacertdir );
+		lo->ldo_tls_cacertdir = NULL;
+	}
+	if ( lo->ldo_tls_ciphersuite ) {
+		LDAP_FREE( lo->ldo_tls_ciphersuite );
+		lo->ldo_tls_ciphersuite = NULL;
+	}
+	if ( lo->ldo_tls_crlfile ) {
+		LDAP_FREE( lo->ldo_tls_crlfile );
+		lo->ldo_tls_crlfile = NULL;
+	}
+}
+
+/*
+ * Tear down the TLS subsystem. Should only be called once.
+ */
+void
+ldap_pvt_tls_destroy( void )
+{
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+	int i;
+
+	ldap_int_tls_destroy( lo );
+
+	tls_imp->ti_tls_destroy();
+}
+
+/*
+ * Initialize a particular TLS implementation.
+ * Called once per implementation.
+ */
+static int
+tls_init(tls_impl *impl )
+{
+	static int tls_initialized = 0;
+
+	if ( !tls_initialized++ ) {
+#ifdef LDAP_R_COMPILE
+		ldap_pvt_thread_mutex_init( &tls_def_ctx_mutex );
+#endif
+	}
+
+	if ( impl->ti_inited++ ) return 0;
+
+#ifdef LDAP_R_COMPILE
+	impl->ti_thr_init();
+#endif
+	return impl->ti_tls_init();
+}
+
+/*
+ * Initialize TLS subsystem. Called once per implementation.
+ */
+int
+ldap_pvt_tls_init( void )
+{
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+
+	return tls_init( tls_imp );
+}
+
+/*
+ * initialize a new TLS context
+ */
+static int
+ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server )
+{
+	int i, rc = 0;
+	tls_impl *ti = tls_imp;
+	struct ldaptls lts = lo->ldo_tls_info;
+
+	if ( lo->ldo_tls_ctx )
+		return 0;
+
+	tls_init( ti );
+
+	if ( is_server && !lts.lt_certfile && !lts.lt_keyfile &&
+		!lts.lt_cacertfile && !lts.lt_cacertdir ) {
+		/* minimum configuration not provided */
+		return LDAP_NOT_SUPPORTED;
+	}
+
+#ifdef HAVE_EBCDIC
+	/* This ASCII/EBCDIC handling is a real pain! */
+	if ( lts.lt_ciphersuite ) {
+		lts.lt_ciphersuite = LDAP_STRDUP( lts.lt_ciphersuite );
+		__atoe( lts.lt_ciphersuite );
+	}
+	if ( lts.lt_cacertfile ) {
+		lts.lt_cacertfile = LDAP_STRDUP( lts.lt_cacertfile );
+		__atoe( lts.lt_cacertfile );
+	}
+	if ( lts.lt_certfile ) {
+		lts.lt_certfile = LDAP_STRDUP( lts.lt_certfile );
+		__atoe( lts.lt_certfile );
+	}
+	if ( lts.lt_keyfile ) {
+		lts.lt_keyfile = LDAP_STRDUP( lts.lt_keyfile );
+		__atoe( lts.lt_keyfile );
+	}
+	if ( lts.lt_crlfile ) {
+		lts.lt_crlfile = LDAP_STRDUP( lts.lt_crlfile );
+		__atoe( lts.lt_crlfile );
+	}
+	if ( lts.lt_cacertdir ) {
+		lts.lt_cacertdir = LDAP_STRDUP( lts.lt_cacertdir );
+		__atoe( lts.lt_cacertdir );
+	}
+	if ( lts.lt_dhfile ) {
+		lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile );
+		__atoe( lts.lt_dhfile );
+	}
+#endif
+	lo->ldo_tls_ctx = ti->ti_ctx_new( lo );
+	if ( lo->ldo_tls_ctx == NULL ) {
+		Debug( LDAP_DEBUG_ANY,
+		   "TLS: could not allocate default ctx.\n",
+			0,0,0);
+		rc = -1;
+		goto error_exit;
+	}
+
+	rc = ti->ti_ctx_init( lo, &lts, is_server );
+
+error_exit:
+	if ( rc < 0 && lo->ldo_tls_ctx != NULL ) {
+		ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
+		lo->ldo_tls_ctx = NULL;
+	}
+#ifdef HAVE_EBCDIC
+	LDAP_FREE( lts.lt_ciphersuite );
+	LDAP_FREE( lts.lt_cacertfile );
+	LDAP_FREE( lts.lt_certfile );
+	LDAP_FREE( lts.lt_keyfile );
+	LDAP_FREE( lts.lt_crlfile );
+	LDAP_FREE( lts.lt_cacertdir );
+	LDAP_FREE( lts.lt_dhfile );
+#endif
+	return rc;
+}
+
+/*
+ * initialize the default context
+ */
+int
+ldap_pvt_tls_init_def_ctx( int is_server )
+{
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+	int rc;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &tls_def_ctx_mutex );
+#endif
+	rc = ldap_int_tls_init_ctx( lo, is_server );
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &tls_def_ctx_mutex );
+#endif
+	return rc;
+}
+
+static tls_session *
+alloc_handle( void *ctx_arg, int is_server )
+{
+	tls_ctx	*ctx;
+	tls_session	*ssl;
+
+	if ( ctx_arg ) {
+		ctx = ctx_arg;
+	} else {
+		struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+		if ( ldap_pvt_tls_init_def_ctx( is_server ) < 0 ) return NULL;
+		ctx = lo->ldo_tls_ctx;
+	}
+
+	ssl = tls_imp->ti_session_new( ctx, is_server );
+	if ( ssl == NULL ) {
+		Debug( LDAP_DEBUG_ANY,"TLS: can't create ssl handle.\n",0,0,0);
+		return NULL;
+	}
+	return ssl;
+}
+
+static int
+update_flags( Sockbuf *sb, tls_session * ssl, int rc )
+{
+	sb->sb_trans_needs_read  = 0;
+	sb->sb_trans_needs_write = 0;
+
+	return tls_imp->ti_session_upflags( sb, ssl, rc );
+}
+
+/*
+ * Call this to do a TLS connect on a sockbuf. ctx_arg can be
+ * a SSL_CTX * or NULL, in which case the default ctx is used.
+ *
+ * Return value:
+ *
+ *  0 - Success. Connection is ready for communication.
+ * <0 - Error. Can't create a TLS stream.
+ * >0 - Partial success.
+ *	  Do a select (using information from lber_pvt_sb_needs_{read,write}
+ *		and call again.
+ */
+
+static int
+ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
+{
+	Sockbuf *sb = conn->lconn_sb;
+	int	err;
+	tls_session	*ssl = NULL;
+
+	if ( HAS_TLS( sb )) {
+		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+	} else {
+		struct ldapoptions *lo;
+		tls_ctx *ctx;
+
+		ctx = ld->ld_options.ldo_tls_ctx;
+
+		ssl = alloc_handle( ctx, 0 );
+
+		if ( ssl == NULL ) return -1;
+
+#ifdef LDAP_DEBUG
+		ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+			LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
+#endif
+		ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
+			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+
+		lo = LDAP_INT_GLOBAL_OPT();   
+		if( ctx == NULL ) {
+			ctx = lo->ldo_tls_ctx;
+			ld->ld_options.ldo_tls_ctx = ctx;
+			tls_ctx_ref( ctx );
+		}
+		if ( ld->ld_options.ldo_tls_connect_cb )
+			ld->ld_options.ldo_tls_connect_cb( ld, ssl, ctx,
+			ld->ld_options.ldo_tls_connect_arg );
+		if ( lo && lo->ldo_tls_connect_cb && lo->ldo_tls_connect_cb !=
+			ld->ld_options.ldo_tls_connect_cb )
+			lo->ldo_tls_connect_cb( ld, ssl, ctx, lo->ldo_tls_connect_arg );
+	}
+
+	err = tls_imp->ti_session_connect( ld, ssl );
+
+#ifdef HAVE_WINSOCK
+	errno = WSAGetLastError();
+#endif
+
+	if ( err < 0 )
+	{
+		char buf[256], *msg;
+		if ( update_flags( sb, ssl, err )) {
+			return 1;
+		}
+
+		msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) );
+		if ( msg ) {
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP( msg );
+#ifdef HAVE_EBCDIC
+			if ( ld->ld_error ) __etoa(ld->ld_error);
+#endif
+		}
+
+		Debug( LDAP_DEBUG_ANY,"TLS: can't connect: %s.\n",
+			ld->ld_error ? ld->ld_error : "" ,0,0);
+
+		ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
+			LBER_SBIOD_LEVEL_TRANSPORT );
+#ifdef LDAP_DEBUG
+		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
+			LBER_SBIOD_LEVEL_TRANSPORT );
+#endif
+		return -1;
+	}
+
+	return 0;
+}
+
+/*
+ * Call this to do a TLS accept on a sockbuf.
+ * Everything else is the same as with tls_connect.
+ */
+int
+ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
+{
+	int	err;
+	tls_session	*ssl = NULL;
+
+	if ( HAS_TLS( sb )) {
+		ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&ssl );
+	} else {
+		ssl = alloc_handle( ctx_arg, 1 );
+		if ( ssl == NULL ) return -1;
+
+#ifdef LDAP_DEBUG
+		ber_sockbuf_add_io( sb, &ber_sockbuf_io_debug,
+			LBER_SBIOD_LEVEL_TRANSPORT, (void *)"tls_" );
+#endif
+		ber_sockbuf_add_io( sb, tls_imp->ti_sbio,
+			LBER_SBIOD_LEVEL_TRANSPORT, (void *)ssl );
+	}
+
+	err = tls_imp->ti_session_accept( ssl );
+
+#ifdef HAVE_WINSOCK
+	errno = WSAGetLastError();
+#endif
+
+	if ( err < 0 )
+	{
+		char buf[256];
+		if ( update_flags( sb, ssl, err )) return 1;
+
+		Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
+			tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 );
+
+		ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
+			LBER_SBIOD_LEVEL_TRANSPORT );
+#ifdef LDAP_DEBUG
+		ber_sockbuf_remove_io( sb, &ber_sockbuf_io_debug,
+			LBER_SBIOD_LEVEL_TRANSPORT );
+#endif
+		return -1;
+	}
+	return 0;
+}
+
+int
+ldap_pvt_tls_inplace ( Sockbuf *sb )
+{
+	return HAS_TLS( sb ) ? 1 : 0;
+}
+
+int
+ldap_tls_inplace( LDAP *ld )
+{
+	Sockbuf		*sb = NULL;
+
+	if ( ld->ld_defconn && ld->ld_defconn->lconn_sb ) {
+		sb = ld->ld_defconn->lconn_sb;
+
+	} else if ( ld->ld_sb ) {
+		sb = ld->ld_sb;
+
+	} else {
+		return 0;
+	}
+
+	return ldap_pvt_tls_inplace( sb );
+}
+
+int
+ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn,
+	LDAPDN_rewrite_dummy *func, unsigned flags )
+{
+	tls_session *session = s;
+	struct berval bvdn;
+	int rc;
+
+	rc = tls_imp->ti_session_peer_dn( session, &bvdn );
+	if ( rc ) return rc;
+
+	rc = ldap_X509dn2bv( &bvdn, dn, 
+			    (LDAPDN_rewrite_func *)func, flags);
+	return rc;
+}
+
+int
+ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
+{
+	tls_session *session = s;
+
+	return tls_imp->ti_session_chkhost( ld, session, name_in );
+}
+
+int
+ldap_int_tls_config( LDAP *ld, int option, const char *arg )
+{
+	int i;
+
+	switch( option ) {
+	case LDAP_OPT_X_TLS_CACERTFILE:
+	case LDAP_OPT_X_TLS_CACERTDIR:
+	case LDAP_OPT_X_TLS_CERTFILE:
+	case LDAP_OPT_X_TLS_KEYFILE:
+	case LDAP_OPT_X_TLS_RANDOM_FILE:
+	case LDAP_OPT_X_TLS_CIPHER_SUITE:
+	case LDAP_OPT_X_TLS_DHFILE:
+	case LDAP_OPT_X_TLS_CRLFILE:	/* GnuTLS only */
+		return ldap_pvt_tls_set_option( ld, option, (void *) arg );
+
+	case LDAP_OPT_X_TLS_REQUIRE_CERT:
+	case LDAP_OPT_X_TLS:
+		i = -1;
+		if ( strcasecmp( arg, "never" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_NEVER ;
+
+		} else if ( strcasecmp( arg, "demand" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_DEMAND ;
+
+		} else if ( strcasecmp( arg, "allow" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_ALLOW ;
+
+		} else if ( strcasecmp( arg, "try" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_TRY ;
+
+		} else if ( ( strcasecmp( arg, "hard" ) == 0 ) ||
+			( strcasecmp( arg, "on" ) == 0 ) ||
+			( strcasecmp( arg, "yes" ) == 0) ||
+			( strcasecmp( arg, "true" ) == 0 ) )
+		{
+			i = LDAP_OPT_X_TLS_HARD ;
+		}
+
+		if (i >= 0) {
+			return ldap_pvt_tls_set_option( ld, option, &i );
+		}
+		return -1;
+	case LDAP_OPT_X_TLS_PROTOCOL_MIN: {
+		char *next;
+		long l;
+		l = strtol( arg, &next, 10 );
+		if ( l < 0 || l > 0xff || next == arg ||
+			( *next != '\0' && *next != '.' ) )
+			return -1;
+		i = l << 8;
+		if (*next == '.') {
+			arg = next + 1;
+			l = strtol( arg, &next, 10 );
+			if ( l < 0 || l > 0xff || next == arg || *next != '\0' )
+				return -1;
+			i += l;
+		}
+		return ldap_pvt_tls_set_option( ld, option, &i );
+		}
+	case LDAP_OPT_X_TLS_CRLCHECK:	/* OpenSSL only */
+		i = -1;
+		if ( strcasecmp( arg, "none" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_CRL_NONE ;
+		} else if ( strcasecmp( arg, "peer" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_CRL_PEER ;
+		} else if ( strcasecmp( arg, "all" ) == 0 ) {
+			i = LDAP_OPT_X_TLS_CRL_ALL ;
+		}
+		if (i >= 0) {
+			return ldap_pvt_tls_set_option( ld, option, &i );
+		}
+		return -1;
+	}
+	return -1;
+}
+
+int
+ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
+{
+	struct ldapoptions *lo;
+
+	if( ld != NULL ) {
+		assert( LDAP_VALID( ld ) );
+
+		if( !LDAP_VALID( ld ) ) {
+			return LDAP_OPT_ERROR;
+		}
+
+		lo = &ld->ld_options;
+
+	} else {
+		/* Get pointer to global option structure */
+		lo = LDAP_INT_GLOBAL_OPT();   
+		if ( lo == NULL ) {
+			return LDAP_NO_MEMORY;
+		}
+	}
+
+	switch( option ) {
+	case LDAP_OPT_X_TLS:
+		*(int *)arg = lo->ldo_tls_mode;
+		break;
+	case LDAP_OPT_X_TLS_CTX:
+		*(void **)arg = lo->ldo_tls_ctx;
+		if ( lo->ldo_tls_ctx ) {
+			tls_ctx_ref( lo->ldo_tls_ctx );
+		}
+		break;
+	case LDAP_OPT_X_TLS_CACERTFILE:
+		*(char **)arg = lo->ldo_tls_cacertfile ?
+			LDAP_STRDUP( lo->ldo_tls_cacertfile ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_CACERTDIR:
+		*(char **)arg = lo->ldo_tls_cacertdir ?
+			LDAP_STRDUP( lo->ldo_tls_cacertdir ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_CERTFILE:
+		*(char **)arg = lo->ldo_tls_certfile ?
+			LDAP_STRDUP( lo->ldo_tls_certfile ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_KEYFILE:
+		*(char **)arg = lo->ldo_tls_keyfile ?
+			LDAP_STRDUP( lo->ldo_tls_keyfile ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_DHFILE:
+		*(char **)arg = lo->ldo_tls_dhfile ?
+			LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_CRLFILE:	/* GnuTLS only */
+		*(char **)arg = lo->ldo_tls_crlfile ?
+			LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_REQUIRE_CERT:
+		*(int *)arg = lo->ldo_tls_require_cert;
+		break;
+	case LDAP_OPT_X_TLS_CRLCHECK:	/* OpenSSL only */
+		*(int *)arg = lo->ldo_tls_crlcheck;
+		break;
+	case LDAP_OPT_X_TLS_CIPHER_SUITE:
+		*(char **)arg = lo->ldo_tls_ciphersuite ?
+			LDAP_STRDUP( lo->ldo_tls_ciphersuite ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_PROTOCOL_MIN:
+		*(int *)arg = lo->ldo_tls_protocol_min;
+		break;
+	case LDAP_OPT_X_TLS_RANDOM_FILE:	/* OpenSSL only */
+		*(char **)arg = lo->ldo_tls_randfile ?
+			LDAP_STRDUP( lo->ldo_tls_randfile ) : NULL;
+		break;
+	case LDAP_OPT_X_TLS_SSL_CTX: {
+		void *retval = 0;
+		if ( ld != NULL ) {
+			LDAPConn *conn = ld->ld_defconn;
+			if ( conn != NULL ) {
+				Sockbuf *sb = conn->lconn_sb;
+				retval = ldap_pvt_tls_sb_ctx( sb );
+			}
+		}
+		*(void **)arg = retval;
+		break;
+	}
+	case LDAP_OPT_X_TLS_CONNECT_CB:
+		*(LDAP_TLS_CONNECT_CB **)arg = lo->ldo_tls_connect_cb;
+		break;
+	case LDAP_OPT_X_TLS_CONNECT_ARG:
+		*(void **)arg = lo->ldo_tls_connect_arg;
+		break;
+	default:
+		return -1;
+	}
+	return 0;
+}
+
+int
+ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
+{
+	struct ldapoptions *lo;
+
+	if( ld != NULL ) {
+		assert( LDAP_VALID( ld ) );
+
+		if( !LDAP_VALID( ld ) ) {
+			return LDAP_OPT_ERROR;
+		}
+
+		lo = &ld->ld_options;
+
+	} else {
+		/* Get pointer to global option structure */
+		lo = LDAP_INT_GLOBAL_OPT();   
+		if ( lo == NULL ) {
+			return LDAP_NO_MEMORY;
+		}
+	}
+
+	switch( option ) {
+	case LDAP_OPT_X_TLS:
+		if ( !arg ) return -1;
+
+		switch( *(int *) arg ) {
+		case LDAP_OPT_X_TLS_NEVER:
+		case LDAP_OPT_X_TLS_DEMAND:
+		case LDAP_OPT_X_TLS_ALLOW:
+		case LDAP_OPT_X_TLS_TRY:
+		case LDAP_OPT_X_TLS_HARD:
+			if (lo != NULL) {
+				lo->ldo_tls_mode = *(int *)arg;
+			}
+
+			return 0;
+		}
+		return -1;
+
+	case LDAP_OPT_X_TLS_CTX:
+		if ( lo->ldo_tls_ctx )
+			ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
+		lo->ldo_tls_ctx = arg;
+		tls_ctx_ref( lo->ldo_tls_ctx );
+		return 0;
+	case LDAP_OPT_X_TLS_CONNECT_CB:
+		lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
+		return 0;
+	case LDAP_OPT_X_TLS_CONNECT_ARG:
+		lo->ldo_tls_connect_arg = arg;
+		return 0;
+	case LDAP_OPT_X_TLS_CACERTFILE:
+		if ( lo->ldo_tls_cacertfile ) LDAP_FREE( lo->ldo_tls_cacertfile );
+		lo->ldo_tls_cacertfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+	case LDAP_OPT_X_TLS_CACERTDIR:
+		if ( lo->ldo_tls_cacertdir ) LDAP_FREE( lo->ldo_tls_cacertdir );
+		lo->ldo_tls_cacertdir = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+	case LDAP_OPT_X_TLS_CERTFILE:
+		if ( lo->ldo_tls_certfile ) LDAP_FREE( lo->ldo_tls_certfile );
+		lo->ldo_tls_certfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+	case LDAP_OPT_X_TLS_KEYFILE:
+		if ( lo->ldo_tls_keyfile ) LDAP_FREE( lo->ldo_tls_keyfile );
+		lo->ldo_tls_keyfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+	case LDAP_OPT_X_TLS_DHFILE:
+		if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
+		lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+	case LDAP_OPT_X_TLS_CRLFILE:	/* GnuTLS only */
+		if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
+		lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+	case LDAP_OPT_X_TLS_REQUIRE_CERT:
+		if ( !arg ) return -1;
+		switch( *(int *) arg ) {
+		case LDAP_OPT_X_TLS_NEVER:
+		case LDAP_OPT_X_TLS_DEMAND:
+		case LDAP_OPT_X_TLS_ALLOW:
+		case LDAP_OPT_X_TLS_TRY:
+		case LDAP_OPT_X_TLS_HARD:
+			lo->ldo_tls_require_cert = * (int *) arg;
+			return 0;
+		}
+		return -1;
+	case LDAP_OPT_X_TLS_CRLCHECK:	/* OpenSSL only */
+		if ( !arg ) return -1;
+		switch( *(int *) arg ) {
+		case LDAP_OPT_X_TLS_CRL_NONE:
+		case LDAP_OPT_X_TLS_CRL_PEER:
+		case LDAP_OPT_X_TLS_CRL_ALL:
+			lo->ldo_tls_crlcheck = * (int *) arg;
+			return 0;
+		}
+		return -1;
+	case LDAP_OPT_X_TLS_CIPHER_SUITE:
+		if ( lo->ldo_tls_ciphersuite ) LDAP_FREE( lo->ldo_tls_ciphersuite );
+		lo->ldo_tls_ciphersuite = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		return 0;
+
+	case LDAP_OPT_X_TLS_PROTOCOL_MIN:
+		if ( !arg ) return -1;
+		lo->ldo_tls_protocol_min = *(int *)arg;
+		return 0;
+
+	case LDAP_OPT_X_TLS_RANDOM_FILE:	/* OpenSSL only */
+		if ( ld != NULL )
+			return -1;
+		if ( lo->ldo_tls_randfile ) LDAP_FREE (lo->ldo_tls_randfile );
+		lo->ldo_tls_randfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
+		break;
+
+	case LDAP_OPT_X_TLS_NEWCTX:
+		if ( !arg ) return -1;
+		if ( lo->ldo_tls_ctx )
+			ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
+		lo->ldo_tls_ctx = NULL;
+		return ldap_int_tls_init_ctx( lo, *(int *)arg );
+	default:
+		return -1;
+	}
+	return 0;
+}
+
+int
+ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
+{
+	Sockbuf *sb = conn->lconn_sb;
+	char *host;
+	void *ssl;
+
+	if( srv ) {
+		host = srv->lud_host;
+	} else {
+ 		host = conn->lconn_server->lud_host;
+	}
+
+	/* avoid NULL host */
+	if( host == NULL ) {
+		host = "localhost";
+	}
+
+	(void) tls_init( tls_imp );
+
+	/*
+	 * Fortunately, the lib uses blocking io...
+	 */
+	if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
+		ld->ld_errno = LDAP_CONNECT_ERROR;
+		return (ld->ld_errno);
+	}
+
+	ssl = ldap_pvt_tls_sb_ctx( sb );
+	assert( ssl != NULL );
+
+	/* 
+	 * compare host with name(s) in certificate
+	 */
+	if (ld->ld_options.ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER) {
+		ld->ld_errno = ldap_pvt_tls_check_hostname( ld, ssl, host );
+		if (ld->ld_errno != LDAP_SUCCESS) {
+			return ld->ld_errno;
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
+void *
+ldap_pvt_tls_sb_ctx( Sockbuf *sb )
+{
+	void			*p = NULL;
+	
+	ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_SSL, (void *)&p );
+	return p;
+}
+
+int
+ldap_pvt_tls_get_strength( void *s )
+{
+	tls_session *session = s;
+
+	return tls_imp->ti_session_strength( session );
+}
+
+int
+ldap_pvt_tls_get_my_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func, unsigned flags )
+{
+	tls_session *session = s;
+	struct berval der_dn;
+	int rc;
+
+	tls_imp->ti_session_my_dn( session, &der_dn );
+	rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags );
+	return rc;
+}
+#endif /* HAVE_TLS */
+
+int
+ldap_start_tls( LDAP *ld,
+	LDAPControl **serverctrls,
+	LDAPControl **clientctrls,
+	int *msgidp )
+{
+	return ldap_extended_operation( ld, LDAP_EXOP_START_TLS,
+		NULL, serverctrls, clientctrls, msgidp );
+}
+
+int
+ldap_install_tls( LDAP *ld )
+{
+#ifndef HAVE_TLS
+	return LDAP_NOT_SUPPORTED;
+#else
+	if ( ldap_tls_inplace( ld ) ) {
+		return LDAP_LOCAL_ERROR;
+	}
+
+	return ldap_int_tls_start( ld, ld->ld_defconn, NULL );
+#endif
+}
+
+int
+ldap_start_tls_s ( LDAP *ld,
+	LDAPControl **serverctrls,
+	LDAPControl **clientctrls )
+{
+#ifndef HAVE_TLS
+	return LDAP_NOT_SUPPORTED;
+#else
+	int rc;
+	char *rspoid = NULL;
+	struct berval *rspdata = NULL;
+
+	/* XXYYZ: this initiates operation only on default connection! */
+
+	if ( ldap_tls_inplace( ld ) ) {
+		return LDAP_LOCAL_ERROR;
+	}
+
+	rc = ldap_extended_operation_s( ld, LDAP_EXOP_START_TLS,
+		NULL, serverctrls, clientctrls, &rspoid, &rspdata );
+
+	if ( rspoid != NULL ) {
+		LDAP_FREE(rspoid);
+	}
+
+	if ( rspdata != NULL ) {
+		ber_bvfree( rspdata );
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		rc = ldap_int_tls_start( ld, ld->ld_defconn, NULL );
+	}
+
+	return rc;
+#endif
+}
+
+/* These tags probably all belong in lber.h, but they're
+ * not normally encountered when processing LDAP, so maybe
+ * they belong somewhere else instead.
+ */
+
+#define LBER_TAG_OID		((ber_tag_t) 0x06UL)
+
+/* Tags for string types used in a DirectoryString.
+ *
+ * Note that IA5string is not one of the defined choices for
+ * DirectoryString in X.520, but it gets used for email AVAs.
+ */
+#define	LBER_TAG_UTF8		((ber_tag_t) 0x0cUL)
+#define	LBER_TAG_PRINTABLE	((ber_tag_t) 0x13UL)
+#define	LBER_TAG_TELETEX	((ber_tag_t) 0x14UL)
+#define	LBER_TAG_IA5		((ber_tag_t) 0x16UL)
+#define	LBER_TAG_UNIVERSAL	((ber_tag_t) 0x1cUL)
+#define	LBER_TAG_BMP		((ber_tag_t) 0x1eUL)
+
+static oid_name *
+find_oid( struct berval *oid )
+{
+	int i;
+
+	for ( i=0; !BER_BVISNULL( &oids[i].oid ); i++ ) {
+		if ( oids[i].oid.bv_len != oid->bv_len ) continue;
+		if ( !strcmp( oids[i].oid.bv_val, oid->bv_val ))
+			return &oids[i];
+	}
+	return NULL;
+}
+
+/* Convert a structured DN from an X.509 certificate into an LDAPV3 DN.
+ * x509_name must be raw DER. If func is non-NULL, the
+ * constructed DN will use numeric OIDs to identify attributeTypes,
+ * and the func() will be invoked to rewrite the DN with the given
+ * flags.
+ *
+ * Otherwise the DN will use shortNames from a hardcoded table.
+ */
+int
+ldap_X509dn2bv( void *x509_name, struct berval *bv, LDAPDN_rewrite_func *func,
+	unsigned flags )
+{
+	LDAPDN	newDN;
+	LDAPRDN	newRDN;
+	LDAPAVA *newAVA, *baseAVA;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	char oids[8192], *oidptr = oids, *oidbuf = NULL;
+	void *ptrs[2048];
+	char *dn_end, *rdn_end;
+	int i, navas, nrdns, rc = LDAP_SUCCESS;
+	size_t dnsize, oidrem = sizeof(oids), oidsize = 0;
+	int csize;
+	ber_tag_t tag;
+	ber_len_t len;
+	oid_name *oidname;
+
+	struct berval	Oid, Val, oid2, *in = x509_name;
+
+	assert( bv != NULL );
+
+	bv->bv_len = 0;
+	bv->bv_val = NULL;
+
+	navas = 0;
+	nrdns = 0;
+
+	/* A DN is a SEQUENCE of RDNs. An RDN is a SET of AVAs.
+	 * An AVA is a SEQUENCE of attr and value.
+	 * Count the number of AVAs and RDNs
+	 */
+	ber_init2( ber, in, LBER_USE_DER );
+	tag = ber_peek_tag( ber, &len );
+	if ( tag != LBER_SEQUENCE )
+		return LDAP_DECODING_ERROR;
+
+	for ( tag = ber_first_element( ber, &len, &dn_end );
+		tag == LBER_SET;
+		tag = ber_next_element( ber, &len, dn_end )) {
+		nrdns++;
+		for ( tag = ber_first_element( ber, &len, &rdn_end );
+			tag == LBER_SEQUENCE;
+			tag = ber_next_element( ber, &len, rdn_end )) {
+			tag = ber_skip_tag( ber, &len );
+			ber_skip_data( ber, len );
+			navas++;
+		}
+	}
+
+	/* Allocate the DN/RDN/AVA stuff as a single block */    
+	dnsize = sizeof(LDAPRDN) * (nrdns+1);
+	dnsize += sizeof(LDAPAVA *) * (navas+nrdns);
+	dnsize += sizeof(LDAPAVA) * navas;
+	if (dnsize > sizeof(ptrs)) {
+		newDN = (LDAPDN)LDAP_MALLOC( dnsize );
+		if ( newDN == NULL )
+			return LDAP_NO_MEMORY;
+	} else {
+		newDN = (LDAPDN)(char *)ptrs;
+	}
+	
+	newDN[nrdns] = NULL;
+	newRDN = (LDAPRDN)(newDN + nrdns+1);
+	newAVA = (LDAPAVA *)(newRDN + navas + nrdns);
+	baseAVA = newAVA;
+
+	/* Rewind and start extracting */
+	ber_rewind( ber );
+
+	tag = ber_first_element( ber, &len, &dn_end );
+	for ( i = nrdns - 1; i >= 0; i-- ) {
+		newDN[i] = newRDN;
+
+		for ( tag = ber_first_element( ber, &len, &rdn_end );
+			tag == LBER_SEQUENCE;
+			tag = ber_next_element( ber, &len, rdn_end )) {
+
+			*newRDN++ = newAVA;
+			tag = ber_skip_tag( ber, &len );
+			tag = ber_get_stringbv( ber, &Oid, LBER_BV_NOTERM );
+			if ( tag != LBER_TAG_OID ) {
+				rc = LDAP_DECODING_ERROR;
+				goto nomem;
+			}
+
+			oid2.bv_val = oidptr;
+			oid2.bv_len = oidrem;
+			if ( ber_decode_oid( &Oid, &oid2 ) < 0 ) {
+				rc = LDAP_DECODING_ERROR;
+				goto nomem;
+			}
+			oidname = find_oid( &oid2 );
+			if ( !oidname ) {
+				newAVA->la_attr = oid2;
+				oidptr += oid2.bv_len + 1;
+				oidrem -= oid2.bv_len + 1;
+
+				/* Running out of OID buffer space? */
+				if (oidrem < 128) {
+					if ( oidsize == 0 ) {
+						oidsize = sizeof(oids) * 2;
+						oidrem = oidsize;
+						oidbuf = LDAP_MALLOC( oidsize );
+						if ( oidbuf == NULL ) goto nomem;
+						oidptr = oidbuf;
+					} else {
+						char *old = oidbuf;
+						oidbuf = LDAP_REALLOC( oidbuf, oidsize*2 );
+						if ( oidbuf == NULL ) goto nomem;
+						/* Buffer moved! Fix AVA pointers */
+						if ( old != oidbuf ) {
+							LDAPAVA *a;
+							long dif = oidbuf - old;
+
+							for (a=baseAVA; a<=newAVA; a++){
+								if (a->la_attr.bv_val >= old &&
+									a->la_attr.bv_val <= (old + oidsize))
+									a->la_attr.bv_val += dif;
+							}
+						}
+						oidptr = oidbuf + oidsize - oidrem;
+						oidrem += oidsize;
+						oidsize *= 2;
+					}
+				}
+			} else {
+				if ( func ) {
+					newAVA->la_attr = oidname->oid;
+				} else {
+					newAVA->la_attr = oidname->name;
+				}
+			}
+			tag = ber_get_stringbv( ber, &Val, LBER_BV_NOTERM );
+			switch(tag) {
+			case LBER_TAG_UNIVERSAL:
+				/* This uses 32-bit ISO 10646-1 */
+				csize = 4; goto to_utf8;
+			case LBER_TAG_BMP:
+				/* This uses 16-bit ISO 10646-1 */
+				csize = 2; goto to_utf8;
+			case LBER_TAG_TELETEX:
+				/* This uses 8-bit, assume ISO 8859-1 */
+				csize = 1;
+to_utf8:		rc = ldap_ucs_to_utf8s( &Val, csize, &newAVA->la_value );
+				newAVA->la_flags |= LDAP_AVA_FREE_VALUE;
+				if (rc != LDAP_SUCCESS) goto nomem;
+				newAVA->la_flags = LDAP_AVA_NONPRINTABLE;
+				break;
+			case LBER_TAG_UTF8:
+				newAVA->la_flags = LDAP_AVA_NONPRINTABLE;
+				/* This is already in UTF-8 encoding */
+			case LBER_TAG_IA5:
+			case LBER_TAG_PRINTABLE:
+				/* These are always 7-bit strings */
+				newAVA->la_value = Val;
+			default:
+				;
+			}
+			newAVA->la_private = NULL;
+			newAVA->la_flags = LDAP_AVA_STRING;
+			newAVA++;
+		}
+		*newRDN++ = NULL;
+		tag = ber_next_element( ber, &len, dn_end );
+	}
+		
+	if ( func ) {
+		rc = func( newDN, flags, NULL );
+		if ( rc != LDAP_SUCCESS )
+			goto nomem;
+	}
+
+	rc = ldap_dn2bv_x( newDN, bv, LDAP_DN_FORMAT_LDAPV3, NULL );
+
+nomem:
+	for (;baseAVA < newAVA; baseAVA++) {
+		if (baseAVA->la_flags & LDAP_AVA_FREE_ATTR)
+			LDAP_FREE( baseAVA->la_attr.bv_val );
+		if (baseAVA->la_flags & LDAP_AVA_FREE_VALUE)
+			LDAP_FREE( baseAVA->la_value.bv_val );
+	}
+
+	if ( oidsize != 0 )
+		LDAP_FREE( oidbuf );
+	if ( newDN != (LDAPDN)(char *) ptrs )
+		LDAP_FREE( newDN );
+	return rc;
+}
+


Property changes on: openldap/vendor/openldap-release/libraries/libldap/tls2.c
___________________________________________________________________
Name: svn:mergeinfo
   + 

Added: openldap/vendor/openldap-release/libraries/libldap/tls_g.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls_g.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/tls_g.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,1025 @@
+/* tls_g.c - Handle tls/ssl using GNUTLS. */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_g.c,v 1.6.2.2 2009/02/10 16:41:01 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS: GNUTLS support written by Howard Chu and
+ * Matt Backes; sponsored by The Written Word (thewrittenword.com)
+ * and Stanford University (stanford.edu).
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_GNUTLS
+
+#include "ldap_config.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <ac/param.h>
+#include <ac/dirent.h>
+
+#include "ldap-int.h"
+#include "ldap-tls.h"
+
+#ifdef LDAP_R_COMPILE
+#include <ldap_pvt_thread.h>
+#endif
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gcrypt.h>
+
+#define DH_BITS	(1024)
+
+#if LIBGNUTLS_VERSION_NUMBER >= 0x020200
+#define	HAVE_CIPHERSUITES	1
+/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x
+ * but that dependency isn't reflected in their configure script, resulting in
+ * build errors on older gcrypt. So, if they have a working build environment,
+ * assume gcrypt is new enough.
+ */
+#define HAVE_GCRYPT_RAND	1
+#else
+#undef HAVE_CIPHERSUITES
+#undef HAVE_GCRYPT_RAND
+#endif
+
+#ifndef HAVE_CIPHERSUITES
+/* Versions prior to 2.2.0 didn't handle cipher suites, so we had to
+ * kludge them ourselves.
+ */
+typedef struct tls_cipher_suite {
+	const char *name;
+	gnutls_kx_algorithm_t kx;
+	gnutls_cipher_algorithm_t cipher;
+	gnutls_mac_algorithm_t mac;
+	gnutls_protocol_t version;
+} tls_cipher_suite;
+#endif
+
+typedef struct tlsg_ctx {
+	struct ldapoptions *lo;
+	gnutls_certificate_credentials_t cred;
+	gnutls_dh_params_t dh_params;
+	unsigned long verify_depth;
+	int refcount;
+#ifdef HAVE_CIPHERSUITES
+	gnutls_priority_t prios;
+#else
+	int *kx_list;
+	int *cipher_list;
+	int *mac_list;
+#endif
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_t ref_mutex;
+#endif
+} tlsg_ctx;
+
+typedef struct tlsg_session {
+	gnutls_session_t session;
+	tlsg_ctx *ctx;
+	struct berval peer_der_dn;
+} tlsg_session;
+
+#ifndef HAVE_CIPHERSUITES
+static tls_cipher_suite *tlsg_ciphers;
+static int tlsg_n_ciphers;
+#endif
+
+static int tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites );
+static int tlsg_cert_verify( tlsg_session *s );
+
+#ifdef LDAP_R_COMPILE
+
+static int
+tlsg_mutex_init( void **priv )
+{
+	int err = 0;
+	ldap_pvt_thread_mutex_t *lock = LDAP_MALLOC( sizeof( ldap_pvt_thread_mutex_t ));
+
+	if ( !lock )
+		err = ENOMEM;
+	if ( !err ) {
+		err = ldap_pvt_thread_mutex_init( lock );
+		if ( err )
+			LDAP_FREE( lock );
+		else
+			*priv = lock;
+	}
+	return err;
+}
+
+static int
+tlsg_mutex_destroy( void **lock )
+{
+	int err = ldap_pvt_thread_mutex_destroy( *lock );
+	LDAP_FREE( *lock );
+	return err;
+}
+
+static int
+tlsg_mutex_lock( void **lock )
+{
+	return ldap_pvt_thread_mutex_lock( *lock );
+}
+
+static int
+tlsg_mutex_unlock( void **lock )
+{
+	return ldap_pvt_thread_mutex_unlock( *lock );
+}
+
+static struct gcry_thread_cbs tlsg_thread_cbs = {
+	GCRY_THREAD_OPTION_USER,
+	NULL,
+	tlsg_mutex_init,
+	tlsg_mutex_destroy,
+	tlsg_mutex_lock,
+	tlsg_mutex_unlock,
+	NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+static void
+tlsg_thr_init( void )
+{
+	gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs);
+}
+#endif /* LDAP_R_COMPILE */
+
+/*
+ * Initialize TLS subsystem. Should be called only once.
+ */
+static int
+tlsg_init( void )
+{
+#ifdef HAVE_GCRYPT_RAND
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
+	if ( lo->ldo_tls_randfile &&
+		gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) {
+		Debug( LDAP_DEBUG_ANY,
+		"TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n",
+		0, 0, 0);
+		return -1;
+	}
+#endif
+
+	gnutls_global_init();
+
+#ifndef HAVE_CIPHERSUITES
+	/* GNUtls cipher suite handling: The library ought to parse suite
+	 * names for us, but it doesn't. It will return a list of suite names
+	 * that it supports, so we can do parsing ourselves. It ought to tell
+	 * us how long the list is, but it doesn't do that either, so we just
+	 * have to count it manually...
+	 */
+	{
+		int i = 0;
+		tls_cipher_suite *ptr, tmp;
+		char cs_id[2];
+
+		while ( gnutls_cipher_suite_info( i, cs_id, &tmp.kx, &tmp.cipher,
+			&tmp.mac, &tmp.version ))
+			i++;
+		tlsg_n_ciphers = i;
+
+		/* Store a copy */
+		tlsg_ciphers = LDAP_MALLOC(tlsg_n_ciphers * sizeof(tls_cipher_suite));
+		if ( !tlsg_ciphers )
+			return -1;
+		for ( i=0; i<tlsg_n_ciphers; i++ ) {
+			tlsg_ciphers[i].name = gnutls_cipher_suite_info( i, cs_id,
+				&tlsg_ciphers[i].kx, &tlsg_ciphers[i].cipher, &tlsg_ciphers[i].mac,
+				&tlsg_ciphers[i].version );
+		}
+	}
+#endif
+	return 0;
+}
+
+/*
+ * Tear down the TLS subsystem. Should only be called once.
+ */
+static void
+tlsg_destroy( void )
+{
+#ifndef HAVE_CIPHERSUITES
+	LDAP_FREE( tlsg_ciphers );
+	tlsg_ciphers = NULL;
+	tlsg_n_ciphers = 0;
+#endif
+	gnutls_global_deinit();
+}
+
+static tls_ctx *
+tlsg_ctx_new ( struct ldapoptions *lo )
+{
+	tlsg_ctx *ctx;
+
+	ctx = ber_memcalloc ( 1, sizeof (*ctx) );
+	if ( ctx ) {
+		ctx->lo = lo;
+		if ( gnutls_certificate_allocate_credentials( &ctx->cred )) {
+			ber_memfree( ctx );
+			return NULL;
+		}
+		ctx->refcount = 1;
+#ifdef HAVE_CIPHERSUITES
+		gnutls_priority_init( &ctx->prios, "NORMAL", NULL );
+#endif
+#ifdef LDAP_R_COMPILE
+		ldap_pvt_thread_mutex_init( &ctx->ref_mutex );
+#endif
+	}
+	return (tls_ctx *)ctx;
+}
+
+static void
+tlsg_ctx_ref( tls_ctx *ctx )
+{
+	tlsg_ctx *c = (tlsg_ctx *)ctx;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &c->ref_mutex );
+#endif
+	c->refcount++;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &c->ref_mutex );
+#endif
+}
+
+static void
+tlsg_ctx_free ( tls_ctx *ctx )
+{
+	tlsg_ctx *c = (tlsg_ctx *)ctx;
+	int refcount;
+
+	if ( !c ) return;
+
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &c->ref_mutex );
+#endif
+	refcount = --c->refcount;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &c->ref_mutex );
+#endif
+	if ( refcount )
+		return;
+#ifdef HAVE_CIPHERSUITES
+	gnutls_priority_deinit( c->prios );
+#else
+	LDAP_FREE( c->kx_list );
+#endif
+	gnutls_certificate_free_credentials( c->cred );
+	ber_memfree ( c );
+}
+
+/*
+ * initialize a new TLS context
+ */
+static int
+tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+{
+	tlsg_ctx *ctx = lo->ldo_tls_ctx;
+	int rc;
+
+ 	if ( lo->ldo_tls_ciphersuite &&
+		tlsg_parse_ciphers( ctx, lt->lt_ciphersuite )) {
+ 		Debug( LDAP_DEBUG_ANY,
+ 			   "TLS: could not set cipher list %s.\n",
+ 			   lo->ldo_tls_ciphersuite, 0, 0 );
+		return -1;
+ 	}
+
+	if (lo->ldo_tls_cacertdir != NULL) {
+		Debug( LDAP_DEBUG_ANY, 
+		       "TLS: warning: cacertdir not implemented for gnutls\n",
+		       NULL, NULL, NULL );
+	}
+
+	if (lo->ldo_tls_cacertfile != NULL) {
+		rc = gnutls_certificate_set_x509_trust_file( 
+			ctx->cred,
+			lt->lt_cacertfile,
+			GNUTLS_X509_FMT_PEM );
+		if ( rc < 0 ) return -1;
+	}
+
+	if ( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) {
+		rc = gnutls_certificate_set_x509_key_file( 
+			ctx->cred,
+			lt->lt_certfile,
+			lt->lt_keyfile,
+			GNUTLS_X509_FMT_PEM );
+		if ( rc ) return -1;
+	} else if ( lo->ldo_tls_certfile || lo->ldo_tls_keyfile ) {
+		Debug( LDAP_DEBUG_ANY, 
+		       "TLS: only one of certfile and keyfile specified\n",
+		       NULL, NULL, NULL );
+		return -1;
+	}
+
+	if ( lo->ldo_tls_dhfile ) {
+		Debug( LDAP_DEBUG_ANY, 
+		       "TLS: warning: ignoring dhfile\n", 
+		       NULL, NULL, NULL );
+	}
+
+	if ( lo->ldo_tls_crlfile ) {
+		rc = gnutls_certificate_set_x509_crl_file( 
+			ctx->cred,
+			lt->lt_crlfile,
+			GNUTLS_X509_FMT_PEM );
+		if ( rc < 0 ) return -1;
+		rc = 0;
+	}
+	if ( is_server ) {
+		gnutls_dh_params_init(&ctx->dh_params);
+		gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
+	}
+	return 0;
+}
+
+static tls_session *
+tlsg_session_new ( tls_ctx * ctx, int is_server )
+{
+	tlsg_ctx *c = (tlsg_ctx *)ctx;
+	tlsg_session *session;
+
+	session = ber_memcalloc ( 1, sizeof (*session) );
+	if ( !session )
+		return NULL;
+
+	session->ctx = c;
+	gnutls_init( &session->session, is_server ? GNUTLS_SERVER : GNUTLS_CLIENT );
+#ifdef HAVE_CIPHERSUITES
+	gnutls_priority_set( session->session, c->prios );
+#else
+	gnutls_set_default_priority( session->session );
+	if ( c->kx_list ) {
+		gnutls_kx_set_priority( session->session, c->kx_list );
+		gnutls_cipher_set_priority( session->session, c->cipher_list );
+		gnutls_mac_set_priority( session->session, c->mac_list );
+	}
+#endif
+	if ( c->cred )
+		gnutls_credentials_set( session->session, GNUTLS_CRD_CERTIFICATE, c->cred );
+	
+	if ( is_server ) {
+		int flag = 0;
+		if ( c->lo->ldo_tls_require_cert ) {
+			flag = GNUTLS_CERT_REQUEST;
+			if ( c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
+				c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD )
+				flag = GNUTLS_CERT_REQUIRE;
+			gnutls_certificate_server_set_request( session->session, flag );
+		}
+	}
+	return (tls_session *)session;
+} 
+
+static int
+tlsg_session_accept( tls_session *session )
+{
+	tlsg_session *s = (tlsg_session *)session;
+	int rc;
+
+	rc = gnutls_handshake( s->session );
+	if ( rc == 0 && s->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) {
+		rc = tlsg_cert_verify( s );
+		if ( rc && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW )
+			rc = 0;
+	}
+	return rc;
+}
+
+static int
+tlsg_session_connect( LDAP *ld, tls_session *session )
+{
+	return tlsg_session_accept( session);
+}
+
+static int
+tlsg_session_upflags( Sockbuf *sb, tls_session *session, int rc )
+{
+	tlsg_session *s = (tlsg_session *)session;
+
+	if ( rc != GNUTLS_E_INTERRUPTED && rc != GNUTLS_E_AGAIN )
+		return 0;
+
+	switch (gnutls_record_get_direction (s->session)) {
+	case 0: 
+		sb->sb_trans_needs_read = 1;
+		return 1;
+	case 1:
+		sb->sb_trans_needs_write = 1;
+		return 1;
+	}
+	return 0;
+}
+
+static char *
+tlsg_session_errmsg( int rc, char *buf, size_t len )
+{
+	return (char *)gnutls_strerror( rc );
+}
+
+static void
+tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
+{
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len;
+	ber_int_t i;
+
+	ber_init2( ber, cert, LBER_USE_DER );
+	tag = ber_skip_tag( ber, &len );	/* Sequence */
+	tag = ber_skip_tag( ber, &len );	/* Sequence */
+	tag = ber_skip_tag( ber, &len );	/* Context + Constructed (version) */
+	if ( tag == 0xa0 )	/* Version is optional */
+		tag = ber_get_int( ber, &i );	/* Int: Version */
+	tag = ber_get_int( ber, &i );	/* Int: Serial */
+	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
+	ber_skip_data( ber, len );
+	if ( !get_subject ) {
+		tag = ber_peek_tag( ber, &len );	/* Sequence: Issuer DN */
+	} else {
+		tag = ber_skip_tag( ber, &len );
+		ber_skip_data( ber, len );
+		tag = ber_skip_tag( ber, &len );	/* Sequence: Validity */
+		ber_skip_data( ber, len );
+		tag = ber_peek_tag( ber, &len );	/* Sequence: Subject DN */
+	}
+	len = ber_ptrlen( ber );
+	dn->bv_val = cert->bv_val + len;
+	dn->bv_len = cert->bv_len - len;
+}
+
+static int
+tlsg_session_my_dn( tls_session *session, struct berval *der_dn )
+{
+	tlsg_session *s = (tlsg_session *)session;
+	const gnutls_datum_t *x;
+	struct berval bv;
+
+	x = gnutls_certificate_get_ours( s->session );
+
+	if (!x) return LDAP_INVALID_CREDENTIALS;
+	
+	bv.bv_val = x->data;
+	bv.bv_len = x->size;
+
+	tlsg_x509_cert_dn( &bv, der_dn, 1 );
+	return 0;
+}
+
+static int
+tlsg_session_peer_dn( tls_session *session, struct berval *der_dn )
+{
+	tlsg_session *s = (tlsg_session *)session;
+	if ( !s->peer_der_dn.bv_val ) {
+		const gnutls_datum_t *peer_cert_list;
+		int list_size;
+		struct berval bv;
+
+		peer_cert_list = gnutls_certificate_get_peers( s->session, 
+							&list_size );
+		if ( !peer_cert_list ) return LDAP_INVALID_CREDENTIALS;
+
+		bv.bv_len = peer_cert_list->size;
+		bv.bv_val = peer_cert_list->data;
+
+		tlsg_x509_cert_dn( &bv, &s->peer_der_dn, 1 );
+	}
+	*der_dn = s->peer_der_dn;
+	return 0;
+}
+
+/* what kind of hostname were we given? */
+#define	IS_DNS	0
+#define	IS_IP4	1
+#define	IS_IP6	2
+
+#define	CN_OID	"2.5.4.3"
+
+static int
+tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
+{
+	tlsg_session *s = (tlsg_session *)session;
+	int i, ret;
+	const gnutls_datum_t *peer_cert_list;
+	int list_size;
+	struct berval bv;
+	char altname[NI_MAXHOST];
+	size_t altnamesize;
+
+	gnutls_x509_crt_t cert;
+	gnutls_datum_t *x;
+	const char *name;
+	char *ptr;
+	char *domain = NULL;
+#ifdef LDAP_PF_INET6
+	struct in6_addr addr;
+#else
+	struct in_addr addr;
+#endif
+	int n, len1 = 0, len2 = 0;
+	int ntype = IS_DNS;
+	time_t now = time(0);
+
+	if( ldap_int_hostname &&
+		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
+	{
+		name = ldap_int_hostname;
+	} else {
+		name = name_in;
+	}
+
+	peer_cert_list = gnutls_certificate_get_peers( s->session, 
+						&list_size );
+	if ( !peer_cert_list ) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: unable to get peer certificate.\n",
+			0, 0, 0 );
+		/* If this was a fatal condition, things would have
+		 * aborted long before now.
+		 */
+		return LDAP_SUCCESS;
+	}
+	ret = gnutls_x509_crt_init( &cert );
+	if ( ret < 0 )
+		return LDAP_LOCAL_ERROR;
+	ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER );
+	if ( ret ) {
+		gnutls_x509_crt_deinit( cert );
+		return LDAP_LOCAL_ERROR;
+	}
+
+#ifdef LDAP_PF_INET6
+	if (name[0] == '[' && strchr(name, ']')) {
+		char *n2 = ldap_strdup(name+1);
+		*strchr(n2, ']') = 0;
+		if (inet_pton(AF_INET6, n2, &addr))
+			ntype = IS_IP6;
+		LDAP_FREE(n2);
+	} else 
+#endif
+	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
+		if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
+	}
+	
+	if (ntype == IS_DNS) {
+		len1 = strlen(name);
+		domain = strchr(name, '.');
+		if (domain) {
+			len2 = len1 - (domain-name);
+		}
+	}
+
+	for ( i=0, ret=0; ret >= 0; i++ ) {
+		altnamesize = sizeof(altname);
+		ret = gnutls_x509_crt_get_subject_alt_name( cert, i, 
+			altname, &altnamesize, NULL );
+		if ( ret < 0 ) break;
+
+		/* ignore empty */
+		if ( altnamesize == 0 ) continue;
+
+		if ( ret == GNUTLS_SAN_DNSNAME ) {
+			if (ntype != IS_DNS) continue;
+	
+			/* Is this an exact match? */
+			if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
+				break;
+			}
+
+			/* Is this a wildcard match? */
+			if (domain && (altname[0] == '*') && (altname[1] == '.') &&
+				(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2))
+			{
+				break;
+			}
+		} else if ( ret == GNUTLS_SAN_IPADDRESS ) {
+			if (ntype == IS_DNS) continue;
+
+#ifdef LDAP_PF_INET6
+			if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) {
+				continue;
+			} else
+#endif
+			if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) {
+				continue;
+			}
+			if (!memcmp(altname, &addr, altnamesize)) {
+				break;
+			}
+		}
+	}
+	if ( ret >= 0 ) {
+		ret = LDAP_SUCCESS;
+	} else {
+		altnamesize = sizeof(altname);
+		ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
+			0, 0, altname, &altnamesize );
+		if ( ret < 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+				"TLS: unable to get common name from peer certificate.\n",
+				0, 0, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: unable to get CN from peer certificate"));
+
+		} else {
+			ret = LDAP_LOCAL_ERROR;
+			if ( !len1 ) len1 = strlen( name );
+			if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) {
+				ret = LDAP_SUCCESS;
+
+			} else if (( altname[0] == '*' ) && ( altname[1] == '.' )) {
+					/* Is this a wildcard match? */
+				if( domain &&
+					(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) {
+					ret = LDAP_SUCCESS;
+				}
+			}
+		}
+
+		if( ret == LDAP_LOCAL_ERROR ) {
+			altname[altnamesize] = '\0';
+			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+				"common name in certificate (%s).\n", 
+				name, altname, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: hostname does not match CN in peer certificate"));
+		}
+	}
+	gnutls_x509_crt_deinit( cert );
+	return ret;
+}
+
+static int
+tlsg_session_strength( tls_session *session )
+{
+	tlsg_session *s = (tlsg_session *)session;
+	gnutls_cipher_algorithm_t c;
+
+	c = gnutls_cipher_get( s->session );
+	return gnutls_cipher_get_key_size( c ) * 8;
+}
+
+/* suites is a string of colon-separated cipher suite names. */
+static int
+tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites )
+{
+#ifdef HAVE_CIPHERSUITES
+	const char *err;
+	return gnutls_priority_init( &ctx->prios, suites, &err );
+#else
+	char *ptr, *end;
+	int i, j, len, num;
+	int *list, nkx = 0, ncipher = 0, nmac = 0;
+	int *kx, *cipher, *mac;
+
+	num = 0;
+	ptr = suites;
+	do {
+		end = strchr(ptr, ':');
+		if ( end )
+			len = end - ptr;
+		else
+			len = strlen(ptr);
+		for (i=0; i<tlsg_n_ciphers; i++) {
+			if ( !strncasecmp( tlsg_ciphers[i].name, ptr, len )) {
+				num++;
+				break;
+			}
+		}
+		if ( i == tlsg_n_ciphers ) {
+			/* unrecognized cipher suite */
+			return -1;
+		}
+		ptr += len + 1;
+	} while (end);
+
+	/* Space for all 3 lists */
+	list = LDAP_MALLOC( (num+1) * sizeof(int) * 3 );
+	if ( !list )
+		return -1;
+	kx = list;
+	cipher = kx+num+1;
+	mac = cipher+num+1;
+
+	ptr = suites;
+	do {
+		end = strchr(ptr, ':');
+		if ( end )
+			len = end - ptr;
+		else
+			len = strlen(ptr);
+		for (i=0; i<tlsg_n_ciphers; i++) {
+			/* For each cipher suite, insert its algorithms into
+			 * their respective priority lists. Make sure they
+			 * only appear once in each list.
+			 */
+			if ( !strncasecmp( tlsg_ciphers[i].name, ptr, len )) {
+				for (j=0; j<nkx; j++)
+					if ( kx[j] == tlsg_ciphers[i].kx )
+						break;
+				if ( j == nkx )
+					kx[nkx++] = tlsg_ciphers[i].kx;
+				for (j=0; j<ncipher; j++)
+					if ( cipher[j] == tlsg_ciphers[i].cipher )
+						break;
+				if ( j == ncipher ) 
+					cipher[ncipher++] = tlsg_ciphers[i].cipher;
+				for (j=0; j<nmac; j++)
+					if ( mac[j] == tlsg_ciphers[i].mac )
+						break;
+				if ( j == nmac )
+					mac[nmac++] = tlsg_ciphers[i].mac;
+				break;
+			}
+		}
+		ptr += len + 1;
+	} while (end);
+	kx[nkx] = 0;
+	cipher[ncipher] = 0;
+	mac[nmac] = 0;
+	ctx->kx_list = kx;
+	ctx->cipher_list = cipher;
+	ctx->mac_list = mac;
+	return 0;
+#endif
+}
+
+/*
+ * TLS support for LBER Sockbufs
+ */
+
+struct tls_data {
+	tlsg_session		*session;
+	Sockbuf_IO_Desc		*sbiod;
+};
+
+static ssize_t
+tlsg_recv( gnutls_transport_ptr_t ptr, void *buf, size_t len )
+{
+	struct tls_data		*p;
+
+	if ( buf == NULL || len <= 0 ) return 0;
+
+	p = (struct tls_data *)ptr;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return 0;
+	}
+
+	return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
+}
+
+static ssize_t
+tlsg_send( gnutls_transport_ptr_t ptr, const void *buf, size_t len )
+{
+	struct tls_data		*p;
+	
+	if ( buf == NULL || len <= 0 ) return 0;
+	
+	p = (struct tls_data *)ptr;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return 0;
+	}
+
+	return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
+}
+
+static int
+tlsg_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+	struct tls_data		*p;
+	tlsg_session	*session = arg;
+
+	assert( sbiod != NULL );
+
+	p = LBER_MALLOC( sizeof( *p ) );
+	if ( p == NULL ) {
+		return -1;
+	}
+	
+	gnutls_transport_set_ptr( session->session, (gnutls_transport_ptr)p );
+	gnutls_transport_set_pull_function( session->session, tlsg_recv );
+	gnutls_transport_set_push_function( session->session, tlsg_send );
+	p->session = session;
+	p->sbiod = sbiod;
+	sbiod->sbiod_pvt = p;
+	return 0;
+}
+
+static int
+tlsg_sb_remove( Sockbuf_IO_Desc *sbiod )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	gnutls_deinit ( p->session->session );
+	LBER_FREE( p->session );
+	LBER_FREE( sbiod->sbiod_pvt );
+	sbiod->sbiod_pvt = NULL;
+	return 0;
+}
+
+static int
+tlsg_sb_close( Sockbuf_IO_Desc *sbiod )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	gnutls_bye ( p->session->session, GNUTLS_SHUT_RDWR );
+	return 0;
+}
+
+static int
+tlsg_sb_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	
+	if ( opt == LBER_SB_OPT_GET_SSL ) {
+		*((tlsg_session **)arg) = p->session;
+		return 1;
+		
+	} else if ( opt == LBER_SB_OPT_DATA_READY ) {
+		if( gnutls_record_check_pending( p->session->session ) > 0 ) {
+			return 1;
+		}
+	}
+	
+	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+static ber_slen_t
+tlsg_sb_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct tls_data		*p;
+	ber_slen_t		ret;
+	int			err;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+
+	ret = gnutls_record_recv ( p->session->session, buf, len );
+	switch (ret) {
+	case GNUTLS_E_INTERRUPTED:
+	case GNUTLS_E_AGAIN:
+		sbiod->sbiod_sb->sb_trans_needs_read = 1;
+		sock_errset(EWOULDBLOCK);
+		ret = 0;
+		break;
+	case GNUTLS_E_REHANDSHAKE:
+		for ( ret = gnutls_handshake ( p->session->session );
+		      ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN;
+		      ret = gnutls_handshake ( p->session->session ) );
+		sbiod->sbiod_sb->sb_trans_needs_read = 1;
+		ret = 0;
+		break;
+	default:
+		sbiod->sbiod_sb->sb_trans_needs_read = 0;
+	}
+	return ret;
+}
+
+static ber_slen_t
+tlsg_sb_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct tls_data		*p;
+	ber_slen_t		ret;
+	int			err;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+
+	ret = gnutls_record_send ( p->session->session, (char *)buf, len );
+
+	if ( ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN ) {
+		sbiod->sbiod_sb->sb_trans_needs_write = 1;
+		sock_errset(EWOULDBLOCK);
+		ret = 0;
+	} else {
+		sbiod->sbiod_sb->sb_trans_needs_write = 0;
+	}
+	return ret;
+}
+
+static Sockbuf_IO tlsg_sbio =
+{
+	tlsg_sb_setup,		/* sbi_setup */
+	tlsg_sb_remove,		/* sbi_remove */
+	tlsg_sb_ctrl,		/* sbi_ctrl */
+	tlsg_sb_read,		/* sbi_read */
+	tlsg_sb_write,		/* sbi_write */
+	tlsg_sb_close		/* sbi_close */
+};
+
+/* Certs are not automatically varified during the handshake */
+static int
+tlsg_cert_verify( tlsg_session *ssl )
+{
+	unsigned int status = 0;
+	int err;
+	time_t now = time(0);
+
+	err = gnutls_certificate_verify_peers2( ssl->session, &status );
+	if ( err < 0 ) {
+		Debug( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n",
+			err,0,0 );
+		return -1;
+	}
+	if ( status ) {
+		Debug( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n",
+			status, 0,0 );
+		return -1;
+	}
+	if ( gnutls_certificate_expiration_time_peers( ssl->session ) < now ) {
+		Debug( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n",
+			0, 0, 0 );
+		return -1;
+	}
+	if ( gnutls_certificate_activation_time_peers( ssl->session ) > now ) {
+		Debug( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n",
+			0, 0, 0 );
+		return -1;
+	}
+	return 0;
+}
+
+tls_impl ldap_int_tls_impl = {
+	"GnuTLS",
+
+	tlsg_init,
+	tlsg_destroy,
+
+	tlsg_ctx_new,
+	tlsg_ctx_ref,
+	tlsg_ctx_free,
+	tlsg_ctx_init,
+
+	tlsg_session_new,
+	tlsg_session_connect,
+	tlsg_session_accept,
+	tlsg_session_upflags,
+	tlsg_session_errmsg,
+	tlsg_session_my_dn,
+	tlsg_session_peer_dn,
+	tlsg_session_chkhost,
+	tlsg_session_strength,
+
+	&tlsg_sbio,
+
+#ifdef LDAP_R_COMPILE
+	tlsg_thr_init,
+#else
+	NULL,
+#endif
+
+	0
+};
+
+#endif /* HAVE_GNUTLS */

Added: openldap/vendor/openldap-release/libraries/libldap/tls_m.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls_m.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/tls_m.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,851 @@
+/* tls_m.c - Handle tls/ssl using Mozilla NSS. */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_m.c,v 1.3.2.2 2009/02/10 16:41:01 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS: written by Howard Chu.
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_MOZNSS
+
+#include "ldap_config.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <ac/param.h>
+#include <ac/dirent.h>
+
+#include "ldap-int.h"
+#include "ldap-tls.h"
+
+#ifdef LDAP_R_COMPILE
+#include <ldap_pvt_thread.h>
+#endif
+
+#include <nspr.h>
+#include <nss.h>
+#include <ssl.h>
+
+typedef struct tlsm_ctx {
+	PRFileDesc *tc_model;
+	int tc_refcnt;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_t tc_refmutex;
+#endif
+} tlsm_ctx;
+
+typedef PRFileDesc tlsm_session;
+
+static PRDescIdentity	tlsm_layer_id;
+
+static const PRIOMethods tlsm_PR_methods;
+
+extern tls_impl ldap_int_tls_impl;
+
+#ifdef LDAP_R_COMPILE
+
+static void
+tlsm_thr_init( void )
+{
+}
+
+#endif /* LDAP_R_COMPILE */
+
+/*
+ * Initialize TLS subsystem. Should be called only once.
+ */
+static int
+tlsm_init( void )
+{
+	PR_Init(0, 0, 0);
+
+	tlsm_layer_id = PR_GetUniqueIdentity("OpenLDAP");
+
+	if ( !NSS_IsInitialized() ) {
+		NSS_NoDB_Init("");
+
+		NSS_SetDomesticPolicy();
+	}
+
+	/* No cipher suite handling for now */
+
+	return 0;
+}
+
+/*
+ * Tear down the TLS subsystem. Should only be called once.
+ */
+static void
+tlsm_destroy( void )
+{
+	NSS_Shutdown();
+
+	PR_Cleanup();
+}
+
+static tls_ctx *
+tlsm_ctx_new ( struct ldapoptions *lo )
+{
+	tlsm_ctx *ctx;
+
+	ctx = LDAP_MALLOC( sizeof (*ctx) );
+	if ( ctx ) {
+		PRFileDesc *fd = PR_CreateIOLayerStub(tlsm_layer_id, &tlsm_PR_methods);
+		if ( fd ) {
+			ctx->tc_model = SSL_ImportFD( NULL, fd );
+			if ( ctx->tc_model ) {
+				ctx->tc_refcnt = 1;
+#ifdef LDAP_R_COMPILE
+				ldap_pvt_thread_mutex_init( &ctx->tc_refmutex );
+#endif
+			} else {
+				PR_DELETE( fd );
+				LDAP_FREE( ctx );
+				ctx = NULL;
+			}
+		} else {
+			LDAP_FREE( ctx );
+			ctx = NULL;
+		}
+	}
+	return (tls_ctx *)ctx;
+}
+
+static void
+tlsm_ctx_ref( tls_ctx *ctx )
+{
+	tlsm_ctx *c = (tlsm_ctx *)ctx;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &c->tc_refmutex );
+#endif
+	c->tc_refcnt++;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &c->tc_refmutex );
+#endif
+}
+
+static void
+tlsm_ctx_free ( tls_ctx *ctx )
+{
+	tlsm_ctx *c = (tlsm_ctx *)ctx;
+	int refcount;
+
+	if ( !c ) return;
+
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &c->tc_refmutex );
+#endif
+	refcount = --c->tc_refcnt;
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &c->tc_refmutex );
+#endif
+	if ( refcount )
+		return;
+	PR_Close( c->tc_model );
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_destroy( &c->tc_refmutex );
+#endif
+	LDAP_FREE( c );
+}
+
+/*
+ * initialize a new TLS context
+ */
+static int
+tlsm_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+{
+	tlsm_ctx *ctx = lo->ldo_tls_ctx;
+	int rc;
+
+	SSL_OptionSet( ctx->tc_model, SSL_SECURITY, PR_TRUE );
+	SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_CLIENT, !is_server );
+	SSL_OptionSet( ctx->tc_model, SSL_HANDSHAKE_AS_SERVER, is_server );
+
+	/* See SECMOD_OpenUserDB() */
+#if 0
+ 	if ( lo->ldo_tls_ciphersuite &&
+		tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
+ 		Debug( LDAP_DEBUG_ANY,
+ 			   "TLS: could not set cipher list %s.\n",
+ 			   lo->ldo_tls_ciphersuite, 0, 0 );
+		return -1;
+ 	}
+
+	if (lo->ldo_tls_cacertdir != NULL) {
+		Debug( LDAP_DEBUG_ANY, 
+		       "TLS: warning: cacertdir not implemented for gnutls\n",
+		       NULL, NULL, NULL );
+	}
+
+	if (lo->ldo_tls_cacertfile != NULL) {
+		rc = gnutls_certificate_set_x509_trust_file( 
+			ctx->cred,
+			lt->lt_cacertfile,
+			GNUTLS_X509_FMT_PEM );
+		if ( rc < 0 ) return -1;
+	}
+
+	if ( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) {
+		rc = gnutls_certificate_set_x509_key_file( 
+			ctx->cred,
+			lt->lt_certfile,
+			lt->lt_keyfile,
+			GNUTLS_X509_FMT_PEM );
+		if ( rc ) return -1;
+	} else if ( lo->ldo_tls_certfile || lo->ldo_tls_keyfile ) {
+		Debug( LDAP_DEBUG_ANY, 
+		       "TLS: only one of certfile and keyfile specified\n",
+		       NULL, NULL, NULL );
+		return -1;
+	}
+
+	if ( lo->ldo_tls_dhfile ) {
+		Debug( LDAP_DEBUG_ANY, 
+		       "TLS: warning: ignoring dhfile\n", 
+		       NULL, NULL, NULL );
+	}
+
+	if ( lo->ldo_tls_crlfile ) {
+		rc = gnutls_certificate_set_x509_crl_file( 
+			ctx->cred,
+			lt->lt_crlfile,
+			GNUTLS_X509_FMT_PEM );
+		if ( rc < 0 ) return -1;
+		rc = 0;
+	}
+	if ( is_server ) {
+		gnutls_dh_params_init(&ctx->dh_params);
+		gnutls_dh_params_generate2(ctx->dh_params, DH_BITS);
+	}
+#endif
+	return 0;
+}
+
+static tls_session *
+tlsm_session_new ( tls_ctx * ctx, int is_server )
+{
+	tlsm_ctx *c = (tlsm_ctx *)ctx;
+	tlsm_session *session;
+	PRFileDesc *fd;
+
+	fd = PR_CreateIOLayerStub(tlsm_layer_id, &tlsm_PR_methods);
+	if ( !fd ) {
+		return NULL;
+	}
+
+	session = SSL_ImportFD( c->tc_model, fd );
+	if ( !session ) {
+		PR_DELETE( fd );
+		return NULL;
+	}
+
+	SSL_ResetHandshake( session, is_server );
+
+	return (tls_session *)session;
+} 
+
+static int
+tlsm_session_accept( tls_session *session )
+{
+	tlsm_session *s = (tlsm_session *)session;
+
+	return SSL_ForceHandshake( s );
+}
+
+static int
+tlsm_session_connect( LDAP *ld, tls_session *session )
+{
+	tlsm_session *s = (tlsm_session *)session;
+	int rc;
+
+	/* By default, NSS checks the cert hostname for us */
+	rc = SSL_SetURL( s, ld->ld_options.ldo_defludp->lud_host );
+	return SSL_ForceHandshake( s );
+}
+
+static int
+tlsm_session_upflags( Sockbuf *sb, tls_session *session, int rc )
+{
+	/* Should never happen */
+	rc = PR_GetError();
+
+	if ( rc != PR_PENDING_INTERRUPT_ERROR && rc != PR_WOULD_BLOCK_ERROR )
+		return 0;
+	return 0;
+}
+
+static char *
+tlsm_session_errmsg( int rc, char *buf, size_t len )
+{
+	int i;
+
+	rc = PR_GetError();
+	i = PR_GetErrorTextLength();
+	if ( i > len ) {
+		char *msg = LDAP_MALLOC( i+1 );
+		PR_GetErrorText( msg );
+		memcpy( buf, msg, len );
+		LDAP_FREE( msg );
+	} else if ( i ) {
+		PR_GetErrorText( buf );
+	}
+
+	return i ? buf : NULL;
+}
+
+static int
+tlsm_session_my_dn( tls_session *session, struct berval *der_dn )
+{
+	tlsm_session *s = (tlsm_session *)session;
+	CERTCertificate *cert;
+
+	cert = SSL_LocalCertificate( s );
+	if (!cert) return LDAP_INVALID_CREDENTIALS;
+
+	der_dn->bv_val = cert->derSubject.data;
+	der_dn->bv_len = cert->derSubject.len;
+	CERT_DestroyCertificate( cert );
+	return 0;
+}
+
+static int
+tlsm_session_peer_dn( tls_session *session, struct berval *der_dn )
+{
+	tlsm_session *s = (tlsm_session *)session;
+	CERTCertificate *cert;
+
+	cert = SSL_PeerCertificate( s );
+	if (!cert) return LDAP_INVALID_CREDENTIALS;
+	
+	der_dn->bv_val = cert->derSubject.data;
+	der_dn->bv_len = cert->derSubject.len;
+	CERT_DestroyCertificate( cert );
+	return 0;
+}
+
+/* what kind of hostname were we given? */
+#define	IS_DNS	0
+#define	IS_IP4	1
+#define	IS_IP6	2
+
+static int
+tlsm_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
+{
+/* NSS already does a hostname check */
+#if 0
+	int i, ret;
+	const gnutls_datum_t *peer_cert_list;
+	int list_size;
+	struct berval bv;
+	char altname[NI_MAXHOST];
+	size_t altnamesize;
+
+	gnutls_x509_crt_t cert;
+	gnutls_datum_t *x;
+	const char *name;
+	char *ptr;
+	char *domain = NULL;
+#ifdef LDAP_PF_INET6
+	struct in6_addr addr;
+#else
+	struct in_addr addr;
+#endif
+	int n, len1 = 0, len2 = 0;
+	int ntype = IS_DNS;
+	time_t now = time(0);
+
+	if( ldap_int_hostname &&
+		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
+	{
+		name = ldap_int_hostname;
+	} else {
+		name = name_in;
+	}
+
+	peer_cert_list = gnutls_certificate_get_peers( session->session, 
+						&list_size );
+	if ( !peer_cert_list ) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: unable to get peer certificate.\n",
+			0, 0, 0 );
+		/* If this was a fatal condition, things would have
+		 * aborted long before now.
+		 */
+		return LDAP_SUCCESS;
+	}
+	ret = gnutls_x509_crt_init( &cert );
+	if ( ret < 0 )
+		return LDAP_LOCAL_ERROR;
+	ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER );
+	if ( ret ) {
+		gnutls_x509_crt_deinit( cert );
+		return LDAP_LOCAL_ERROR;
+	}
+
+#ifdef LDAP_PF_INET6
+	if (name[0] == '[' && strchr(name, ']')) {
+		char *n2 = ldap_strdup(name+1);
+		*strchr(n2, ']') = 0;
+		if (inet_pton(AF_INET6, n2, &addr))
+			ntype = IS_IP6;
+		LDAP_FREE(n2);
+	} else 
+#endif
+	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
+		if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
+	}
+	
+	if (ntype == IS_DNS) {
+		len1 = strlen(name);
+		domain = strchr(name, '.');
+		if (domain) {
+			len2 = len1 - (domain-name);
+		}
+	}
+
+	for ( i=0, ret=0; ret >= 0; i++ ) {
+		altnamesize = sizeof(altname);
+		ret = gnutls_x509_crt_get_subject_alt_name( cert, i, 
+			altname, &altnamesize, NULL );
+		if ( ret < 0 ) break;
+
+		/* ignore empty */
+		if ( altnamesize == 0 ) continue;
+
+		if ( ret == GNUTLS_SAN_DNSNAME ) {
+			if (ntype != IS_DNS) continue;
+	
+			/* Is this an exact match? */
+			if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
+				break;
+			}
+
+			/* Is this a wildcard match? */
+			if (domain && (altname[0] == '*') && (altname[1] == '.') &&
+				(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2))
+			{
+				break;
+			}
+		} else if ( ret == GNUTLS_SAN_IPADDRESS ) {
+			if (ntype == IS_DNS) continue;
+
+#ifdef LDAP_PF_INET6
+			if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) {
+				continue;
+			} else
+#endif
+			if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) {
+				continue;
+			}
+			if (!memcmp(altname, &addr, altnamesize)) {
+				break;
+			}
+		}
+	}
+	if ( ret >= 0 ) {
+		ret = LDAP_SUCCESS;
+	} else {
+		altnamesize = sizeof(altname);
+		ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
+			0, 0, altname, &altnamesize );
+		if ( ret < 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+				"TLS: unable to get common name from peer certificate.\n",
+				0, 0, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: unable to get CN from peer certificate"));
+
+		} else {
+			ret = LDAP_LOCAL_ERROR;
+			if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) {
+				ret = LDAP_SUCCESS;
+
+			} else if (( altname[0] == '*' ) && ( altname[1] == '.' )) {
+					/* Is this a wildcard match? */
+				if( domain &&
+					(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) {
+					ret = LDAP_SUCCESS;
+				}
+			}
+		}
+
+		if( ret == LDAP_LOCAL_ERROR ) {
+			altname[altnamesize] = '\0';
+			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+				"common name in certificate (%s).\n", 
+				name, altname, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: hostname does not match CN in peer certificate"));
+		}
+	}
+	gnutls_x509_crt_deinit( cert );
+	return ret;
+#endif
+}
+
+static int
+tlsm_session_strength( tls_session *session )
+{
+	tlsm_session *s = (tlsm_session *)session;
+	int rc, keySize;
+
+	rc = SSL_SecurityStatus( s, NULL, NULL, NULL, &keySize,
+		NULL, NULL );
+	return rc ? 0 : keySize;
+}
+
+/*
+ * TLS support for LBER Sockbufs
+ */
+
+struct tls_data {
+	tlsm_session		*session;
+	Sockbuf_IO_Desc		*sbiod;
+};
+
+
+static PRStatus PR_CALLBACK
+tlsm_PR_Close(PRFileDesc *fd)
+{
+	return PR_SUCCESS;
+}
+
+static int PR_CALLBACK
+tlsm_PR_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
+	 PRIntervalTime timeout)
+{
+	struct tls_data		*p;
+
+	if ( buf == NULL || len <= 0 ) return 0;
+
+	p = (struct tls_data *)fd->secret;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return 0;
+	}
+
+	return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
+}
+
+static int PR_CALLBACK
+tlsm_PR_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
+	 PRIntervalTime timeout)
+{
+	struct tls_data		*p;
+
+	if ( buf == NULL || len <= 0 ) return 0;
+
+	p = (struct tls_data *)fd->secret;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return 0;
+	}
+
+	return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
+}
+
+static int PR_CALLBACK
+tlsm_PR_Read(PRFileDesc *fd, void *buf, PRInt32 len)
+{
+	return tlsm_PR_Recv( fd, buf, len, 0, PR_INTERVAL_NO_TIMEOUT );
+}
+
+static int PR_CALLBACK
+tlsm_PR_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
+{
+	return tlsm_PR_Send( fd, buf, len, 0, PR_INTERVAL_NO_TIMEOUT );
+}
+
+static PRStatus PR_CALLBACK
+tlsm_PR_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
+{
+	struct tls_data		*p;
+	int rc;
+	ber_socklen_t len;
+
+	p = (struct tls_data *)fd->secret;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return PR_FAILURE;
+	}
+	len = sizeof(PRNetAddr);
+	return getpeername( p->sbiod->sbiod_sb->sb_fd, (struct sockaddr *)addr, &len );
+}
+
+static PRStatus PR_CALLBACK
+tlsm_PR_prs_unimp()
+{
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return PR_FAILURE;
+}
+
+static PRFileDesc * PR_CALLBACK
+tlsm_PR_pfd_unimp()
+{
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return NULL;
+}
+
+static PRInt16 PR_CALLBACK
+tlsm_PR_i16_unimp()
+{
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return SECFailure;
+}
+
+static PRInt32 PR_CALLBACK
+tlsm_PR_i32_unimp()
+{
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return SECFailure;
+}
+
+static PRInt64 PR_CALLBACK
+tlsm_PR_i64_unimp()
+{
+    PRInt64 res;
+
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    LL_I2L(res, -1L);
+    return res;
+}
+
+static const PRIOMethods tlsm_PR_methods = {
+    PR_DESC_LAYERED,
+    tlsm_PR_Close,			/* close        */
+    tlsm_PR_Read,			/* read         */
+    tlsm_PR_Write,			/* write        */
+    tlsm_PR_i32_unimp,		/* available    */
+    tlsm_PR_i64_unimp,		/* available64  */
+    tlsm_PR_prs_unimp,		/* fsync        */
+    tlsm_PR_i32_unimp,		/* seek         */
+    tlsm_PR_i64_unimp,		/* seek64       */
+    tlsm_PR_prs_unimp,		/* fileInfo     */
+    tlsm_PR_prs_unimp,		/* fileInfo64   */
+    tlsm_PR_i32_unimp,		/* writev       */
+    tlsm_PR_prs_unimp,		/* connect      */
+    tlsm_PR_pfd_unimp,		/* accept       */
+    tlsm_PR_prs_unimp,		/* bind         */
+    tlsm_PR_prs_unimp,		/* listen       */
+    (PRShutdownFN)tlsm_PR_Close,			/* shutdown     */
+    tlsm_PR_Recv,			/* recv         */
+    tlsm_PR_Send,			/* send         */
+    tlsm_PR_i32_unimp,		/* recvfrom     */
+    tlsm_PR_i32_unimp,		/* sendto       */
+    (PRPollFN)tlsm_PR_i16_unimp,	/* poll         */
+    tlsm_PR_i32_unimp,		/* acceptread   */
+    tlsm_PR_i32_unimp,		/* transmitfile */
+    tlsm_PR_prs_unimp,		/* getsockname  */
+    tlsm_PR_GetPeerName,	/* getpeername  */
+    tlsm_PR_i32_unimp,		/* getsockopt   OBSOLETE */
+    tlsm_PR_i32_unimp,		/* setsockopt   OBSOLETE */
+    tlsm_PR_i32_unimp,		/* getsocketoption   */
+    tlsm_PR_i32_unimp,		/* setsocketoption   */
+    tlsm_PR_i32_unimp,		/* Send a (partial) file with header/trailer*/
+    (PRConnectcontinueFN)tlsm_PR_prs_unimp,		/* connectcontinue */
+    tlsm_PR_i32_unimp,		/* reserved for future use */
+    tlsm_PR_i32_unimp,		/* reserved for future use */
+    tlsm_PR_i32_unimp,		/* reserved for future use */
+    tlsm_PR_i32_unimp		/* reserved for future use */
+};
+
+static int
+tlsm_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+	struct tls_data		*p;
+	tlsm_session	*session = arg;
+	PRFileDesc *fd;
+
+	assert( sbiod != NULL );
+
+	p = LBER_MALLOC( sizeof( *p ) );
+	if ( p == NULL ) {
+		return -1;
+	}
+
+	fd = PR_GetIdentitiesLayer( session, tlsm_layer_id );
+	if ( !fd ) {
+		LBER_FREE( p );
+		return -1;
+	}
+
+	fd->secret = (PRFilePrivate *)p;
+	p->session = session;
+	p->sbiod = sbiod;
+	sbiod->sbiod_pvt = p;
+	return 0;
+}
+
+static int
+tlsm_sb_remove( Sockbuf_IO_Desc *sbiod )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	PR_Close( p->session );
+	LBER_FREE( sbiod->sbiod_pvt );
+	sbiod->sbiod_pvt = NULL;
+	return 0;
+}
+
+static int
+tlsm_sb_close( Sockbuf_IO_Desc *sbiod )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	PR_Shutdown( p->session, PR_SHUTDOWN_BOTH );
+	return 0;
+}
+
+static int
+tlsm_sb_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	
+	if ( opt == LBER_SB_OPT_GET_SSL ) {
+		*((tlsm_session **)arg) = p->session;
+		return 1;
+		
+	} else if ( opt == LBER_SB_OPT_DATA_READY ) {
+        PRPollDesc pd = { p->session, PR_POLL_READ, 0 };
+        if( PR_Poll( &pd, 1, 1 ) > 0 ) {
+            return 1;
+		}
+	}
+	
+	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+static ber_slen_t
+tlsm_sb_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct tls_data		*p;
+	ber_slen_t		ret;
+	int			err;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+
+	ret = PR_Recv( p->session, buf, len, 0, PR_INTERVAL_NO_TIMEOUT );
+	if ( ret < 0 ) {
+		err = PR_GetError();
+		if ( err == PR_PENDING_INTERRUPT_ERROR || err == PR_WOULD_BLOCK_ERROR ) {
+			sbiod->sbiod_sb->sb_trans_needs_read = 1;
+			sock_errset(EWOULDBLOCK);
+		}
+	} else {
+		sbiod->sbiod_sb->sb_trans_needs_read = 0;
+	}
+	return ret;
+}
+
+static ber_slen_t
+tlsm_sb_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct tls_data		*p;
+	ber_slen_t		ret;
+	int			err;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+
+	ret = PR_Send( p->session, (char *)buf, len, 0, PR_INTERVAL_NO_TIMEOUT );
+	if ( ret < 0 ) {
+		err = PR_GetError();
+		if ( err == PR_PENDING_INTERRUPT_ERROR || err == PR_WOULD_BLOCK_ERROR ) {
+			sbiod->sbiod_sb->sb_trans_needs_write = 1;
+			sock_errset(EWOULDBLOCK);
+			ret = 0;
+		}
+	} else {
+		sbiod->sbiod_sb->sb_trans_needs_write = 0;
+	}
+	return ret;
+}
+
+static Sockbuf_IO tlsm_sbio =
+{
+	tlsm_sb_setup,		/* sbi_setup */
+	tlsm_sb_remove,		/* sbi_remove */
+	tlsm_sb_ctrl,		/* sbi_ctrl */
+	tlsm_sb_read,		/* sbi_read */
+	tlsm_sb_write,		/* sbi_write */
+	tlsm_sb_close		/* sbi_close */
+};
+
+tls_impl ldap_int_moznss_impl = {
+	"MozNSS",
+
+	tlsm_init,
+	tlsm_destroy,
+
+	tlsm_ctx_new,
+	tlsm_ctx_ref,
+	tlsm_ctx_free,
+	tlsm_ctx_init,
+
+	tlsm_session_new,
+	tlsm_session_connect,
+	tlsm_session_accept,
+	tlsm_session_upflags,
+	tlsm_session_errmsg,
+	tlsm_session_my_dn,
+	tlsm_session_peer_dn,
+	tlsm_session_chkhost,
+	tlsm_session_strength,
+
+	&tlsm_sbio,
+
+#ifdef LDAP_R_COMPILE
+	tlsm_thr_init,
+#else
+	NULL,
+#endif
+
+	0
+};
+
+#endif /* HAVE_MOZNSS */

Added: openldap/vendor/openldap-release/libraries/libldap/tls_o.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/tls_o.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/libldap/tls_o.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,1256 @@
+/* tls_o.c - Handle tls/ssl using SSLeay or OpenSSL */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/tls_o.c,v 1.5.2.2 2009/02/10 16:41:01 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS: Rewritten by Howard Chu
+ */
+
+#include "portable.h"
+
+#ifdef HAVE_OPENSSL
+
+#include "ldap_config.h"
+
+#include <stdio.h>
+
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+#include <ac/param.h>
+#include <ac/dirent.h>
+
+#include "ldap-int.h"
+#include "ldap-tls.h"
+
+#ifdef LDAP_R_COMPILE
+#include <ldap_pvt_thread.h>
+#endif
+
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/safestack.h>
+#elif defined( HAVE_SSL_H )
+#include <ssl.h>
+#endif
+
+typedef SSL_CTX tlso_ctx;
+typedef SSL tlso_session;
+
+static int  tlso_opt_trace = 1;
+
+static void tlso_report_error( void );
+
+static void tlso_info_cb( const SSL *ssl, int where, int ret );
+static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
+static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
+static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
+
+static DH * tlso_tmp_dh_cb( SSL *ssl, int is_export, int key_length );
+
+typedef struct dhplist {
+	struct dhplist *next;
+	int keylength;
+	DH *param;
+} dhplist;
+
+static dhplist *tlso_dhparams;
+
+static int tlso_seed_PRNG( const char *randfile );
+
+#ifdef LDAP_R_COMPILE
+/*
+ * provide mutexes for the SSLeay library.
+ */
+static ldap_pvt_thread_mutex_t	tlso_mutexes[CRYPTO_NUM_LOCKS];
+static ldap_pvt_thread_mutex_t	tlso_dh_mutex;
+
+static void tlso_locking_cb( int mode, int type, const char *file, int line )
+{
+	if ( mode & CRYPTO_LOCK ) {
+		ldap_pvt_thread_mutex_lock( &tlso_mutexes[type] );
+	} else {
+		ldap_pvt_thread_mutex_unlock( &tlso_mutexes[type] );
+	}
+}
+
+static unsigned long tlso_thread_self( void )
+{
+	/* FIXME: CRYPTO_set_id_callback only works when ldap_pvt_thread_t
+	 * is an integral type that fits in an unsigned long
+	 */
+
+	/* force an error if the ldap_pvt_thread_t type is too large */
+	enum { ok = sizeof( ldap_pvt_thread_t ) <= sizeof( unsigned long ) };
+	typedef struct { int dummy: ok ? 1 : -1; } Check[ok ? 1 : -1];
+
+	return (unsigned long) ldap_pvt_thread_self();
+}
+
+static void tlso_thr_init( void )
+{
+	int i;
+
+	for( i=0; i< CRYPTO_NUM_LOCKS ; i++ ) {
+		ldap_pvt_thread_mutex_init( &tlso_mutexes[i] );
+	}
+	ldap_pvt_thread_mutex_init( &tlso_dh_mutex );
+	CRYPTO_set_locking_callback( tlso_locking_cb );
+	CRYPTO_set_id_callback( tlso_thread_self );
+}
+#endif /* LDAP_R_COMPILE */
+
+static STACK_OF(X509_NAME) *
+tlso_ca_list( char * bundle, char * dir )
+{
+	STACK_OF(X509_NAME) *ca_list = NULL;
+
+	if ( bundle ) {
+		ca_list = SSL_load_client_CA_file( bundle );
+	}
+#if defined(HAVE_DIRENT_H) || defined(dirent)
+	if ( dir ) {
+		int freeit = 0;
+
+		if ( !ca_list ) {
+			ca_list = sk_X509_NAME_new_null();
+			freeit = 1;
+		}
+		if ( !SSL_add_dir_cert_subjects_to_stack( ca_list, dir ) &&
+			freeit ) {
+			sk_X509_NAME_free( ca_list );
+			ca_list = NULL;
+		}
+	}
+#endif
+	return ca_list;
+}
+
+/*
+ * Initialize TLS subsystem. Should be called only once.
+ */
+static int
+tlso_init( void )
+{
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+#ifdef HAVE_EBCDIC
+	{
+		char *file = LDAP_STRDUP( lo->ldo_tls_randfile );
+		if ( file ) __atoe( file );
+		(void) tlso_seed_PRNG( file );
+		LDAP_FREE( file );
+	}
+#else
+	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+#endif
+
+	SSL_load_error_strings();
+	SSLeay_add_ssl_algorithms();
+
+	/* FIXME: mod_ssl does this */
+	X509V3_add_standard_extensions();
+
+	return 0;
+}
+
+/*
+ * Tear down the TLS subsystem. Should only be called once.
+ */
+static void
+tlso_destroy( void )
+{
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+
+	EVP_cleanup();
+	ERR_remove_state(0);
+	ERR_free_strings();
+
+	if ( lo->ldo_tls_randfile ) {
+		LDAP_FREE( lo->ldo_tls_randfile );
+		lo->ldo_tls_randfile = NULL;
+	}
+}
+
+static tls_ctx *
+tlso_ctx_new( struct ldapoptions *lo )
+{
+	return (tls_ctx *) SSL_CTX_new( SSLv23_method() );
+}
+
+static void
+tlso_ctx_ref( tls_ctx *ctx )
+{
+	tlso_ctx *c = (tlso_ctx *)ctx;
+	CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX );
+}
+
+static void
+tlso_ctx_free ( tls_ctx *ctx )
+{
+	tlso_ctx *c = (tlso_ctx *)ctx;
+	SSL_CTX_free( c );
+}
+
+/*
+ * initialize a new TLS context
+ */
+static int
+tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
+{
+	tlso_ctx *ctx = (tlso_ctx *)lo->ldo_tls_ctx;
+	int i;
+
+	if ( is_server ) {
+		SSL_CTX_set_session_id_context( ctx,
+			(const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 );
+	}
+
+	if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 )
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 );
+	else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 )
+		SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 );
+
+	if ( lo->ldo_tls_ciphersuite &&
+		!SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) )
+	{
+		Debug( LDAP_DEBUG_ANY,
+			   "TLS: could not set cipher list %s.\n",
+			   lo->ldo_tls_ciphersuite, 0, 0 );
+		tlso_report_error();
+		return -1;
+	}
+
+	if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) {
+		if ( !SSL_CTX_load_verify_locations( ctx,
+				lt->lt_cacertfile, lt->lt_cacertdir ) ||
+			!SSL_CTX_set_default_verify_paths( ctx ) )
+		{
+			Debug( LDAP_DEBUG_ANY, "TLS: "
+				"could not load verify locations (file:`%s',dir:`%s').\n",
+				lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
+				lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
+				0 );
+			tlso_report_error();
+			return -1;
+		}
+
+		if ( is_server ) {
+			STACK_OF(X509_NAME) *calist;
+			/* List of CA names to send to a client */
+			calist = tlso_ca_list( lt->lt_cacertfile, lt->lt_cacertdir );
+			if ( !calist ) {
+				Debug( LDAP_DEBUG_ANY, "TLS: "
+					"could not load client CA list (file:`%s',dir:`%s').\n",
+					lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "",
+					lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "",
+					0 );
+				tlso_report_error();
+				return -1;
+			}
+
+			SSL_CTX_set_client_CA_list( ctx, calist );
+		}
+	}
+
+	if ( lo->ldo_tls_certfile &&
+		!SSL_CTX_use_certificate_file( ctx,
+			lt->lt_certfile, SSL_FILETYPE_PEM ) )
+	{
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: could not use certificate `%s'.\n",
+			lo->ldo_tls_certfile,0,0);
+		tlso_report_error();
+		return -1;
+	}
+
+	/* Key validity is checked automatically if cert has already been set */
+	if ( lo->ldo_tls_keyfile &&
+		!SSL_CTX_use_PrivateKey_file( ctx,
+			lt->lt_keyfile, SSL_FILETYPE_PEM ) )
+	{
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: could not use key file `%s'.\n",
+			lo->ldo_tls_keyfile,0,0);
+		tlso_report_error();
+		return -1;
+	}
+
+	if ( lo->ldo_tls_dhfile ) {
+		DH *dh = NULL;
+		BIO *bio;
+		dhplist *p;
+
+		if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
+			Debug( LDAP_DEBUG_ANY,
+				"TLS: could not use DH parameters file `%s'.\n",
+				lo->ldo_tls_dhfile,0,0);
+			tlso_report_error();
+			return -1;
+		}
+		while (( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) {
+			p = LDAP_MALLOC( sizeof(dhplist) );
+			if ( p != NULL ) {
+				p->keylength = DH_size( dh ) * 8;
+				p->param = dh;
+				p->next = tlso_dhparams;
+				tlso_dhparams = p;
+			}
+		}
+		BIO_free( bio );
+	}
+
+	if ( tlso_opt_trace ) {
+		SSL_CTX_set_info_callback( ctx, tlso_info_cb );
+	}
+
+	i = SSL_VERIFY_NONE;
+	if ( lo->ldo_tls_require_cert ) {
+		i = SSL_VERIFY_PEER;
+		if ( lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND ||
+			 lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) {
+			i |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+		}
+	}
+
+	SSL_CTX_set_verify( ctx, i,
+		lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
+		tlso_verify_ok : tlso_verify_cb );
+	SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
+	if ( lo->ldo_tls_dhfile ) {
+		SSL_CTX_set_tmp_dh_callback( ctx, tlso_tmp_dh_cb );
+	}
+#ifdef HAVE_OPENSSL_CRL
+	if ( lo->ldo_tls_crlcheck ) {
+		X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx );
+		if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_PEER ) {
+			X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK );
+		} else if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_ALL ) {
+			X509_STORE_set_flags( x509_s, 
+					X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL  );
+		}
+	}
+#endif
+	return 0;
+}
+
+static tls_session *
+tlso_session_new( tls_ctx *ctx, int is_server )
+{
+	tlso_ctx *c = (tlso_ctx *)ctx;
+	return (tls_session *)SSL_new( c );
+}
+
+static int
+tlso_session_connect( LDAP *ld, tls_session *sess )
+{
+	tlso_session *s = (tlso_session *)sess;
+
+	/* Caller expects 0 = success, OpenSSL returns 1 = success */
+	return SSL_connect( s ) - 1;
+}
+
+static int
+tlso_session_accept( tls_session *sess )
+{
+	tlso_session *s = (tlso_session *)sess;
+
+	/* Caller expects 0 = success, OpenSSL returns 1 = success */
+	return SSL_accept( s ) - 1;
+}
+
+static int
+tlso_session_upflags( Sockbuf *sb, tls_session *sess, int rc )
+{
+	tlso_session *s = (tlso_session *)sess;
+
+	/* 1 was subtracted above, offset it back now */
+	rc = SSL_get_error(s, rc+1);
+	if (rc == SSL_ERROR_WANT_READ) {
+		sb->sb_trans_needs_read  = 1;
+		return 1;
+
+	} else if (rc == SSL_ERROR_WANT_WRITE) {
+		sb->sb_trans_needs_write = 1;
+		return 1;
+
+	} else if (rc == SSL_ERROR_WANT_CONNECT) {
+		return 1;
+	}
+	return 0;
+}
+
+static char *
+tlso_session_errmsg( int rc, char *buf, size_t len )
+{
+	rc = ERR_peek_error();
+	if ( rc ) {
+		ERR_error_string_n( rc, buf, len );
+		return buf;
+	}
+	return NULL;
+}
+
+static int
+tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
+{
+	tlso_session *s = (tlso_session *)sess;
+	X509 *x;
+	X509_NAME *xn;
+
+	x = SSL_get_certificate( s );
+
+	if (!x) return LDAP_INVALID_CREDENTIALS;
+	
+	xn = X509_get_subject_name(x);
+	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+	der_dn->bv_val = xn->bytes->data;
+	X509_free(x);
+	return 0;
+}
+
+static X509 *
+tlso_get_cert( SSL *s )
+{
+	/* If peer cert was bad, treat as if no cert was given */
+	if (SSL_get_verify_result(s)) {
+		return NULL;
+	}
+	return SSL_get_peer_certificate(s);
+}
+
+static int
+tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
+{
+	tlso_session *s = (tlso_session *)sess;
+	X509 *x = tlso_get_cert( s );
+	X509_NAME *xn;
+
+	if ( !x )
+		return LDAP_INVALID_CREDENTIALS;
+
+	xn = X509_get_subject_name(x);
+	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+	der_dn->bv_val = xn->bytes->data;
+	X509_free(x);
+	return 0;
+}
+
+/* what kind of hostname were we given? */
+#define	IS_DNS	0
+#define	IS_IP4	1
+#define	IS_IP6	2
+
+static int
+tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in )
+{
+	tlso_session *s = (tlso_session *)sess;
+	int i, ret = LDAP_LOCAL_ERROR;
+	X509 *x;
+	const char *name;
+	char *ptr;
+	int ntype = IS_DNS;
+#ifdef LDAP_PF_INET6
+	struct in6_addr addr;
+#else
+	struct in_addr addr;
+#endif
+
+	if( ldap_int_hostname &&
+		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
+	{
+		name = ldap_int_hostname;
+	} else {
+		name = name_in;
+	}
+
+	x = tlso_get_cert(s);
+	if (!x) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: unable to get peer certificate.\n",
+			0, 0, 0 );
+		/* If this was a fatal condition, things would have
+		 * aborted long before now.
+		 */
+		return LDAP_SUCCESS;
+	}
+
+#ifdef LDAP_PF_INET6
+	if (name[0] == '[' && strchr(name, ']')) {
+		char *n2 = ldap_strdup(name+1);
+		*strchr(n2, ']') = 0;
+		if (inet_pton(AF_INET6, n2, &addr))
+			ntype = IS_IP6;
+		LDAP_FREE(n2);
+	} else 
+#endif
+	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
+		if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
+	}
+	
+	i = X509_get_ext_by_NID(x, NID_subject_alt_name, -1);
+	if (i >= 0) {
+		X509_EXTENSION *ex;
+		STACK_OF(GENERAL_NAME) *alt;
+
+		ex = X509_get_ext(x, i);
+		alt = X509V3_EXT_d2i(ex);
+		if (alt) {
+			int n, len1 = 0, len2 = 0;
+			char *domain = NULL;
+			GENERAL_NAME *gn;
+
+			if (ntype == IS_DNS) {
+				len1 = strlen(name);
+				domain = strchr(name, '.');
+				if (domain) {
+					len2 = len1 - (domain-name);
+				}
+			}
+			n = sk_GENERAL_NAME_num(alt);
+			for (i=0; i<n; i++) {
+				char *sn;
+				int sl;
+				gn = sk_GENERAL_NAME_value(alt, i);
+				if (gn->type == GEN_DNS) {
+					if (ntype != IS_DNS) continue;
+
+					sn = (char *) ASN1_STRING_data(gn->d.ia5);
+					sl = ASN1_STRING_length(gn->d.ia5);
+
+					/* ignore empty */
+					if (sl == 0) continue;
+
+					/* Is this an exact match? */
+					if ((len1 == sl) && !strncasecmp(name, sn, len1)) {
+						break;
+					}
+
+					/* Is this a wildcard match? */
+					if (domain && (sn[0] == '*') && (sn[1] == '.') &&
+						(len2 == sl-1) && !strncasecmp(domain, &sn[1], len2))
+					{
+						break;
+					}
+
+				} else if (gn->type == GEN_IPADD) {
+					if (ntype == IS_DNS) continue;
+
+					sn = (char *) ASN1_STRING_data(gn->d.ia5);
+					sl = ASN1_STRING_length(gn->d.ia5);
+
+#ifdef LDAP_PF_INET6
+					if (ntype == IS_IP6 && sl != sizeof(struct in6_addr)) {
+						continue;
+					} else
+#endif
+					if (ntype == IS_IP4 && sl != sizeof(struct in_addr)) {
+						continue;
+					}
+					if (!memcmp(sn, &addr, sl)) {
+						break;
+					}
+				}
+			}
+
+			GENERAL_NAMES_free(alt);
+			if (i < n) {	/* Found a match */
+				ret = LDAP_SUCCESS;
+			}
+		}
+	}
+
+	if (ret != LDAP_SUCCESS) {
+		X509_NAME *xn;
+		char buf[2048];
+		buf[0] = '\0';
+
+		xn = X509_get_subject_name(x);
+		if( X509_NAME_get_text_by_NID( xn, NID_commonName,
+			buf, sizeof(buf)) == -1)
+		{
+			Debug( LDAP_DEBUG_ANY,
+				"TLS: unable to get common name from peer certificate.\n",
+				0, 0, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: unable to get CN from peer certificate"));
+
+		} else if (strcasecmp(name, buf) == 0 ) {
+			ret = LDAP_SUCCESS;
+
+		} else if (( buf[0] == '*' ) && ( buf[1] == '.' )) {
+			char *domain = strchr(name, '.');
+			if( domain ) {
+				size_t dlen = 0;
+				size_t sl;
+
+				sl = strlen(name);
+				dlen = sl - (domain-name);
+				sl = strlen(buf);
+
+				/* Is this a wildcard match? */
+				if ((dlen == sl-1) && !strncasecmp(domain, &buf[1], dlen)) {
+					ret = LDAP_SUCCESS;
+				}
+			}
+		}
+
+		if( ret == LDAP_LOCAL_ERROR ) {
+			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+				"common name in certificate (%s).\n", 
+				name, buf, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: hostname does not match CN in peer certificate"));
+		}
+	}
+	X509_free(x);
+	return ret;
+}
+
+static int
+tlso_session_strength( tls_session *sess )
+{
+	tlso_session *s = (tlso_session *)sess;
+	SSL_CIPHER *c;
+
+	c = SSL_get_current_cipher(s);
+	return SSL_CIPHER_get_bits(c, NULL);
+}
+
+/*
+ * TLS support for LBER Sockbufs
+ */
+
+struct tls_data {
+	tlso_session		*session;
+	Sockbuf_IO_Desc		*sbiod;
+};
+
+static int
+tlso_bio_create( BIO *b ) {
+	b->init = 1;
+	b->num = 0;
+	b->ptr = NULL;
+	b->flags = 0;
+	return 1;
+}
+
+static int
+tlso_bio_destroy( BIO *b )
+{
+	if ( b == NULL ) return 0;
+
+	b->ptr = NULL;		/* sb_tls_remove() will free it */
+	b->init = 0;
+	b->flags = 0;
+	return 1;
+}
+
+static int
+tlso_bio_read( BIO *b, char *buf, int len )
+{
+	struct tls_data		*p;
+	int			ret;
+		
+	if ( buf == NULL || len <= 0 ) return 0;
+
+	p = (struct tls_data *)b->ptr;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return 0;
+	}
+
+	ret = LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
+
+	BIO_clear_retry_flags( b );
+	if ( ret < 0 ) {
+		int err = sock_errno();
+		if ( err == EAGAIN || err == EWOULDBLOCK ) {
+			BIO_set_retry_read( b );
+		}
+	}
+
+	return ret;
+}
+
+static int
+tlso_bio_write( BIO *b, const char *buf, int len )
+{
+	struct tls_data		*p;
+	int			ret;
+	
+	if ( buf == NULL || len <= 0 ) return 0;
+	
+	p = (struct tls_data *)b->ptr;
+
+	if ( p == NULL || p->sbiod == NULL ) {
+		return 0;
+	}
+
+	ret = LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
+
+	BIO_clear_retry_flags( b );
+	if ( ret < 0 ) {
+		int err = sock_errno();
+		if ( err == EAGAIN || err == EWOULDBLOCK ) {
+			BIO_set_retry_write( b );
+		}
+	}
+
+	return ret;
+}
+
+static long
+tlso_bio_ctrl( BIO *b, int cmd, long num, void *ptr )
+{
+	if ( cmd == BIO_CTRL_FLUSH ) {
+		/* The OpenSSL library needs this */
+		return 1;
+	}
+	return 0;
+}
+
+static int
+tlso_bio_gets( BIO *b, char *buf, int len )
+{
+	return -1;
+}
+
+static int
+tlso_bio_puts( BIO *b, const char *str )
+{
+	return tlso_bio_write( b, str, strlen( str ) );
+}
+	
+static BIO_METHOD tlso_bio_method =
+{
+	( 100 | 0x400 ),		/* it's a source/sink BIO */
+	"sockbuf glue",
+	tlso_bio_write,
+	tlso_bio_read,
+	tlso_bio_puts,
+	tlso_bio_gets,
+	tlso_bio_ctrl,
+	tlso_bio_create,
+	tlso_bio_destroy
+};
+
+static int
+tlso_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
+{
+	struct tls_data		*p;
+	BIO			*bio;
+
+	assert( sbiod != NULL );
+
+	p = LBER_MALLOC( sizeof( *p ) );
+	if ( p == NULL ) {
+		return -1;
+	}
+	
+	p->session = arg;
+	p->sbiod = sbiod;
+	bio = BIO_new( &tlso_bio_method );
+	bio->ptr = (void *)p;
+	SSL_set_bio( p->session, bio, bio );
+	sbiod->sbiod_pvt = p;
+	return 0;
+}
+
+static int
+tlso_sb_remove( Sockbuf_IO_Desc *sbiod )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	SSL_free( p->session );
+	LBER_FREE( sbiod->sbiod_pvt );
+	sbiod->sbiod_pvt = NULL;
+	return 0;
+}
+
+static int
+tlso_sb_close( Sockbuf_IO_Desc *sbiod )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	SSL_shutdown( p->session );
+	return 0;
+}
+
+static int
+tlso_sb_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
+{
+	struct tls_data		*p;
+	
+	assert( sbiod != NULL );
+	assert( sbiod->sbiod_pvt != NULL );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+	
+	if ( opt == LBER_SB_OPT_GET_SSL ) {
+		*((tlso_session **)arg) = p->session;
+		return 1;
+
+	} else if ( opt == LBER_SB_OPT_DATA_READY ) {
+		if( SSL_pending( p->session ) > 0 ) {
+			return 1;
+		}
+	}
+	
+	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
+}
+
+static ber_slen_t
+tlso_sb_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct tls_data		*p;
+	ber_slen_t		ret;
+	int			err;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+
+	ret = SSL_read( p->session, (char *)buf, len );
+#ifdef HAVE_WINSOCK
+	errno = WSAGetLastError();
+#endif
+	err = SSL_get_error( p->session, ret );
+	if (err == SSL_ERROR_WANT_READ ) {
+		sbiod->sbiod_sb->sb_trans_needs_read = 1;
+		sock_errset(EWOULDBLOCK);
+	}
+	else
+		sbiod->sbiod_sb->sb_trans_needs_read = 0;
+	return ret;
+}
+
+static ber_slen_t
+tlso_sb_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
+{
+	struct tls_data		*p;
+	ber_slen_t		ret;
+	int			err;
+
+	assert( sbiod != NULL );
+	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );
+
+	p = (struct tls_data *)sbiod->sbiod_pvt;
+
+	ret = SSL_write( p->session, (char *)buf, len );
+#ifdef HAVE_WINSOCK
+	errno = WSAGetLastError();
+#endif
+	err = SSL_get_error( p->session, ret );
+	if (err == SSL_ERROR_WANT_WRITE ) {
+		sbiod->sbiod_sb->sb_trans_needs_write = 1;
+		sock_errset(EWOULDBLOCK);
+
+	} else {
+		sbiod->sbiod_sb->sb_trans_needs_write = 0;
+	}
+	return ret;
+}
+
+static Sockbuf_IO tlso_sbio =
+{
+	tlso_sb_setup,		/* sbi_setup */
+	tlso_sb_remove,		/* sbi_remove */
+	tlso_sb_ctrl,		/* sbi_ctrl */
+	tlso_sb_read,		/* sbi_read */
+	tlso_sb_write,		/* sbi_write */
+	tlso_sb_close		/* sbi_close */
+};
+
+/* Derived from openssl/apps/s_cb.c */
+static void
+tlso_info_cb( const SSL *ssl, int where, int ret )
+{
+	int w;
+	char *op;
+	char *state = (char *) SSL_state_string_long( (SSL *)ssl );
+
+	w = where & ~SSL_ST_MASK;
+	if ( w & SSL_ST_CONNECT ) {
+		op = "SSL_connect";
+	} else if ( w & SSL_ST_ACCEPT ) {
+		op = "SSL_accept";
+	} else {
+		op = "undefined";
+	}
+
+#ifdef HAVE_EBCDIC
+	if ( state ) {
+		state = LDAP_STRDUP( state );
+		__etoa( state );
+	}
+#endif
+	if ( where & SSL_CB_LOOP ) {
+		Debug( LDAP_DEBUG_TRACE,
+			   "TLS trace: %s:%s\n",
+			   op, state, 0 );
+
+	} else if ( where & SSL_CB_ALERT ) {
+		char *atype = (char *) SSL_alert_type_string_long( ret );
+		char *adesc = (char *) SSL_alert_desc_string_long( ret );
+		op = ( where & SSL_CB_READ ) ? "read" : "write";
+#ifdef HAVE_EBCDIC
+		if ( atype ) {
+			atype = LDAP_STRDUP( atype );
+			__etoa( atype );
+		}
+		if ( adesc ) {
+			adesc = LDAP_STRDUP( adesc );
+			__etoa( adesc );
+		}
+#endif
+		Debug( LDAP_DEBUG_TRACE,
+			   "TLS trace: SSL3 alert %s:%s:%s\n",
+			   op, atype, adesc );
+#ifdef HAVE_EBCDIC
+		if ( atype ) LDAP_FREE( atype );
+		if ( adesc ) LDAP_FREE( adesc );
+#endif
+	} else if ( where & SSL_CB_EXIT ) {
+		if ( ret == 0 ) {
+			Debug( LDAP_DEBUG_TRACE,
+				   "TLS trace: %s:failed in %s\n",
+				   op, state, 0 );
+		} else if ( ret < 0 ) {
+			Debug( LDAP_DEBUG_TRACE,
+				   "TLS trace: %s:error in %s\n",
+				   op, state, 0 );
+		}
+	}
+#ifdef HAVE_EBCDIC
+	if ( state ) LDAP_FREE( state );
+#endif
+}
+
+static int
+tlso_verify_cb( int ok, X509_STORE_CTX *ctx )
+{
+	X509 *cert;
+	int errnum;
+	int errdepth;
+	X509_NAME *subject;
+	X509_NAME *issuer;
+	char *sname;
+	char *iname;
+	char *certerr = NULL;
+
+	cert = X509_STORE_CTX_get_current_cert( ctx );
+	errnum = X509_STORE_CTX_get_error( ctx );
+	errdepth = X509_STORE_CTX_get_error_depth( ctx );
+
+	/*
+	 * X509_get_*_name return pointers to the internal copies of
+	 * those things requested.  So do not free them.
+	 */
+	subject = X509_get_subject_name( cert );
+	issuer = X509_get_issuer_name( cert );
+	/* X509_NAME_oneline, if passed a NULL buf, allocate memomry */
+	sname = X509_NAME_oneline( subject, NULL, 0 );
+	iname = X509_NAME_oneline( issuer, NULL, 0 );
+	if ( !ok ) certerr = (char *)X509_verify_cert_error_string( errnum );
+#ifdef HAVE_EBCDIC
+	if ( sname ) __etoa( sname );
+	if ( iname ) __etoa( iname );
+	if ( certerr ) {
+		certerr = LDAP_STRDUP( certerr );
+		__etoa( certerr );
+	}
+#endif
+	Debug( LDAP_DEBUG_TRACE,
+		   "TLS certificate verification: depth: %d, err: %d, subject: %s,",
+		   errdepth, errnum,
+		   sname ? sname : "-unknown-" );
+	Debug( LDAP_DEBUG_TRACE, " issuer: %s\n", iname ? iname : "-unknown-", 0, 0 );
+	if ( !ok ) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS certificate verification: Error, %s\n",
+			certerr, 0, 0 );
+	}
+	if ( sname )
+		CRYPTO_free ( sname );
+	if ( iname )
+		CRYPTO_free ( iname );
+#ifdef HAVE_EBCDIC
+	if ( certerr ) LDAP_FREE( certerr );
+#endif
+	return ok;
+}
+
+static int
+tlso_verify_ok( int ok, X509_STORE_CTX *ctx )
+{
+	(void) tlso_verify_cb( ok, ctx );
+	return 1;
+}
+
+/* Inspired by ERR_print_errors in OpenSSL */
+static void
+tlso_report_error( void )
+{
+	unsigned long l;
+	char buf[200];
+	const char *file;
+	int line;
+
+	while ( ( l = ERR_get_error_line( &file, &line ) ) != 0 ) {
+		ERR_error_string_n( l, buf, sizeof( buf ) );
+#ifdef HAVE_EBCDIC
+		if ( file ) {
+			file = LDAP_STRDUP( file );
+			__etoa( (char *)file );
+		}
+		__etoa( buf );
+#endif
+		Debug( LDAP_DEBUG_ANY, "TLS: %s %s:%d\n",
+			buf, file, line );
+#ifdef HAVE_EBCDIC
+		if ( file ) LDAP_FREE( (void *)file );
+#endif
+	}
+}
+
+static RSA *
+tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
+{
+	RSA *tmp_rsa;
+
+	/* FIXME:  Pregenerate the key on startup */
+	/* FIXME:  Who frees the key? */
+	tmp_rsa = RSA_generate_key( key_length, RSA_F4, NULL, NULL );
+
+	if ( !tmp_rsa ) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: Failed to generate temporary %d-bit %s RSA key\n",
+			key_length, is_export ? "export" : "domestic", 0 );
+		return NULL;
+	}
+	return tmp_rsa;
+}
+
+static int
+tlso_seed_PRNG( const char *randfile )
+{
+#ifndef URANDOM_DEVICE
+	/* no /dev/urandom (or equiv) */
+	long total=0;
+	char buffer[MAXPATHLEN];
+
+	if (randfile == NULL) {
+		/* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
+		 * If $HOME is not set or buffer too small to hold the pathname,
+		 * an error occurs.	- From RAND_file_name() man page.
+		 * The fact is that when $HOME is NULL, .rnd is used.
+		 */
+		randfile = RAND_file_name( buffer, sizeof( buffer ) );
+
+	} else if (RAND_egd(randfile) > 0) {
+		/* EGD socket */
+		return 0;
+	}
+
+	if (randfile == NULL) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: Use configuration file or $RANDFILE to define seed PRNG\n",
+			0, 0, 0);
+		return -1;
+	}
+
+	total = RAND_load_file(randfile, -1);
+
+	if (RAND_status() == 0) {
+		Debug( LDAP_DEBUG_ANY,
+			"TLS: PRNG not been seeded with enough data\n",
+			0, 0, 0);
+		return -1;
+	}
+
+	/* assume if there was enough bits to seed that it's okay
+	 * to write derived bits to the file
+	 */
+	RAND_write_file(randfile);
+
+#endif
+
+	return 0;
+}
+
+struct dhinfo {
+	int keylength;
+	const char *pem;
+	size_t size;
+};
+
+
+/* From the OpenSSL 0.9.7 distro */
+static const char tlso_dhpem512[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn\n\
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC\n\
+-----END DH PARAMETERS-----\n";
+
+static const char tlso_dhpem1024[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq\n\
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx\n\
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC\n\
+-----END DH PARAMETERS-----\n";
+
+static const char tlso_dhpem2048[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o\n\
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh\n\
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo\n\
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW\n\
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA\n\
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==\n\
+-----END DH PARAMETERS-----\n";
+
+static const char tlso_dhpem4096[] =
+"-----BEGIN DH PARAMETERS-----\n\
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7\n\
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H\n\
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF\n\
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1\n\
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE\n\
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9\n\
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3\n\
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH\n\
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb\n\
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR\n\
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=\n\
+-----END DH PARAMETERS-----\n";
+
+static const struct dhinfo tlso_dhpem[] = {
+	{ 512, tlso_dhpem512, sizeof(tlso_dhpem512) },
+	{ 1024, tlso_dhpem1024, sizeof(tlso_dhpem1024) },
+	{ 2048, tlso_dhpem2048, sizeof(tlso_dhpem2048) },
+	{ 4096, tlso_dhpem4096, sizeof(tlso_dhpem4096) },
+	{ 0, NULL, 0 }
+};
+
+static DH *
+tlso_tmp_dh_cb( SSL *ssl, int is_export, int key_length )
+{
+	struct dhplist *p = NULL;
+	BIO *b = NULL;
+	DH *dh = NULL;
+	int i;
+
+	/* Do we have params of this length already? */
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_lock( &tlso_dh_mutex );
+#endif
+	for ( p = tlso_dhparams; p; p=p->next ) {
+		if ( p->keylength == key_length ) {
+#ifdef LDAP_R_COMPILE
+			ldap_pvt_thread_mutex_unlock( &tlso_dh_mutex );
+#endif
+			return p->param;
+		}
+	}
+
+	/* No - check for hardcoded params */
+
+	for (i=0; tlso_dhpem[i].keylength; i++) {
+		if ( tlso_dhpem[i].keylength == key_length ) {
+			b = BIO_new_mem_buf( (char *)tlso_dhpem[i].pem, tlso_dhpem[i].size );
+			break;
+		}
+	}
+
+	if ( b ) {
+		dh = PEM_read_bio_DHparams( b, NULL, NULL, NULL );
+		BIO_free( b );
+	}
+
+	/* Generating on the fly is expensive/slow... */
+	if ( !dh ) {
+		dh = DH_generate_parameters( key_length, DH_GENERATOR_2, NULL, NULL );
+	}
+	if ( dh ) {
+		p = LDAP_MALLOC( sizeof(struct dhplist) );
+		if ( p != NULL ) {
+			p->keylength = key_length;
+			p->param = dh;
+			p->next = tlso_dhparams;
+			tlso_dhparams = p;
+		}
+	}
+
+#ifdef LDAP_R_COMPILE
+	ldap_pvt_thread_mutex_unlock( &tlso_dh_mutex );
+#endif
+	return dh;
+}
+
+tls_impl ldap_int_tls_impl = {
+	"OpenSSL",
+
+	tlso_init,
+	tlso_destroy,
+
+	tlso_ctx_new,
+	tlso_ctx_ref,
+	tlso_ctx_free,
+	tlso_ctx_init,
+
+	tlso_session_new,
+	tlso_session_connect,
+	tlso_session_accept,
+	tlso_session_upflags,
+	tlso_session_errmsg,
+	tlso_session_my_dn,
+	tlso_session_peer_dn,
+	tlso_session_chkhost,
+	tlso_session_strength,
+
+	&tlso_sbio,
+
+#ifdef LDAP_R_COMPILE
+	tlso_thr_init,
+#else
+	NULL,
+#endif
+
+	0
+};
+
+#endif /* HAVE_OPENSSL */

Modified: openldap/vendor/openldap-release/libraries/libldap/turn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/turn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/turn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/turn.c,v 1.3.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/turn.c,v 1.3.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/txn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/txn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/txn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/txn.c,v 1.8.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/txn.c,v 1.8.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2006-2008 The OpenLDAP Foundation.
+ * Copyright 2006-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/unbind.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/unbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/unbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.56.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/unbind.c,v 1.56.2.6 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -112,6 +112,18 @@
 	ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
 #endif
 
+	/* final close callbacks */
+	{
+		ldaplist *ll, *next;
+
+		for ( ll = ld->ld_options.ldo_conn_cbs; ll; ll = next ) {
+			ldap_conncb *cb = ll->ll_data;
+			next = ll->ll_next;
+			cb->lc_del( ld, NULL, cb );
+			LDAP_FREE( ll );
+		}
+	}
+
 	if ( ld->ld_error != NULL ) {
 		LDAP_FREE( ld->ld_error );
 		ld->ld_error = NULL;

Modified: openldap/vendor/openldap-release/libraries/libldap/url.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/url.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/url.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* LIBLDAP url.c -- LDAP URL (RFC 4516) related routines */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/url.c,v 1.94.2.8 2008/02/11 23:41:37 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/url.c,v 1.94.2.10 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -590,9 +590,11 @@
 	}
 
 	if ( u->lud_host && u->lud_host[0] ) {
+		char *ptr;
 		len += hex_escape_len( u->lud_host, URLESC_SLASH );
-		if ( !is_ipc && strchr( u->lud_host, ':' )) {
-			len += 2;	/* IPv6, [] */
+		if ( !is_ipc && ( ptr = strchr( u->lud_host, ':' ))) {
+			if ( strchr( ptr+1, ':' ))
+				len += 2;	/* IPv6, [] */
 		}
 	}
 
@@ -610,6 +612,7 @@
 	int		is_v6 = 0;
 	int		is_ipc = 0;
 	struct berval	scope = BER_BVNULL;
+	char		*ptr;
 
 	if ( u == NULL ) {
 		return -1;
@@ -637,8 +640,9 @@
 		sep = 1;
 	}
 
-	if ( !is_ipc && u->lud_host && strchr( u->lud_host, ':' )) {
-		is_v6 = 1;
+	if ( !is_ipc && u->lud_host && ( ptr = strchr( u->lud_host, ':' ))) {
+		if ( strchr( ptr+1, ':' ))
+			is_v6 = 1;
 	}
 
 	if ( u->lud_port ) {

Modified: openldap/vendor/openldap-release/libraries/libldap/urltest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/urltest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/urltest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* urltest.c -- OpenLDAP URL API Test Program */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/urltest.c,v 1.1.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/urltest.c,v 1.1.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/utf-8-conv.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8-conv.c,v 1.16.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8-conv.c,v 1.16.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/utf-8.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/utf-8.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/utf-8.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* utf-8.c -- Basic UTF-8 routines */
-/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8.c,v 1.36.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/utf-8.c,v 1.36.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap/util-int.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/util-int.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/util-int.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/util-int.c,v 1.57.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/util-int.c,v 1.57.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998 A. Hartgers.
  * All rights reserved.
  *
@@ -411,7 +411,10 @@
 #ifdef HAVE_CYRUS_SASL
 	ldap_pvt_thread_mutex_init( &ldap_int_sasl_mutex );
 #endif
+#ifdef HAVE_GSSAPI
+	ldap_pvt_thread_mutex_init( &ldap_int_gssapi_mutex );
 #endif
+#endif
 
 	/* call other module init functions here... */
 }

Modified: openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/vlvctrl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/vlvctrl.c,v 1.21.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/vlvctrl.c,v 1.21.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -101,6 +101,7 @@
 
 	value->bv_val = NULL;
 	value->bv_len = 0;
+	ld->ld_errno = LDAP_SUCCESS;
 
 	ber = ldap_alloc_ber_with_options( ld );
 	if ( ber == NULL ) {

Modified: openldap/vendor/openldap-release/libraries/libldap/whoami.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap/whoami.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap/whoami.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap/whoami.c,v 1.10.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap/whoami.c,v 1.10.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for LDAP -lldap
-# $OpenLDAP: pkg/ldap/libraries/libldap_r/Makefile.in,v 1.79.2.6 2008/07/09 00:29:57 quanah Exp $
+# $OpenLDAP: pkg/ldap/libraries/libldap_r/Makefile.in,v 1.79.2.10 2009/01/27 00:03:04 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -22,14 +22,15 @@
 	bind.c open.c result.c error.c compare.c search.c \
 	controls.c messages.c references.c extended.c cyrus.c \
 	modify.c add.c modrdn.c delete.c abandon.c \
-	sasl.c sbind.c unbind.c cancel.c \
+	sasl.c gssapi.c sbind.c unbind.c cancel.c \
 	filter.c free.c sort.c passwd.c whoami.c \
 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
 	request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
 	init.c options.c print.c string.c util-int.c schema.c \
-	charray.c tls.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+	charray.c os-local.c dnssrv.c utf-8.c utf-8-conv.c \
+	tls2.c tls_o.c tls_g.c tls_m.c \
 	turn.c ppolicy.c dds.c txn.c ldap_sync.c stctrl.c \
-	assertion.c
+	assertion.c deref.c
 SRCS	= threads.c rdwr.c rmutex.c tpool.c rq.c \
 	thr_posix.c thr_cthreads.c thr_thr.c thr_lwp.c thr_nt.c \
 	thr_pth.c thr_stub.c thr_debug.c
@@ -39,14 +40,15 @@
 	bind.lo open.lo result.lo error.lo compare.lo search.lo \
 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
-	sasl.lo sbind.lo unbind.lo cancel.lo \
+	sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
 	request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
 	init.lo options.lo print.lo string.lo util-int.lo schema.lo \
-	charray.lo tls.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+	charray.lo os-local.lo dnssrv.lo utf-8.lo utf-8-conv.lo \
+	tls2.lo tls_o.lo tls_g.lo tls_m.lo \
 	turn.lo ppolicy.lo dds.lo txn.lo ldap_sync.lo stctrl.lo \
-	assertion.lo
+	assertion.lo deref.lo
 
 LDAP_INCDIR= ../../include       
 LDAP_LIBDIR= ../../libraries

Modified: openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/ldap_thr_debug.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldap_thr_debug.h - preprocessor magic for LDAP_THREAD_DEBUG */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/ldap_thr_debug.h,v 1.3.2.5 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/ldap_thr_debug.h,v 1.3.2.6 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/rdwr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rdwr.c,v 1.28.2.3 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rdwr.c,v 1.28.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/rmutex.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/rmutex.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/rmutex.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rmutex.c,v 1.2.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rmutex.c,v 1.2.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2006-2008 The OpenLDAP Foundation.
+ * Copyright 2006-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/rq.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/rq.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/rq.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rq.c,v 1.23.2.4 2008/02/11 23:26:41 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/rq.c,v 1.23.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_cthreads.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_cthreads.c - wrapper for mach cthreads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_cthreads.c,v 1.20.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_cthreads.c,v 1.20.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_debug.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_debug.c - wrapper around the chosen thread wrapper, for debugging. */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_debug.c,v 1.5.2.6 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_debug.c,v 1.5.2.7 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_lwp.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_lwp.c - wrappers around SunOS LWP threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_lwp.c,v 1.20.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_lwp.c,v 1.20.2.4 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_nt.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_nt.c - wrapper around NT threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_nt.c,v 1.32.2.5 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_nt.c,v 1.32.2.6 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_posix.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_posix.c - wrapper around posix and posixish thread implementations.  */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_posix.c,v 1.46.2.5 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_posix.c,v 1.46.2.6 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_pth.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_pth.c - wrappers around GNU Pth */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_pth.c,v 1.16.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_pth.c,v 1.16.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_stub.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_stub.c - stubs for the threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.27.2.8 2008/05/27 20:07:31 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_stub.c,v 1.27.2.9 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/thr_thr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thr_thr.c - wrappers around solaris threads */
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_thr.c,v 1.18.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/thr_thr.c,v 1.18.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/threads.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/threads.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/threads.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/threads.c,v 1.18.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/threads.c,v 1.18.2.5 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/libldap_r/tpool.c
===================================================================
--- openldap/vendor/openldap-release/libraries/libldap_r/tpool.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/libldap_r/tpool.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.52.2.13 2008/03/21 00:46:03 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/libldap_r/tpool.c,v 1.52.2.15 2009/01/22 00:00:56 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -785,8 +785,7 @@
 	SET_VARY_OPEN_COUNT(pool);
 	pool->ltp_work_list = &pool->ltp_pending_list;
 
-	if (!pool->ltp_finishing)
-		ldap_pvt_thread_cond_broadcast(&pool->ltp_cond);
+	ldap_pvt_thread_cond_broadcast(&pool->ltp_cond);
 
 	ldap_pvt_thread_mutex_unlock(&pool->ltp_mutex);
 	return(0);

Modified: openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for LDAP -llunicode
-# $OpenLDAP: pkg/ldap/libraries/liblunicode/Makefile.in,v 1.31.2.5 2008/02/11 23:26:42 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/liblunicode/Makefile.in,v 1.31.2.6 2009/01/22 00:00:57 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.32.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.32.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucdata.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.19.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.19.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucgendat.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.39.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.39.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.7.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.7.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucdata/ucpgba.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.8.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.8.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ucstr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.37.2.4 2008/04/14 19:12:11 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.37.2.5 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.17.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.17.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ure/ure.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.h,v 1.13.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.h,v 1.13.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/ure/urestubs.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.14.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.14.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.7.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.7.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbm.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.8.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.8.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblunicode/utbm/utbmstub.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.6.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.6.2.4 2009/01/22 00:00:57 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile for -llutil
-# $OpenLDAP: pkg/ldap/libraries/liblutil/Makefile.in,v 1.38.2.3 2008/02/11 23:26:42 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/liblutil/Makefile.in,v 1.38.2.5 2009/02/05 20:10:59 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ## 
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -31,11 +31,13 @@
 	md5.c passwd.c sha1.c getpass.c lockf.c utils.c uuid.c sockpair.c \
 	avl.c tavl.c ldif.c fetch.c \
 	testavl.c \
+	meter.c \
 	@LIBSRCS@ $(@PLAT at _SRCS)
 
 OBJS	= base64.o csn.o entropy.o sasl.o signal.o hash.o passfile.o \
 	md5.o passwd.o sha1.o getpass.o lockf.o utils.o uuid.o sockpair.o \
 	avl.o tavl.o ldif.o fetch.o \
+	meter.o \
 	@LIBOBJS@ $(@PLAT at _OBJS)
 
 testavl: $(XLIBS) testavl.o

Modified: openldap/vendor/openldap-release/libraries/liblutil/avl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/avl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/avl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* avl.c - routines to implement an avl tree */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/avl.c,v 1.9.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/avl.c,v 1.9.2.5 2009/01/30 20:12:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,7 @@
 
 #include "portable.h"
 
+#include <limits.h>
 #include <stdio.h>
 #include <ac/stdlib.h>
 
@@ -48,6 +49,9 @@
 #define AVL_INTERNAL
 #include "avl.h"
 
+/* Maximum tree depth this host's address space could support */
+#define MAX_TREE_DEPTH	(sizeof(void *) * CHAR_BIT)
+
 static const int avl_bfs[] = {LH, RH};
 
 /*
@@ -180,8 +184,8 @@
 	int side, side_bf, shorter, nside;
 
 	/* parent stack */
-	Avlnode *pptr[sizeof(void *)*8];
-	unsigned char pdir[sizeof(void *)*8];
+	Avlnode *pptr[MAX_TREE_DEPTH];
+	unsigned char pdir[MAX_TREE_DEPTH];
 	int depth = 0;
 
 	if ( *root == NULL )

Modified: openldap/vendor/openldap-release/libraries/liblutil/base64.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/base64.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/base64.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* base64.c -- routines to encode/decode base64 data */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/base64.c,v 1.15.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/base64.c,v 1.15.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 1995 IBM Corporation.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/libraries/liblutil/csn.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/csn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/csn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* csn.c - Change Sequence Number routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/csn.c,v 1.14.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/csn.c,v 1.14.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/detach.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/detach.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/detach.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* detach.c -- routines to daemonize a process */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/detach.c,v 1.18.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/detach.c,v 1.18.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/entropy.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/entropy.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/entropy.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* entropy.c -- routines for providing pseudo-random data */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/entropy.c,v 1.29.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/entropy.c,v 1.29.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/fetch.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/fetch.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/fetch.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* fetch.c - routines for fetching data at URLs */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/fetch.c,v 1.10.2.5 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/fetch.c,v 1.10.2.6 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/getopt.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getopt.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/getopt.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* getopt.c -- replacement getopt(3) routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getopt.c,v 1.16.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getopt.c,v 1.16.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/getpass.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getpass.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/getpass.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* getpass.c -- get password from user */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.17.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpass.c,v 1.17.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/getpeereid.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* getpeereid.c */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.24.2.4 2008/07/15 18:29:53 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/getpeereid.c,v 1.24.2.5 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/hash.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/hash.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/hash.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/hash.c,v 1.8.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/hash.c,v 1.8.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/liblutil/ldif.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ldif.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/ldif.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldif.c - routines for dealing with LDIF files */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.15.2.6 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ldif.c,v 1.15.2.7 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/lockf.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/lockf.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/lockf.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/lockf.c,v 1.15.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/lockf.c,v 1.15.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/md5.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/md5.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/md5.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* md5.c -- MD5 message-digest algorithm */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/md5.c,v 1.19.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/md5.c,v 1.19.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/memcmp.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/memcmp.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/memcmp.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/memcmp.c,v 1.9.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/memcmp.c,v 1.9.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/libraries/liblutil/meter.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/meter.c	                        (rev 0)
+++ openldap/vendor/openldap-release/libraries/liblutil/meter.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,387 @@
+/* meter.c - lutil_meter meters */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/meter.c,v 1.2.2.1 2009/02/05 20:10:59 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright (c) 2009 by Matthew Backes, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Matthew Backes for inclusion
+ * in OpenLDAP software.
+ */
+
+#include "portable.h"
+#include "lutil_meter.h"
+
+#include <ac/assert.h>
+#include <ac/string.h>
+
+int
+lutil_time_string (
+	char *dest,
+	int duration,
+	int max_terms)
+{
+	static const int time_div[] = {31556952,
+				       604800,
+				       86400,
+				       3600,
+				       60,
+				       1,
+				       0};
+	const int * time_divp = time_div;
+	static const char * time_name_ch = "ywdhms";
+	const char * time_name_chp = time_name_ch;
+	int term_count = 0;
+	char *buf = dest;
+	int time_quot;
+	
+	assert ( max_terms >= 2 ); /* room for "none" message */
+
+	if ( duration < 0 ) {
+		*dest = '\0';
+		return 1;
+	}
+	if ( duration == 0 ) {
+		strcpy( dest, "none" );
+		return 0;
+	}
+	while ( term_count < max_terms && duration > 0 ) {
+		if (duration > *time_divp) {
+			time_quot = duration / *time_divp;
+			duration %= *time_divp;
+			if (time_quot > 99) {
+				return 1;
+			} else {
+				*(buf++) = time_quot / 10 + '0';
+				*(buf++) = time_quot % 10 + '0';
+				*(buf++) = *time_name_chp;
+				++term_count;
+			}
+		}
+		if ( *(++time_divp) == 0) duration = 0;
+		++time_name_chp;
+	}
+	*buf = '\0';
+	return 0;
+}
+
+int
+lutil_get_now (double *now)
+{
+#ifdef HAVE_GETTIMEOFDAY
+	struct timeval tv;
+
+	assert( now );
+	gettimeofday( &tv, NULL );
+	*now = ((double) tv.tv_sec) + (((double) tv.tv_usec) / 1000000.0);
+	return 0;
+#else
+	time_t tm;
+
+	assert( now );
+	time( &tm );
+	now = (double) tm;
+	return 0;
+#endif
+}
+
+int
+lutil_meter_open (
+	lutil_meter_t *meter,
+	const lutil_meter_display_t *display, 
+	const lutil_meter_estimator_t *estimator,
+	unsigned long goal_value)
+{
+	int rc;
+
+	assert( meter != NULL );
+	assert( display != NULL );
+	assert( estimator != NULL );
+
+	if (goal_value < 1) return -1;
+
+	memset( (void*) meter, 0, sizeof( lutil_meter_t ));
+	meter->display = display;
+	meter->estimator = estimator;
+	lutil_get_now( &meter->start_time );
+	meter->last_update = meter->start_time;
+	meter->goal_value = goal_value;
+	meter->last_position = 0;
+
+	rc = meter->display->display_open( &meter->display_data );
+	if( rc != 0 ) return rc;
+	
+	rc = meter->estimator->estimator_open( &meter->estimator_data );
+	if( rc != 0 ) {
+		meter->display->display_close( &meter->display_data );
+		return rc;
+	}
+	
+	return 0;
+}
+
+int
+lutil_meter_update (
+	lutil_meter_t *meter,
+	unsigned long position,
+	int force)
+{
+	static const double display_rate = 0.5;
+	double frac, cycle_length, speed, now;
+	time_t remaining_time, elapsed;
+	int rc;
+
+	assert( meter != NULL );
+	assert( position >= 0 );
+
+	lutil_get_now( &now );
+
+	if ( !force && now - meter->last_update < display_rate ) return 0;
+
+	frac = ((double)position) / ((double) meter->goal_value);
+	elapsed = now - meter->start_time;
+	if (frac <= 0.0) return 0;
+	if (frac >= 1.0) {
+		rc = meter->display->display_update(
+			&meter->display_data,
+			1.0,
+			0,
+			(time_t) elapsed,
+			((double)position) / elapsed);
+	} else {
+		rc = meter->estimator->estimator_update( 
+			&meter->estimator_data, 
+			meter->start_time,
+			frac,
+			&remaining_time );
+		if ( rc == 0 ) {
+			cycle_length = now - meter->last_update;
+			speed = cycle_length > 0.0 ?
+				((double)(position - meter->last_position)) 
+				/ cycle_length :
+				0.0;
+			rc = meter->display->display_update(
+				&meter->display_data,
+				frac,
+				remaining_time,
+				(time_t) elapsed,
+				speed);
+			if ( rc == 0 ) {
+				meter->last_update = now;
+				meter->last_position = position;
+			}
+		}
+	}
+
+	return rc;
+}
+
+int
+lutil_meter_close (lutil_meter_t *meter)
+{
+	meter->estimator->estimator_close( &meter->estimator_data );
+	meter->display->display_close( &meter->display_data );
+
+	return 0;
+}
+
+/* Default display and estimator */
+typedef struct {
+	int buffer_length;
+	char * buffer;
+	int need_eol;
+	int phase;
+	FILE *output;
+} text_display_state_t;
+
+static int
+text_open (void ** display_datap)
+{
+	static const int default_buffer_length = 81;
+	text_display_state_t *data;
+
+	assert( display_datap != NULL );
+	data = calloc( 1, sizeof( text_display_state_t ));
+	assert( data != NULL );
+	data->buffer_length = default_buffer_length;
+	data->buffer = calloc( 1, default_buffer_length );
+	assert( data->buffer != NULL );
+	data->output = stderr;
+	*display_datap = data;
+	return 0;
+}
+
+static int
+text_update ( 
+	void **display_datap,
+	double frac,
+	time_t remaining_time,
+	time_t elapsed,
+	double byte_rate)
+{
+	text_display_state_t *data;
+	char *buf, *buf_end;
+
+	assert( display_datap != NULL );
+	assert( *display_datap != NULL );
+	data = (text_display_state_t*) *display_datap;
+
+	if ( data->output == NULL ) return 1;
+
+	buf = data->buffer;
+	buf_end = buf + data->buffer_length - 1;
+
+/* |#################### 100.00% eta  1d19h elapsed 23w 7d23h15m12s spd nnnn.n M/s */
+
+	{
+		/* spinner */
+		static const int phase_mod = 8;
+		static const char phase_char[] = "_.-*\"*-.";
+		*buf++ = phase_char[data->phase % phase_mod];
+		data->phase++;
+	}
+
+	{
+		/* bar */
+		static const int bar_length = 20;
+		static const double bar_lengthd = 20.0;
+		static const char fill_char = '#';
+		static const char blank_char = ' ';
+		char *bar_end = buf + bar_length;
+		char *bar_pos = frac < 0.0 ? 
+			buf :
+			frac < 1.0 ?
+			buf + (int) (bar_lengthd * frac) :
+			bar_end;
+
+		assert( (buf_end - buf) > bar_length );
+		while ( buf < bar_end ) {
+			*buf = buf < bar_pos ?
+				fill_char : blank_char;
+			++buf;
+		}
+	}
+
+	{
+		/* percent */
+		(void) snprintf( buf, buf_end-buf, "%7.2f%%", 100.0*frac );
+		buf += 8;
+	}
+
+	{
+		/* eta and elapsed */
+		char time_buffer[19];
+		int rc;
+		rc = lutil_time_string( time_buffer, remaining_time, 2);
+		if (rc == 0)
+			snprintf( buf, buf_end-buf, " eta %6s", time_buffer );
+		buf += 5+6;
+		rc = lutil_time_string( time_buffer, elapsed, 5);
+		if (rc == 0)
+			snprintf( buf, buf_end-buf, " elapsed %15s", 
+				  time_buffer );
+		buf += 9+15;
+	}
+
+	{
+		/* speed */
+		static const char prefixes[] = " kMGTPEZY";
+		const char *prefix_chp = prefixes;
+
+		while (*prefix_chp && byte_rate >= 1024.0) {
+			byte_rate /= 1024.0;
+			++prefix_chp;
+		}
+		if ( byte_rate >= 1024.0 ) {
+			snprintf( buf, buf_end-buf, " fast!" );
+			buf += 6;
+		} else {
+			snprintf( buf, buf_end-buf, " spd %5.1f %c/s",
+				  byte_rate,
+				  *prefix_chp);
+			buf += 5+6+4;
+		}
+	}
+
+	(void) fprintf( data->output,
+			"\r%-79s", 
+			data->buffer );
+	data->need_eol = 1;
+	return 0;
+}
+
+static int
+text_close (void ** display_datap)
+{
+	text_display_state_t *data;
+
+	if (display_datap) {
+		if (*display_datap) {
+			data = (text_display_state_t*) *display_datap;
+			if (data->output && data->need_eol) 
+				fputs ("\n", data->output);
+			if (data->buffer)
+				free( data->buffer );
+			free( data );
+		}
+		*display_datap = NULL;
+	}
+	return 0;
+}
+
+static int
+null_open_close (void **datap)
+{
+	assert( datap );
+	*datap = NULL;
+	return 0;
+}
+
+static int
+linear_update (
+	void **estimator_datap, 
+	double start, 
+	double frac, 
+	time_t *remaining)
+{
+	double now;
+	double elapsed;
+	
+	assert( estimator_datap != NULL );
+	assert( *estimator_datap == NULL );
+	assert( start > 0.0 );
+	assert( frac >= 0.0 );
+	assert( frac <= 1.0 );
+	assert( remaining != NULL );
+	lutil_get_now( &now );
+
+	elapsed = now-start;
+	assert( elapsed >= 0.0 );
+
+	if ( frac == 0.0 ) {
+		return 1;
+	} else if ( frac >= 1.0 ) {
+		*remaining = 0;
+		return 0;
+	} else {
+		*remaining = (time_t) (elapsed/frac-elapsed+0.5);
+		return 0;
+	}
+}
+
+const lutil_meter_display_t lutil_meter_text_display = {
+	text_open, text_update, text_close
+};
+
+const lutil_meter_estimator_t lutil_meter_linear_estimator = {
+	null_open_close, linear_update, null_open_close
+};

Modified: openldap/vendor/openldap-release/libraries/liblutil/ntservice.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ntservice.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/ntservice.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ntservice.c,v 1.31.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ntservice.c,v 1.31.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/passfile.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/passfile.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/passfile.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.8.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passfile.c,v 1.8.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/passwd.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/passwd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/passwd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.104.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/passwd.c,v 1.104.2.6 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -716,7 +716,7 @@
 	const struct berval *cred,
 	const char **text )
 {
-	int i;
+	ber_len_t i;
 	char UcasePassword[15];
 	des_cblock key;
 	des_key_schedule schedule;
@@ -1003,7 +1003,7 @@
 	const char **text )
 {
 
-	int i;
+	ber_len_t i;
 	char UcasePassword[15];
 	des_cblock key;
 	des_key_schedule schedule;

Modified: openldap/vendor/openldap-release/libraries/liblutil/ptest.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/ptest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/ptest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/ptest.c,v 1.12.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/ptest.c,v 1.12.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/sasl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/sasl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/sasl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/sasl.c,v 1.22.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sasl.c,v 1.22.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/setproctitle.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/setproctitle.c,v 1.15.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/setproctitle.c,v 1.15.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/sha1.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/sha1.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/sha1.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/sha1.c,v 1.26.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sha1.c,v 1.26.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/signal.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/signal.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/signal.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/signal.c,v 1.10.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/signal.c,v 1.10.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/sockpair.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/sockpair.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/sockpair.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/sockpair.c,v 1.17.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/sockpair.c,v 1.17.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/tavl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/tavl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/tavl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* avl.c - routines to implement an avl tree */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/tavl.c,v 1.12.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/tavl.c,v 1.12.2.6 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright (c) 2005 by Howard Chu, Symas Corp.
  * All rights reserved.
  *
@@ -448,13 +448,13 @@
 /*
  * tavl_find2 - returns Avlnode instead of data pointer.
  * tavl_find3 - as above, but returns Avlnode even if no match is found.
- *				also return the last comparison result in ret.
+ *				also set *ret = last comparison result, or -1 if root == NULL.
  */
 Avlnode *
 tavl_find3( Avlnode *root, const void *data, AVL_CMP fcmp, int *ret )
 {
-	int	cmp, dir;
-	Avlnode *prev;
+	int	cmp = -1, dir;
+	Avlnode *prev = root;
 
 	while ( root != 0 && (cmp = (*fcmp)( data, root->avl_data )) != 0 ) {
 		prev = root;

Modified: openldap/vendor/openldap-release/libraries/liblutil/testavl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/testavl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/testavl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* testavl.c - Test Tim Howes AVL code */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/testavl.c,v 1.4.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/testavl.c,v 1.4.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/testtavl.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/testtavl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/testtavl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* testavl.c - Test Tim Howes AVL code */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/testtavl.c,v 1.2.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/testtavl.c,v 1.2.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/liblutil/utils.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/utils.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/utils.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.33.2.17 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/utils.c,v 1.33.2.23 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -77,6 +77,13 @@
 	LUTIL_SLASHPATH( argv[0] );
 	progname = strrchr ( argv[0], *LDAP_DIRSEP );
 	progname = progname ? &progname[1] : argv[0];
+#ifdef _WIN32
+	{
+		size_t len = strlen( progname );
+		if ( len > 4 && strcasecmp( &progname[len - 4], ".exe" ) == 0 )
+			progname[len - 4] = '\0';
+	}
+#endif
 	return progname;
 }
 
@@ -296,41 +303,52 @@
 	GetSystemTime( &st );
 	QueryPerformanceCounter( &count );
 
+	/* It shouldn't ever go backwards, but multiple CPUs might
+	 * be able to hit in the same tick.
+	 */
+	if ( count.QuadPart <= prevCount.QuadPart ) {
+		subs++;
+	} else {
+		subs = 0;
+		prevCount = count;
+	}
+
 	/* We assume Windows has at least a vague idea of
 	 * when a second begins. So we align our microsecond count
 	 * with the Windows millisecond count using this offset.
 	 * We retain the submillisecond portion of our own count.
+	 *
+	 * Note - this also assumes that the relationship between
+	 * the PerformanceCouunter and SystemTime stays constant;
+	 * that assumption breaks if the SystemTime is adjusted by
+	 * an external action.
 	 */
 	if ( !cFreq.QuadPart ) {
 		long long t;
 		int usec;
 		QueryPerformanceFrequency( &cFreq );
 
-		t = count.QuadPart * 1000000;
-		t /= cFreq.QuadPart;
-		usec = t % 10000000;
-		usec /= 1000;
-		offset = ( usec - st.wMilliseconds ) * 1000;
-	}
+		/* just get sub-second portion of counter */
+		t = count.QuadPart % cFreq.QuadPart;
 
-	/* It shouldn't ever go backwards, but multiple CPUs might
-	 * be able to hit in the same tick.
-	 */
-	if ( count.QuadPart <= prevCount.QuadPart ) {
-		subs++;
-	} else {
-		subs = 0;
-		prevCount = count;
+		/* convert to microseconds */
+		t *= 1000000;
+		usec = t / cFreq.QuadPart;
+
+		offset = usec - st.wMilliseconds * 1000;
 	}
 
 	tm->tm_usub = subs;
 
 	/* convert to microseconds */
+	count.QuadPart %= cFreq.QuadPart;
 	count.QuadPart *= 1000000;
 	count.QuadPart /= cFreq.QuadPart;
 	count.QuadPart -= offset;
 
 	tm->tm_usec = count.QuadPart % 1000000;
+	if ( tm->tm_usec < 0 )
+		tm->tm_usec += 1000000;
 
 	/* any difference larger than microseconds is
 	 * already reflected in st
@@ -421,6 +439,21 @@
 	return a-1;
 }
 
+/* memcopy is like memcpy except it returns a pointer to the byte past
+ * the end of the result buffer, set to NULL. This allows fast construction
+ * of catenated buffers.  Provided for API consistency with lutil_str*copy().
+ */
+char *
+lutil_memcopy(
+	char *a,
+	const char *b,
+	size_t n
+)
+{
+	AC_MEMCPY(a, b, n);
+	return a + n;
+}
+
 #ifndef HAVE_MKSTEMP
 int mkstemp( char * template )
 {
@@ -677,7 +710,6 @@
 {
 	char *pin, *pout, ctmp;
 	char *end;
-	long l;
 	int i, chunk, len, rc = 0, hex = 0;
 	if ( !out || !out->bv_val || out->bv_len < in->bv_len )
 		return -1;
@@ -700,38 +732,40 @@
 	}
 	if ( hex ) {
 #define HEXMAX	(2 * sizeof(long))
+		unsigned long l;
 		/* Convert a longword at a time, but handle leading
 		 * odd bytes first
 		 */
-		chunk = len & (HEXMAX-1);
+		chunk = len % HEXMAX;
 		if ( !chunk )
 			chunk = HEXMAX;
 
 		while ( len ) {
+			int ochunk;
 			ctmp = pin[chunk];
 			pin[chunk] = '\0';
 			errno = 0;
-			l = strtol( pin, &end, 16 );
+			l = strtoul( pin, &end, 16 );
 			pin[chunk] = ctmp;
 			if ( errno )
 				return -1;
-			chunk++;
-			chunk >>= 1;
-			for ( i = chunk; i>=0; i-- ) {
+			ochunk = (chunk + 1)/2;
+			for ( i = ochunk - 1; i >= 0; i-- ) {
 				pout[i] = l & 0xff;
 				l >>= 8;
 			}
 			pin += chunk;
-			pout += sizeof(long);
+			pout += ochunk;
 			len -= chunk;
 			chunk = HEXMAX;
 		}
-		out->bv_len = pout + len - out->bv_val;
+		out->bv_len = pout - out->bv_val;
 	} else {
 	/* Decimal */
 		char tmpbuf[64], *tmp;
 		lutil_int_decnum num;
 		int neg = 0;
+		long l;
 
 		len = in->bv_len;
 		pin = in->bv_val;
@@ -921,7 +955,7 @@
 		*len = ret;
 	}
 
-	if ( ret >= bufsize ) {
+	if ( (unsigned) ret >= bufsize ) {
 		if ( next ) {
 			*next = &buf[ bufsize - 1 ];
 		}

Modified: openldap/vendor/openldap-release/libraries/liblutil/uuid.c
===================================================================
--- openldap/vendor/openldap-release/libraries/liblutil/uuid.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/liblutil/uuid.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* uuid.c -- Universally Unique Identifier routines */
-/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.28.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/liblutil/uuid.c,v 1.28.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/libraries/librewrite/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # LIBREWRITE
-# $OpenLDAP: pkg/ldap/libraries/librewrite/Makefile.in,v 1.14.2.3 2008/02/11 23:26:42 kurt Exp $
+# $OpenLDAP: pkg/ldap/libraries/librewrite/Makefile.in,v 1.14.2.4 2009/01/22 00:00:58 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/config.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/config.c,v 1.14.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/config.c,v 1.14.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/context.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/context.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/context.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/context.c,v 1.15.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/context.c,v 1.15.2.4 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/info.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/info.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/info.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/info.c,v 1.15.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/info.c,v 1.15.2.5 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -216,7 +216,7 @@
 
 		case REWRITE_MODE_COPY_INPUT:
 			*result = strdup( string );
-			rc = REWRITE_REGEXEC_OK;
+			rc = ( *result != NULL ) ? REWRITE_REGEXEC_OK : REWRITE_REGEXEC_ERR;
 			goto rc_return;
 
 		case REWRITE_MODE_USE_DEFAULT:

Modified: openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/ldapmap.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/ldapmap.c,v 1.12.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/ldapmap.c,v 1.12.2.5 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/map.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/map.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/map.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/map.c,v 1.21.2.4 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/map.c,v 1.21.2.6 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -88,6 +88,9 @@
 	 */
 	l = p - string - 1;
 	s = calloc( sizeof( char ), l + 1 );
+	if ( s == NULL ) {
+		return NULL;
+	}
 	AC_MEMCPY( s, string, l );
 	s[ l ] = 0;
 
@@ -231,6 +234,10 @@
 		 */
 		map->lm_type = REWRITE_MAP_SUBCONTEXT;
 		map->lm_name = strdup( s + 1 );
+		if ( map->lm_name == NULL ) {
+			rc = -1;
+			goto cleanup;
+		}
 		map->lm_data = rewrite_context_find( info, s + 1 );
 		if ( map->lm_data == NULL ) {
 			rc = -1;
@@ -266,6 +273,10 @@
 				map->lm_name = strdup( s + 1 );
 			}
 		}
+		if ( map->lm_name == NULL ) {
+			rc = -1;
+			goto cleanup;
+		}
 		break;
 	
 	/*
@@ -279,6 +290,10 @@
 			map->lm_type = REWRITE_MAP_GET_OP_VAR;
 			map->lm_name = strdup( s + 1 );
 		}
+		if ( map->lm_name == NULL ) {
+			rc = -1;
+			goto cleanup;
+		}
 		break;
 	
 	/*
@@ -287,6 +302,10 @@
 	case REWRITE_OPERATOR_PARAM_GET:		/* '$' */
 		map->lm_type = REWRITE_MAP_GET_PARAM;
 		map->lm_name = strdup( s + 1 );
+		if ( map->lm_name == NULL ) {
+			rc = -1;
+			goto cleanup;
+		}
 		break;
 	
 	/*
@@ -295,6 +314,10 @@
 	default:
 		map->lm_type = REWRITE_MAP_BUILTIN;
 		map->lm_name = strdup( s );
+		if ( map->lm_name == NULL ) {
+			rc = -1;
+			goto cleanup;
+		}
 		map->lm_data = rewrite_builtin_map_find( info, s );
 		if ( map->lm_data == NULL ) {
 			rc = -1;
@@ -372,11 +395,16 @@
 		rc = rewrite_var_set( &op->lo_vars, map->lm_name,
 				key->bv_val, 1 )
 			? REWRITE_SUCCESS : REWRITE_ERR;
-		if ( map->lm_type == REWRITE_MAP_SET_OP_VAR ) {
-			val->bv_val = strdup( "" );
-		} else {
-			val->bv_val = strdup( key->bv_val );
-			val->bv_len = key->bv_len;
+		if ( rc == REWRITE_SUCCESS ) {
+			if ( map->lm_type == REWRITE_MAP_SET_OP_VAR ) {
+				val->bv_val = strdup( "" );
+			} else {
+				val->bv_val = strdup( key->bv_val );
+				val->bv_len = key->bv_len;
+			}
+			if ( val->bv_val == NULL ) {
+				rc = REWRITE_ERR;
+			}
 		}
 		break;
 	
@@ -389,6 +417,9 @@
 		} else {
 			val->bv_val = strdup( var->lv_value.bv_val );
 			val->bv_len = var->lv_value.bv_len;
+			if ( val->bv_val == NULL ) {
+				rc = REWRITE_ERR;
+			}
 		}
 		break;	
 	}
@@ -401,11 +432,16 @@
 		}
 		rc = rewrite_session_var_set( info, op->lo_cookie, 
 				map->lm_name, key->bv_val );
-		if ( map->lm_type == REWRITE_MAP_SET_SESN_VAR ) {
-			val->bv_val = strdup( "" );
-		} else {
-			val->bv_val = strdup( key->bv_val );
-			val->bv_len = key->bv_len;
+		if ( rc == REWRITE_SUCCESS ) {
+			if ( map->lm_type == REWRITE_MAP_SET_SESN_VAR ) {
+				val->bv_val = strdup( "" );
+			} else {
+				val->bv_val = strdup( key->bv_val );
+				val->bv_len = key->bv_len;
+			}
+			if ( val->bv_val == NULL ) {
+				rc = REWRITE_ERR;
+			}
 		}
 		break;
 

Modified: openldap/vendor/openldap-release/libraries/librewrite/params.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/params.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/params.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/params.c,v 1.9.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/params.c,v 1.9.2.5 2009/01/22 00:00:58 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,6 +32,7 @@
 )
 {
 	struct rewrite_var *var;
+	int rc = REWRITE_SUCCESS;
 
 	assert( info != NULL );
 	assert( name != NULL );
@@ -47,21 +48,20 @@
 		free( var->lv_value.bv_val );
 		var->lv_value.bv_val = strdup( value );
 		var->lv_value.bv_len = strlen( value );
+
 	} else {
 		var = rewrite_var_insert( &info->li_params, name, value );
-		if ( var == NULL ) {
-#ifdef USE_REWRITE_LDAP_PVT_THREADS
-			ldap_pvt_thread_rdwr_wunlock( &info->li_params_mutex );
-#endif /* USE_REWRITE_LDAP_PVT_THREADS */
-			return REWRITE_ERR;
-		}
 	}
+
+	if ( var == NULL || var->lv_value.bv_val == NULL ) {
+		rc = REWRITE_ERR;
+	}
 	
 #ifdef USE_REWRITE_LDAP_PVT_THREADS
 	ldap_pvt_thread_rdwr_wunlock( &info->li_params_mutex );
 #endif /* USE_REWRITE_LDAP_PVT_THREADS */
 
-	return REWRITE_SUCCESS;
+	return rc;
 }
 
 /*
@@ -75,6 +75,7 @@
 )
 {
 	struct rewrite_var *var;
+	int rc = REWRITE_SUCCESS;
 
 	assert( info != NULL );
 	assert( name != NULL );
@@ -88,22 +89,19 @@
 #endif /* USE_REWRITE_LDAP_PVT_THREADS */
 	
 	var = rewrite_var_find( info->li_params, name );
-	if ( var == NULL ) {
-		
-#ifdef USE_REWRITE_LDAP_PVT_THREADS
-		ldap_pvt_thread_rdwr_runlock( &info->li_params_mutex );
-#endif /* USE_REWRITE_LDAP_PVT_THREADS */
-		
-		return REWRITE_ERR;
-	} else {
+	if ( var != NULL ) {
 		value->bv_val = strdup( var->lv_value.bv_val );
 		value->bv_len = var->lv_value.bv_len;
 	}
+
+	if ( var == NULL || value->bv_val == NULL ) {
+		rc = REWRITE_ERR;
+	}
 	
 #ifdef USE_REWRITE_LDAP_PVT_THREADS
-        ldap_pvt_thread_rdwr_runlock( &info->li_params_mutex );
+	ldap_pvt_thread_rdwr_runlock( &info->li_params_mutex );
 #endif /* USE_REWRITE_LDAP_PVT_THREADS */
-	
+
 	return REWRITE_SUCCESS;
 }
 

Modified: openldap/vendor/openldap-release/libraries/librewrite/parse.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/parse.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/parse.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/parse.c,v 1.9.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/parse.c,v 1.9.2.4 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite-int.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.20.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-int.h,v 1.20.2.4 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite-map.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-map.h,v 1.7.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite-map.h,v 1.7.2.4 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rewrite.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rewrite.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/rewrite.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite.c,v 1.16.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rewrite.c,v 1.16.2.4 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/libraries/librewrite/rule.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/rule.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/rule.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/rule.c,v 1.23.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/rule.c,v 1.23.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -336,7 +336,6 @@
 	 * REGEX compilation (luckily I don't need to take care of this ...)
 	 */
 	if ( regcomp( &rule->lr_regex, ( char * )pattern, flags ) != 0 ) {
-		free( rule );
 		goto fail;
 	}
 	
@@ -346,6 +345,12 @@
 	rule->lr_pattern = strdup( pattern );
 	rule->lr_subststring = strdup( result );
 	rule->lr_flagstring = strdup( flagstring );
+	if ( rule->lr_pattern == NULL
+		|| rule->lr_subststring == NULL
+		|| rule->lr_flagstring == NULL )
+	{
+		goto fail;
+	}
 	
 	/*
 	 * Load compiled data into rule
@@ -368,6 +373,12 @@
 	return REWRITE_SUCCESS;
 
 fail:
+	if ( rule ) {
+		if ( rule->lr_pattern ) free( rule->lr_pattern );
+		if ( rule->lr_subststring ) free( rule->lr_subststring );
+		if ( rule->lr_flagstring ) free( rule->lr_flagstring );
+		free( rule );
+	}
 	destroy_actions( first_action );
 	free( subst );
 	return REWRITE_ERR;

Modified: openldap/vendor/openldap-release/libraries/librewrite/session.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/session.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/session.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/session.c,v 1.19.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/session.c,v 1.19.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -256,6 +256,7 @@
 {
 	struct rewrite_session *session;
 	struct rewrite_var *var;
+	int rc = REWRITE_SUCCESS;
 
 	assert( info != NULL );
 	assert( cookie != NULL );
@@ -279,27 +280,22 @@
 #endif /* USE_REWRITE_LDAP_PVT_THREADS */
 	
 	var = rewrite_var_find( session->ls_vars, name );
-	if ( var == NULL ) {
-		
-#ifdef USE_REWRITE_LDAP_PVT_THREADS
-	        ldap_pvt_thread_rdwr_runlock( &session->ls_vars_mutex );
-#endif /* USE_REWRITE_LDAP_PVT_THREADS */
-
-		rewrite_session_return( info, session );
-
-		return REWRITE_ERR;
-	} else {
+	if ( var != NULL ) {
 		value->bv_val = strdup( var->lv_value.bv_val );
 		value->bv_len = var->lv_value.bv_len;
 	}
-	
+
+	if ( var == NULL || value->bv_val == NULL ) {
+		rc = REWRITE_ERR;
+	}
+
 #ifdef USE_REWRITE_LDAP_PVT_THREADS
         ldap_pvt_thread_rdwr_runlock( &session->ls_vars_mutex );
 #endif /* USE_REWRITE_LDAP_PVT_THREADS */
 
 	rewrite_session_return( info, session );
-	
-	return REWRITE_SUCCESS;
+
+	return rc;
 }
 
 static void

Modified: openldap/vendor/openldap-release/libraries/librewrite/subst.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/subst.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/subst.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/subst.c,v 1.22.2.3 2008/02/11 23:26:42 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/subst.c,v 1.22.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -193,6 +193,10 @@
 		subs_len += l;
 		subs[ nsub ].bv_len = l;
 		subs[ nsub ].bv_val = malloc( l + 1 );
+		if ( subs[ nsub ].bv_val == NULL ) {
+			free( subs );
+			goto cleanup;
+		}
 		AC_MEMCPY( subs[ nsub ].bv_val, begin, l );
 		subs[ nsub ].bv_val[ l ] = '\0';
 	} else {

Modified: openldap/vendor/openldap-release/libraries/librewrite/var.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/var.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/var.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/var.c,v 1.13.2.3 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/var.c,v 1.13.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -123,8 +123,12 @@
 		int flags
 )
 {
-	ber_len_t	len = strlen( value );
+	ber_len_t	len;
 
+	assert( value != NULL );
+
+	len = strlen( value );
+
 	if ( var->lv_flags & REWRITE_VAR_COPY_VALUE ) {
 		if ( flags & REWRITE_VAR_COPY_VALUE ) {
 			if ( len <= var->lv_value.bv_len ) {
@@ -151,6 +155,10 @@
 		}
 	}
 
+	if ( var->lv_value.bv_val == NULL ) {
+		return -1;
+	}
+
 	var->lv_value.bv_len = len;
 
 	return 0;

Modified: openldap/vendor/openldap-release/libraries/librewrite/xmap.c
===================================================================
--- openldap/vendor/openldap-release/libraries/librewrite/xmap.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/libraries/librewrite/xmap.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/libraries/librewrite/xmap.c,v 1.12.2.3 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/libraries/librewrite/xmap.c,v 1.12.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -74,6 +74,10 @@
 	if ( strncasecmp(s, "xpasswd", 7 ) == 0 ) {
 		map->lm_type = REWRITE_MAP_XPWDMAP;
 		map->lm_name = strdup( "xpasswd" );
+		if ( map->lm_name == NULL ) {
+			free( map );
+			return NULL;
+		}
 
 		assert( s[7] == '}' );
 		*currpos = s + 8;
@@ -123,6 +127,10 @@
 
 		l = p - s - c;
 		filename = calloc( sizeof( char ), l + 1 );
+		if ( filename == NULL ) {
+			free( map );
+			return NULL;
+		}
 		AC_MEMCPY( filename, s + c, l );
 		filename[ l ] = '\0';
 		
@@ -177,6 +185,10 @@
 		 */
 		l = p - s - c;
 		url = calloc( sizeof( char ), l + 3 );
+		if ( url == NULL ) {
+			free( map );
+			return NULL;
+		}
 		AC_MEMCPY( url, s + c, l );
 		url[ l ] = '\0';
 
@@ -269,15 +281,6 @@
 			int l = strlen( pwd->pw_gecos );
 			
 			val->bv_val = strdup( pwd->pw_gecos );
-			if ( val->bv_val == NULL ) {
-
-#ifdef USE_REWRITE_LDAP_PVT_THREADS
-		                ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
-#endif /* USE_REWRITE_LDAP_PVT_THREADS */
-
-				rc = REWRITE_ERR;
-				break;
-			}
 			val->bv_len = l;
 		} else
 #endif /* HAVE_STRUCT_PASSWD_PW_GECOS */
@@ -289,7 +292,10 @@
 #ifdef USE_REWRITE_LDAP_PVT_THREADS
 		ldap_pvt_thread_mutex_unlock( &xpasswd_mutex );
 #endif /* USE_REWRITE_LDAP_PVT_THREADS */
-			
+
+		if ( val->bv_val == NULL ) {
+			rc = REWRITE_ERR;
+		}
 		break;
 	}
 #endif /* HAVE_GETPWNAM*/
@@ -400,32 +406,28 @@
 		}
 		if ( attrsonly == 1 ) {
 			val->bv_val = ldap_get_dn( ld, entry );
-			if ( val->bv_val == NULL ) {
-				ldap_msgfree( res );
-                                ldap_unbind( ld );
-                                rc = REWRITE_ERR;
-                                goto rc_return;
-                        }
+
 		} else {
 			values = ldap_get_values( ld, entry,
 					lud->lud_attrs[0] );
-			if ( values == NULL ) {
-				ldap_msgfree( res );
-				ldap_unbind( ld );
-				rc = REWRITE_ERR;
-				goto rc_return;
+			if ( values != NULL ) {
+				val->bv_val = strdup( values[ 0 ] );
+				ldap_value_free( values );
 			}
-			val->bv_val = strdup( values[ 0 ] );
-			ldap_value_free( values );
 		}
-		val->bv_len = strlen( val->bv_val );
 
 		ldap_msgfree( res );
 		ldap_unbind( ld );
 		
+		if ( val->bv_val == NULL ) {
+			rc = REWRITE_ERR;
+			goto rc_return;
+		}
+		val->bv_len = strlen( val->bv_val );
+
 		rc = REWRITE_SUCCESS;
+	} break;
 	}
-	}
 
 rc_return:;
 	return rc;

Modified: openldap/vendor/openldap-release/servers/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # servers Makefile.in for OpenLDAP
-# $OpenLDAP: pkg/ldap/servers/Makefile.in,v 1.12.2.3 2008/02/11 23:26:43 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/Makefile.in,v 1.12.2.4 2009/01/22 00:00:59 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 ## Makefile.in for slapd
-# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.186.2.6 2008/02/11 23:26:43 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/Makefile.in,v 1.186.2.7 2009/01/22 00:00:59 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/abandon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/abandon.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/abandon.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* abandon.c - decode and handle an ldap abandon operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.52.2.4 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/abandon.c,v 1.52.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/aci.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/aci.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/aci.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* aci.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/aci.c,v 1.14.2.6 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aci.c,v 1.14.2.11 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -345,9 +345,12 @@
 			continue;
 		}
 
-		found = 1;
 		*mask |= aci_list_get_attr_rights( &perm, attr, val );
 		*mask |= aci_list_get_attr_rights( &perm, &aci_bv[ ACI_BV_BR_ALL ], NULL );
+
+		if ( *mask != ACL_PRIV_NONE ) { 
+			found = 1;
+		}
 	}
 
 	return found;
@@ -397,11 +400,15 @@
 	if ( grp_oc != NULL && grp_ad != NULL ) {
 		char		buf[ ACI_BUF_SIZE ];
 		struct berval	bv, ndn;
+		AclRegexMatches amatches = { 0 };
 
+		amatches.dn_count = nmatch;
+		AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) );
+
 		bv.bv_len = sizeof( buf ) - 1;
 		bv.bv_val = (char *)&buf;
 		if ( acl_string_expand( &bv, &subjdn,
-				e->e_ndn, nmatch, matches ) )
+				&e->e_nname, NULL, &amatches ) )
 		{
 			rc = LDAP_OTHER;
 			goto done;
@@ -439,8 +446,10 @@
 				opts,
 				sdn;
 	int			rc;
-		
 
+	ACL_INIT( *grant );
+	ACL_INIT( *deny );
+
 	assert( !BER_BVISNULL( &desc->ad_cname ) );
 
 	/* parse an aci of the form:
@@ -1038,7 +1047,7 @@
 OpenLDAPaciValidatePerms(
 	struct berval *perms ) 
 {
-	int		i;
+	ber_len_t	i;
 
 	for ( i = 0; i < perms->bv_len; ) {
 		switch ( perms->bv_val[ i ] ) {
@@ -1738,6 +1747,12 @@
 		}
 
 		nsubject = ad->ad_cname;
+
+	} else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET ]
+		|| OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET_REF ] )
+	{
+		/* NOTE: dunno how to normalize it... */
+		nsubject = subject;
 	}
 
 

Modified: openldap/vendor/openldap-release/servers/slapd/acl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/acl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/acl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* acl.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.303.2.16 2008/05/20 00:08:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/acl.c,v 1.303.2.22 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52,7 +52,7 @@
 	Operation *op, Entry *e,
 	AttributeDescription *desc,
 	struct berval *val,
-	int nmatch, regmatch_t *matches,
+	AclRegexMatches *matches,
 	AccessControlState *state );
 
 static slap_control_t slap_acl_mask(
@@ -60,14 +60,15 @@
 	Operation *op, Entry *e,
 	AttributeDescription *desc,
 	struct berval *val,
-	int nmatch,
-	regmatch_t *matches,
+	AclRegexMatches *matches,
 	int count,
-	AccessControlState *state );
+	AccessControlState *state,
+	slap_access_t access );
 
 static int	regex_matches(
-	struct berval *pat, char *str, char *buf,
-	int nmatch, regmatch_t *matches);
+	struct berval *pat, char *str,
+	struct berval *dn_matches, struct berval *val_matches,
+	AclRegexMatches *matches);
 
 typedef	struct AclSetCookie {
 	SetCookie	asc_cookie;
@@ -75,6 +76,7 @@
 	Entry		*asc_e;
 } AclSetCookie;
 
+
 SLAP_SET_GATHER acl_set_gather;
 SLAP_SET_GATHER acl_set_gather2;
 
@@ -115,6 +117,17 @@
 	return 1;
 }
 
+#define MATCHES_DNMAXCOUNT(m) 					\
+	( sizeof ( (m)->dn_data ) / sizeof( *(m)->dn_data ) )
+#define MATCHES_VALMAXCOUNT(m) 					\
+	( sizeof ( (m)->val_data ) / sizeof( *(m)->val_data ) )
+#define MATCHES_MEMSET(m) do {					\
+	memset( (m)->dn_data, '\0', sizeof( (m)->dn_data ) );	\
+	memset( (m)->val_data, '\0', sizeof( (m)->val_data ) );	\
+	(m)->dn_count = MATCHES_DNMAXCOUNT( (m) );		\
+	(m)->val_count = MATCHES_VALMAXCOUNT( (m) );		\
+} while ( 0 /* CONSTCOND */ )
+
 int
 slap_access_allowed(
 	Operation		*op,
@@ -136,7 +149,8 @@
 	slap_control_t			control;
 	slap_access_t			access_level;
 	const char			*attr;
-	regmatch_t			matches[MAXREMATCHES];
+	AclRegexMatches			matches;
+	AccessControlState		acl_state = ACL_STATE_INIT;
 
 	assert( op != NULL );
 	assert( e != NULL );
@@ -178,7 +192,7 @@
 	}
 
 	/* use backend default access if no backend acls */
-	if ( op->o_bd->be_acl == NULL ) {
+	if ( op->o_bd->be_acl == NULL && frontendDB->be_acl == NULL ) {
 		int	i;
 
 		Debug( LDAP_DEBUG_ACL,
@@ -200,35 +214,70 @@
 	ret = 0;
 	control = ACL_BREAK;
 
-	if ( state && state->as_vd_ad == desc ) {
+	if ( state == NULL )
+		state = &acl_state;
+	if ( state->as_vd_ad == desc ) {
 		a = state->as_vd_acl;
 		count = state->as_vd_acl_count;
+		if ( state->as_fe_done )
+			state->as_fe_done--;
+	} else {
+		state->as_vi_acl = NULL;
 
-	} else {
-		if ( state ) state->as_vi_acl = NULL;
 		a = NULL;
 		count = 0;
 	}
+	if ( a == NULL )
+		state->as_fe_done = 0;
+
 	ACL_PRIV_ASSIGN( mask, *maskp );
-	memset( matches, '\0', sizeof( matches ) );
+	MATCHES_MEMSET( &matches );
 
 	while ( ( a = slap_acl_get( a, &count, op, e, desc, val,
-		MAXREMATCHES, matches, state ) ) != NULL )
+		&matches, state ) ) != NULL )
 	{
-		int i;
+		int i; 
+		int dnmaxcount = MATCHES_DNMAXCOUNT( &matches );
+		int valmaxcount = MATCHES_VALMAXCOUNT( &matches );
+		regmatch_t *dn_data = matches.dn_data;
+		regmatch_t *val_data = matches.val_data;
 
-		for ( i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++ ) {
-			Debug( LDAP_DEBUG_ACL, "=> match[%d]: %d %d ", i,
-				(int)matches[i].rm_so, (int)matches[i].rm_eo );
-			if ( matches[i].rm_so <= matches[0].rm_eo ) {
+		/* DN matches */
+		for ( i = 0; i < dnmaxcount && dn_data[i].rm_eo > 0; i++ ) {
+			char *data = e->e_ndn;
+
+			Debug( LDAP_DEBUG_ACL, "=> match[dn%d]: %d %d ", i,
+				(int)dn_data[i].rm_so, 
+				(int)dn_data[i].rm_eo );
+			if ( dn_data[i].rm_so <= dn_data[0].rm_eo ) {
 				int n;
-				for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++ ) {
-					Debug( LDAP_DEBUG_ACL, "%c", e->e_ndn[n], 0, 0 );
+				for ( n = dn_data[i].rm_so; 
+				      n < dn_data[i].rm_eo; n++ ) {
+					Debug( LDAP_DEBUG_ACL, "%c", 
+					       data[n], 0, 0 );
 				}
 			}
-			Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+			Debug( LDAP_DEBUG_ACL, "\n", 0, 0, 0 );
 		}
 
+		/* val matches */
+		for ( i = 0; i < valmaxcount && val_data[i].rm_eo > 0; i++ ) {
+			char *data = val->bv_val;
+
+			Debug( LDAP_DEBUG_ACL, "=> match[val%d]: %d %d ", i,
+				(int)val_data[i].rm_so, 
+				(int)val_data[i].rm_eo );
+			if ( val_data[i].rm_so <= val_data[0].rm_eo ) {
+				int n;
+				for ( n = val_data[i].rm_so; 
+				      n < val_data[i].rm_eo; n++ ) {
+					Debug( LDAP_DEBUG_ACL, "%c", 
+					       data[n], 0, 0 );
+				}
+			}
+			Debug( LDAP_DEBUG_ACL, "\n", 0, 0, 0 );
+		}
+
 		if ( state ) {
 			if ( state->as_vi_acl == a &&
 				( state->as_recorded & ACL_STATE_RECORDED_NV ) )
@@ -246,13 +295,13 @@
 		}
 
 		control = slap_acl_mask( a, &mask, op,
-			e, desc, val, MAXREMATCHES, matches, count, state );
+			e, desc, val, &matches, count, state, access );
 
 		if ( control != ACL_BREAK ) {
 			break;
 		}
 
-		memset( matches, '\0', sizeof( matches ) );
+		MATCHES_MEMSET( &matches );
 	}
 
 	if ( ACL_IS_INVALID( mask ) ) {
@@ -464,24 +513,24 @@
 	Entry		*e,
 	AttributeDescription *desc,
 	struct berval	*val,
-	int			nmatch,
-	regmatch_t	*matches,
+	AclRegexMatches	*matches,
 	AccessControlState *state )
 {
 	const char *attr;
-	int dnlen, patlen;
+	ber_len_t dnlen;
 	AccessControl *prev;
 
 	assert( e != NULL );
 	assert( count != NULL );
 	assert( desc != NULL );
+	assert( state != NULL );
 
 	attr = desc->ad_cname.bv_val;
 
 	assert( attr != NULL );
 
 	if( a == NULL ) {
-		if( op->o_bd == NULL ) {
+		if( op->o_bd == NULL || op->o_bd->be_acl == NULL ) {
 			a = frontendDB->be_acl;
 		} else {
 			a = op->o_bd->be_acl;
@@ -489,7 +538,8 @@
 		prev = NULL;
 
 		assert( a != NULL );
-
+		if ( a == frontendDB->be_acl )
+			state->as_fe_done = 1;
 	} else {
 		prev = a;
 		a = a->acl_next;
@@ -497,17 +547,26 @@
 
 	dnlen = e->e_nname.bv_len;
 
+ retry:
 	for ( ; a != NULL; prev = a, a = a->acl_next ) {
 		(*count) ++;
 
+		if ( a != frontendDB->be_acl && state->as_fe_done )
+			state->as_fe_done++;
+
 		if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX )) {
 			if ( a->acl_dn_style == ACL_STYLE_REGEX ) {
 				Debug( LDAP_DEBUG_ACL, "=> dnpat: [%d] %s nsub: %d\n", 
 					*count, a->acl_dn_pat.bv_val, (int) a->acl_dn_re.re_nsub );
-				if (regexec(&a->acl_dn_re, e->e_ndn, nmatch, matches, 0))
+				if ( regexec ( &a->acl_dn_re, 
+					       e->e_ndn, 
+				 	       matches->dn_count, 
+					       matches->dn_data, 0 ) )
 					continue;
 
 			} else {
+				ber_len_t patlen;
+
 				Debug( LDAP_DEBUG_ACL, "=> dn: [%d] %s\n", 
 					*count, a->acl_dn_pat.bv_val, 0 );
 				patlen = a->acl_dn_pat.bv_len;
@@ -521,7 +580,7 @@
 
 				} else if ( a->acl_dn_style == ACL_STYLE_ONE ) {
 					ber_len_t	rdnlen = 0;
-					int		sep = 0;
+					ber_len_t	sep = 0;
 
 					if ( dnlen <= patlen )
 						continue;
@@ -533,7 +592,7 @@
 					}
 
 					rdnlen = dn_rdnlen( NULL, &e->e_nname );
-					if ( rdnlen != dnlen - patlen - sep )
+					if ( rdnlen + patlen + sep != dnlen )
 						continue;
 
 				} else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
@@ -556,7 +615,10 @@
 		}
 
 		if ( a->acl_attrs && !ad_inlist( desc, a->acl_attrs ) ) {
-			matches[0].rm_so = matches[0].rm_eo = -1;
+			matches->dn_data[0].rm_so = -1;
+			matches->dn_data[0].rm_eo = -1;
+			matches->val_data[0].rm_so = -1;
+			matches->val_data[0].rm_eo = -1;
 			continue;
 		}
 
@@ -566,7 +628,7 @@
 				continue;
 			}
 
-			if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) {
+			if( !( state->as_recorded & ACL_STATE_RECORDED_VD )) {
 				state->as_recorded |= ACL_STATE_RECORDED_VD;
 				state->as_vd_acl = prev;
 				state->as_vd_acl_count = *count - 1;
@@ -576,7 +638,10 @@
 				Debug( LDAP_DEBUG_ACL,
 					"acl_get: valpat %s\n",
 					a->acl_attrval.bv_val, 0, 0 );
-				if ( regexec( &a->acl_attrval_re, val->bv_val, 0, NULL, 0 ) )
+				if ( regexec ( &a->acl_attrval_re, 
+						    val->bv_val, 
+						    matches->val_count, 
+						    matches->val_data, 0 ) )
 				{
 					continue;
 				}
@@ -596,7 +661,7 @@
 						continue;
 					
 				} else {
-					int		patlen, vdnlen;
+					ber_len_t	patlen, vdnlen;
 	
 					patlen = a->acl_attrval.bv_len;
 					vdnlen = val->bv_len;
@@ -615,7 +680,7 @@
 							continue;
 	
 						rdnlen = dn_rdnlen( NULL, val );
-						if ( rdnlen != vdnlen - patlen - 1 )
+						if ( rdnlen + patlen + 1 != vdnlen )
 							continue;
 	
 					} else if ( a->acl_attrval_style == ACL_STYLE_SUBTREE ) {
@@ -648,6 +713,12 @@
 		return a;
 	}
 
+	if ( !state->as_fe_done ) {
+		state->as_fe_done = 1;
+		a = frontendDB->be_acl;
+		goto retry;
+	}
+
 	Debug( LDAP_DEBUG_ACL, "<= acl_get: done.\n", 0, 0, 0 );
 	return( NULL );
 }
@@ -667,11 +738,9 @@
 acl_mask_dn(
 	Operation		*op,
 	Entry			*e,
-	AttributeDescription	*desc,
 	struct berval		*val,
 	AccessControl		*a,
-	int			nmatch,
-	regmatch_t		*matches,
+	AclRegexMatches		*matches,
 	slap_dn_access		*bdn,
 	struct berval		*opndn )
 {
@@ -730,35 +799,38 @@
 
 	} else if ( bdn->a_style == ACL_STYLE_REGEX ) {
 		if ( !ber_bvccmp( &bdn->a_pat, '*' ) ) {
-			int		tmp_nmatch;
-			regmatch_t	tmp_matches[2],
-					*tmp_matchesp = tmp_matches;
-
+			AclRegexMatches	tmp_matches,
+					*tmp_matchesp = &tmp_matches;
 			int		rc = 0;
+			regmatch_t 	*tmp_data;
 
-			switch ( a->acl_dn_style ) {
+			MATCHES_MEMSET( &tmp_matches );
+			tmp_data = &tmp_matches.dn_data[0];
+
+			if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+				tmp_matchesp = matches;
+			else switch ( a->acl_dn_style ) {
 			case ACL_STYLE_REGEX:
 				if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
-					tmp_matchesp = matches;
-					tmp_nmatch = nmatch;
+					tmp_matchesp = matches; 
 					break;
 				}
 			/* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
 
 			case ACL_STYLE_BASE:
-				tmp_matches[0].rm_so = 0;
-				tmp_matches[0].rm_eo = e->e_nname.bv_len;
-				tmp_nmatch = 1;
+				tmp_data[0].rm_so = 0;
+				tmp_data[0].rm_eo = e->e_nname.bv_len;
+				tmp_matches.dn_count = 1;
 				break;
 
 			case ACL_STYLE_ONE:
 			case ACL_STYLE_SUBTREE:
 			case ACL_STYLE_CHILDREN:
-				tmp_matches[0].rm_so = 0;
-				tmp_matches[0].rm_eo = e->e_nname.bv_len;
-				tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
-				tmp_matches[1].rm_eo = e->e_nname.bv_len;
-				tmp_nmatch = 2;
+				tmp_data[0].rm_so = 0;
+				tmp_data[0].rm_eo = e->e_nname.bv_len;
+				tmp_data[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+				tmp_data[1].rm_eo = e->e_nname.bv_len;
+				tmp_matches.dn_count = 2;
 				break;
 
 			default:
@@ -772,7 +844,7 @@
 			}
 
 			if ( !regex_matches( &bdn->a_pat, opndn->bv_val,
-				e->e_ndn, tmp_nmatch, tmp_matchesp ) )
+				&e->e_nname, NULL, tmp_matchesp ) )
 			{
 				return 1;
 			}
@@ -790,38 +862,42 @@
 			struct berval	bv;
 			char		buf[ACL_BUF_SIZE];
 			
-			int		tmp_nmatch;
-			regmatch_t	tmp_matches[2],
-					*tmp_matchesp = tmp_matches;
-
+			AclRegexMatches	tmp_matches,
+					*tmp_matchesp = &tmp_matches;
 			int		rc = 0;
+			regmatch_t 	*tmp_data;
 
+			MATCHES_MEMSET( &tmp_matches );
+			tmp_data = &tmp_matches.dn_data[0];
+
 			bv.bv_len = sizeof( buf ) - 1;
 			bv.bv_val = buf;
 
-			switch ( a->acl_dn_style ) {
+			/* Expand value regex */
+			if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+				tmp_matchesp = matches;
+			else switch ( a->acl_dn_style ) {
 			case ACL_STYLE_REGEX:
 				if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
 					tmp_matchesp = matches;
-					tmp_nmatch = nmatch;
 					break;
 				}
 			/* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
 
 			case ACL_STYLE_BASE:
-				tmp_matches[0].rm_so = 0;
-				tmp_matches[0].rm_eo = e->e_nname.bv_len;
-				tmp_nmatch = 1;
+				tmp_data[0].rm_so = 0;
+				tmp_data[0].rm_eo = e->e_nname.bv_len;
+				tmp_matches.dn_count = 1;
 				break;
 
 			case ACL_STYLE_ONE:
 			case ACL_STYLE_SUBTREE:
 			case ACL_STYLE_CHILDREN:
-				tmp_matches[0].rm_so = 0;
-				tmp_matches[0].rm_eo = e->e_nname.bv_len;
-				tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
-				tmp_matches[1].rm_eo = e->e_nname.bv_len;
-				tmp_nmatch = 2;
+				tmp_data[0].rm_so = 0;
+				tmp_data[0].rm_eo = e->e_nname.bv_len;
+				tmp_data[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+				tmp_data[1].rm_eo = e->e_nname.bv_len;
+				tmp_matches.dn_count = 2;
 				break;
 
 			default:
@@ -835,8 +911,8 @@
 			}
 
 			if ( acl_string_expand( &bv, &bdn->a_pat, 
-					e->e_nname.bv_val,
-					tmp_nmatch, tmp_matchesp ) )
+						&e->e_nname, 
+						val, tmp_matchesp ) )
 			{
 				return 1;
 			}
@@ -946,9 +1022,6 @@
 	Entry			*e,
 	struct berval		*val,
 	AccessControl		*a,
-	Access			*b,
-	int			i,
-	regmatch_t		*matches,
 	int			count,
 	AccessControlState	*state,
 	slap_dn_access		*bdn,
@@ -1050,10 +1123,10 @@
 	Entry			*e,
 	AttributeDescription	*desc,
 	struct berval		*val,
-	int			nmatch,
-	regmatch_t		*matches,
+	AclRegexMatches		*matches,
 	int			count,
-	AccessControlState	*state )
+	AccessControlState	*state,
+	slap_access_t	access )
 {
 	int		i;
 	Access		*b;
@@ -1061,7 +1134,9 @@
 	char		accessmaskbuf[ACCESSMASK_MAXLEN];
 #endif /* DEBUG */
 	const char	*attr;
-	slap_mask_t	a2pmask = ACL_ACCESS2PRIV( *mask );
+#ifdef SLAP_DYNACL
+	slap_mask_t	a2pmask = ACL_ACCESS2PRIV( access );
+#endif /* SLAP_DYNACL */
 
 	assert( a != NULL );
 	assert( mask != NULL );
@@ -1106,7 +1181,7 @@
 			 * is maintained in a_dn_pat.
 			 */
 
-			if ( acl_mask_dn( op, e, desc, val, a, nmatch, matches,
+			if ( acl_mask_dn( op, e, val, a, matches,
 				&b->a_dn, &op->o_ndn ) )
 			{
 				continue;
@@ -1137,7 +1212,7 @@
 				ndn = op->o_ndn;
 			}
 
-			if ( acl_mask_dn( op, e, desc, val, a, nmatch, matches,
+			if ( acl_mask_dn( op, e, val, a, matches,
 				&b->a_realdn, &ndn ) )
 			{
 				continue;
@@ -1153,8 +1228,8 @@
 
 			if ( !ber_bvccmp( &b->a_sockurl_pat, '*' ) ) {
 				if ( b->a_sockurl_style == ACL_STYLE_REGEX) {
-					if (!regex_matches( &b->a_sockurl_pat, op->o_conn->c_listener_url.bv_val,
-							e->e_ndn, nmatch, matches ) ) 
+					if ( !regex_matches( &b->a_sockurl_pat, op->o_conn->c_listener_url.bv_val,
+							&e->e_nname, val, matches ) ) 
 					{
 						continue;
 					}
@@ -1165,8 +1240,7 @@
 
 					bv.bv_len = sizeof( buf ) - 1;
 					bv.bv_val = buf;
-					if ( acl_string_expand( &bv, &b->a_sockurl_pat,
-							e->e_ndn, nmatch, matches ) )
+					if ( acl_string_expand( &bv, &b->a_sockurl_pat, &e->e_nname, val, matches ) )
 					{
 						continue;
 					}
@@ -1193,8 +1267,8 @@
 				b->a_domain_pat.bv_val, 0, 0 );
 			if ( !ber_bvccmp( &b->a_domain_pat, '*' ) ) {
 				if ( b->a_domain_style == ACL_STYLE_REGEX) {
-					if (!regex_matches( &b->a_domain_pat, op->o_conn->c_peer_domain.bv_val,
-							e->e_ndn, nmatch, matches ) ) 
+					if ( !regex_matches( &b->a_domain_pat, op->o_conn->c_peer_domain.bv_val,
+							&e->e_nname, val, matches ) ) 
 					{
 						continue;
 					}
@@ -1210,8 +1284,7 @@
 						bv.bv_len = sizeof(buf) - 1;
 						bv.bv_val = buf;
 
-						if ( acl_string_expand(&bv, &b->a_domain_pat,
-								e->e_ndn, nmatch, matches) )
+						if ( acl_string_expand(&bv, &b->a_domain_pat, &e->e_nname, val, matches) )
 						{
 							continue;
 						}
@@ -1248,8 +1321,8 @@
 				b->a_peername_pat.bv_val, 0, 0 );
 			if ( !ber_bvccmp( &b->a_peername_pat, '*' ) ) {
 				if ( b->a_peername_style == ACL_STYLE_REGEX ) {
-					if (!regex_matches( &b->a_peername_pat, op->o_conn->c_peer_name.bv_val,
-							e->e_ndn, nmatch, matches ) ) 
+					if ( !regex_matches( &b->a_peername_pat, op->o_conn->c_peer_name.bv_val,
+							&e->e_nname, val, matches ) ) 
 					{
 						continue;
 					}
@@ -1267,8 +1340,7 @@
 
 						bv.bv_len = sizeof( buf ) - 1;
 						bv.bv_val = buf;
-						if ( acl_string_expand( &bv, &b->a_peername_pat,
-								e->e_ndn, nmatch, matches ) )
+						if ( acl_string_expand( &bv, &b->a_peername_pat, &e->e_nname, val, matches ) )
 						{
 							continue;
 						}
@@ -1401,8 +1473,8 @@
 				b->a_sockname_pat.bv_val, 0, 0 );
 			if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
 				if ( b->a_sockname_style == ACL_STYLE_REGEX) {
-					if (!regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
-							e->e_ndn, nmatch, matches ) ) 
+					if ( !regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
+							&e->e_nname, val, matches ) ) 
 					{
 						continue;
 					}
@@ -1413,8 +1485,7 @@
 
 					bv.bv_len = sizeof( buf ) - 1;
 					bv.bv_val = buf;
-					if ( acl_string_expand( &bv, &b->a_sockname_pat,
-							e->e_ndn, nmatch, matches ) )
+					if ( acl_string_expand( &bv, &b->a_sockname_pat, &e->e_nname, val, matches ) )
 					{
 						continue;
 					}
@@ -1432,8 +1503,8 @@
 		}
 
 		if ( b->a_dn_at != NULL ) {
-			if ( acl_mask_dnattr( op, e, val, a, b, i,
-					matches, count, state,
+			if ( acl_mask_dnattr( op, e, val, a,
+					count, state,
 					&b->a_dn, &op->o_ndn ) )
 			{
 				continue;
@@ -1450,8 +1521,8 @@
 				ndn = op->o_ndn;
 			}
 
-			if ( acl_mask_dnattr( op, e, val, a, b, i,
-					matches, count, state,
+			if ( acl_mask_dnattr( op, e, val, a,
+					count, state,
 					&b->a_realdn, &ndn ) )
 			{
 				continue;
@@ -1477,38 +1548,43 @@
 			/* see if asker is listed in dnattr */
 			if ( b->a_group_style == ACL_STYLE_EXPAND ) {
 				char		buf[ACL_BUF_SIZE];
-				int		tmp_nmatch;
-				regmatch_t	tmp_matches[2],
-						*tmp_matchesp = tmp_matches;
+				AclRegexMatches	tmp_matches,
+						*tmp_matchesp = &tmp_matches;
+				regmatch_t 	*tmp_data;
 
+				MATCHES_MEMSET( &tmp_matches );
+				tmp_data = &tmp_matches.dn_data[0];
+
 				bv.bv_len = sizeof(buf) - 1;
 				bv.bv_val = buf;
 
 				rc = 0;
 
-				switch ( a->acl_dn_style ) {
+				if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+					tmp_matchesp = matches;
+				else switch ( a->acl_dn_style ) {
 				case ACL_STYLE_REGEX:
 					if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
 						tmp_matchesp = matches;
-						tmp_nmatch = nmatch;
 						break;
 					}
 
 				/* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
 				case ACL_STYLE_BASE:
-					tmp_matches[0].rm_so = 0;
-					tmp_matches[0].rm_eo = e->e_nname.bv_len;
-					tmp_nmatch = 1;
+					tmp_data[0].rm_so = 0;
+					tmp_data[0].rm_eo = e->e_nname.bv_len;
+					tmp_matches.dn_count = 1;
 					break;
 
 				case ACL_STYLE_ONE:
 				case ACL_STYLE_SUBTREE:
 				case ACL_STYLE_CHILDREN:
-					tmp_matches[0].rm_so = 0;
-					tmp_matches[0].rm_eo = e->e_nname.bv_len;
-					tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
-					tmp_matches[1].rm_eo = e->e_nname.bv_len;
-					tmp_nmatch = 2;
+					tmp_data[0].rm_so = 0;
+					tmp_data[0].rm_eo = e->e_nname.bv_len;
+
+					tmp_data[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+					tmp_data[1].rm_eo = e->e_nname.bv_len;
+					tmp_matches.dn_count = 2;
 					break;
 
 				default:
@@ -1522,8 +1598,8 @@
 				}
 				
 				if ( acl_string_expand( &bv, &b->a_group_pat,
-						e->e_nname.bv_val,
-						tmp_nmatch, tmp_matchesp ) )
+						&e->e_nname, val,
+						tmp_matchesp ) )
 				{
 					continue;
 				}
@@ -1561,39 +1637,42 @@
 				b->a_set_pat.bv_val, 0, 0 );
 
 			if ( b->a_set_style == ACL_STYLE_EXPAND ) {
-				int		tmp_nmatch;
-				regmatch_t	tmp_matches[2],
-						*tmp_matchesp = tmp_matches;
+				AclRegexMatches	tmp_matches,
+						*tmp_matchesp = &tmp_matches;
 				int		rc = 0;
+				regmatch_t 	*tmp_data;
 
+				MATCHES_MEMSET( &tmp_matches );
+				tmp_data = &tmp_matches.dn_data[0];
+
 				bv.bv_len = sizeof( buf ) - 1;
 				bv.bv_val = buf;
 
 				rc = 0;
 
-				switch ( a->acl_dn_style ) {
+				if ( a->acl_attrval_style == ACL_STYLE_REGEX )
+					tmp_matchesp = matches;
+				else switch ( a->acl_dn_style ) {
 				case ACL_STYLE_REGEX:
 					if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
 						tmp_matchesp = matches;
-						tmp_nmatch = nmatch;
 						break;
 					}
 
 				/* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
 				case ACL_STYLE_BASE:
-					tmp_matches[0].rm_so = 0;
-					tmp_matches[0].rm_eo = e->e_nname.bv_len;
-					tmp_nmatch = 1;
+					tmp_data[0].rm_so = 0;
+					tmp_data[0].rm_eo = e->e_nname.bv_len;
+					tmp_matches.dn_count = 1;
 					break;
 
 				case ACL_STYLE_ONE:
 				case ACL_STYLE_SUBTREE:
 				case ACL_STYLE_CHILDREN:
-					tmp_matches[0].rm_so = 0;
-					tmp_matches[0].rm_eo = e->e_nname.bv_len;
-					tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
-					tmp_matches[1].rm_eo = e->e_nname.bv_len;
-					tmp_nmatch = 2;
+					tmp_data[0].rm_so = 0;
+					tmp_data[0].rm_eo = e->e_nname.bv_len;
+					tmp_data[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
+					tmp_data[1].rm_eo = e->e_nname.bv_len; tmp_matches.dn_count = 2;
 					break;
 
 				default:
@@ -1607,8 +1686,8 @@
 				}
 				
 				if ( acl_string_expand( &bv, &b->a_set_pat,
-						e->e_nname.bv_val,
-						tmp_nmatch, tmp_matchesp ) )
+						&e->e_nname, val,
+						tmp_matchesp ) )
 				{
 					continue;
 				}
@@ -1720,8 +1799,14 @@
 				Debug( LDAP_DEBUG_ACL, "    <= check a_dynacl: %s\n",
 					da->da_name, 0, 0 );
 
+				/*
+				 * XXXmanu Only DN matches are supplied 
+				 * sending attribute values matches require
+				 * an API update
+				 */
 				(void)da->da_mask( da->da_private, op, e, desc,
-					val, nmatch, matches, &grant, &deny );
+					val, matches->dn_count, matches->dn_data, 
+					&grant, &deny ); 
 
 				tgrant |= grant;
 				tdeny |= deny;
@@ -1790,8 +1875,6 @@
 			*mask = modmask;
 		}
 
-		a2pmask = *mask;
-
 		Debug( LDAP_DEBUG_ACL,
 			"<= acl_mask: [%d] mask: %s\n",
 			i, accessmask2str(*mask, accessmaskbuf, 1), 0 );
@@ -1843,6 +1926,10 @@
 	}
 	assert( be != NULL );
 
+	/* If ADD attribute checking is not enabled, just allow it */
+	if ( op->o_tag == LDAP_REQ_ADD && !SLAP_DBACL_ADD( be ))
+		return 1;
+
 	/* short circuit root database access */
 	if ( be_isroot( op ) ) {
 		Debug( LDAP_DEBUG_ACL,
@@ -1852,7 +1939,7 @@
 	}
 
 	/* use backend default access if no backend acls */
-	if( op->o_bd != NULL && op->o_bd->be_acl == NULL ) {
+	if( op->o_bd != NULL && op->o_bd->be_acl == NULL && frontendDB->be_acl == NULL ) {
 		Debug( LDAP_DEBUG_ACL,
 			"=> access_allowed: backend default %s access %s to \"%s\"\n",
 			access2str( ACL_WRITE ),
@@ -2114,7 +2201,7 @@
 	if ( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE,
 			"%s acl_set_gather: DN=\"%s\" normalize failed\n",
-			cp->asc_op->o_log_prefix, op2.o_req_dn.bv_val, 0 );
+			cp->asc_op->o_log_prefix, ludp->lud_dn, 0 );
 
 		goto url_done;
 	}
@@ -2211,7 +2298,7 @@
 
 url_done:;
 	if ( op2.ors_filter && op2.ors_filter != slap_filter_objectClass_pres ) {
-		filter_free_x( cp->asc_op, op2.ors_filter );
+		filter_free_x( cp->asc_op, op2.ors_filter, 1 );
 	}
 	if ( !BER_BVISNULL( &op2.o_req_ndn ) ) {
 		slap_sl_free( op2.o_req_ndn.bv_val, cp->asc_op->o_tmpmemctx );
@@ -2275,7 +2362,7 @@
 	AclSetCookie	cookie;
 
 	if ( default_set_attribute == NULL ) {
-		ber_dupbv_x( &set, subj, op->o_tmpmemctx );
+		set = *subj;
 
 	} else {
 		struct berval		subjdn, ndn = BER_BVNULL;
@@ -2324,7 +2411,9 @@
 			acl_set_gather,
 			(SetCookie *)&cookie, &set,
 			&op->o_ndn, &e->e_nname, NULL ) > 0 );
-		slap_sl_free( set.bv_val, op->o_tmpmemctx );
+		if ( set.bv_val != subj->bv_val ) {
+			slap_sl_free( set.bv_val, op->o_tmpmemctx );
+		}
 	}
 
 	return(rc);
@@ -2420,20 +2509,22 @@
 acl_string_expand(
 	struct berval	*bv,
 	struct berval	*pat,
-	char		*match,
-	int		nmatch,
-	regmatch_t	*matches)
+	struct berval	*dn_matches,
+	struct berval	*val_matches,
+	AclRegexMatches	*matches)
 {
 	ber_len_t	size;
 	char   *sp;
 	char   *dp;
 	int	flag;
+	enum { DN_FLAG, VAL_FLAG } tflag;
 
 	size = 0;
 	bv->bv_val[0] = '\0';
 	bv->bv_len--; /* leave space for lone $ */
 
 	flag = 0;
+	tflag = DN_FLAG;
 	for ( dp = bv->bv_val, sp = pat->bv_val; size < bv->bv_len &&
 		sp < pat->bv_val + pat->bv_len ; sp++ )
 	{
@@ -2443,11 +2534,21 @@
 				*dp++ = '$';
 				size++;
 				flag = 0;
+				tflag = DN_FLAG;
 
+			} else if ( flag == 2 && *sp == 'v' /*'}'*/) {
+				tflag = VAL_FLAG;
+
+			} else if ( flag == 2 && *sp == 'd' /*'}'*/) {
+				tflag = DN_FLAG;
+
 			} else if ( flag == 1 && *sp == '{' /*'}'*/) {
 				flag = 2;
 
 			} else if ( *sp >= '0' && *sp <= '9' ) {
+				int	nm;
+				regmatch_t *m;
+				char *data;
 				int	n;
 				int	i;
 				int	l;
@@ -2467,20 +2568,40 @@
 					}
 				}
 
-				if ( n >= nmatch ) {
+				switch (tflag) {
+				case DN_FLAG:
+					nm = matches->dn_count;
+					m = matches->dn_data;
+					data = dn_matches ? dn_matches->bv_val : NULL;
+					break;
+				case VAL_FLAG:
+					nm = matches->val_count;
+					m = matches->val_data;
+					data = val_matches ? val_matches->bv_val : NULL;
+					break;
+				default:
+					assert( 0 );
+				}
+				if ( n >= nm ) {
 					/* FIXME: error */
 					return 1;
 				}
+				if ( data == NULL ) {
+					/* FIXME: error */
+					return 1;
+				}
 				
 				*dp = '\0';
-				i = matches[n].rm_so;
-				l = matches[n].rm_eo; 
+				i = m[n].rm_so;
+				l = m[n].rm_eo; 
+					
 				for ( ; size < bv->bv_len && i < l; size++, i++ ) {
-					*dp++ = match[i];
+					*dp++ = data[i];
 				}
 				*dp = '\0';
 
 				flag = 0;
+				tflag = DN_FLAG;
 			}
 		} else {
 			if (*sp == '$') {
@@ -2501,8 +2622,8 @@
 	*dp = '\0';
 	bv->bv_len = size;
 
-	Debug( LDAP_DEBUG_TRACE, "=> acl_string_expand: pattern:  %.*s\n", (int)pat->bv_len, pat->bv_val, 0 );
-	Debug( LDAP_DEBUG_TRACE, "=> acl_string_expand: expanded: %s\n", bv->bv_val, 0, 0 );
+	Debug( LDAP_DEBUG_ACL, "=> acl_string_expand: pattern:  %.*s\n", (int)pat->bv_len, pat->bv_val, 0 );
+	Debug( LDAP_DEBUG_ACL, "=> acl_string_expand: expanded: %s\n", bv->bv_val, 0, 0 );
 
 	return 0;
 }
@@ -2511,9 +2632,9 @@
 regex_matches(
 	struct berval	*pat,		/* pattern to expand and match against */
 	char		*str,		/* string to match against pattern */
-	char		*buf,		/* buffer with $N expansion variables */
-	int		nmatch,	/* size of the matches array */
-	regmatch_t	*matches	/* offsets in buffer for $N expansion variables */
+	struct berval	*dn_matches,	/* buffer with $N expansion variables from DN */
+	struct berval	*val_matches,	/* buffer with $N expansion variables from val */
+	AclRegexMatches	*matches	/* offsets in buffer for $N expansion variables */
 )
 {
 	regex_t re;
@@ -2528,7 +2649,7 @@
 		str = "";
 	};
 
-	acl_string_expand( &bv, pat, buf, nmatch, matches );
+	acl_string_expand( &bv, pat, dn_matches, val_matches, matches );
 	rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
 	if ( rc ) {
 		char error[ACL_BUF_SIZE];

Modified: openldap/vendor/openldap-release/servers/slapd/aclparse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/aclparse.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/aclparse.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* aclparse.c - routines to parse and check acl's */
-/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.198.2.6 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/aclparse.c,v 1.198.2.9 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -528,7 +528,7 @@
 					if ( style != NULL ) {
 						if ( strcasecmp( style, "regex" ) == 0 ) {
 							int e = regcomp( &a->acl_attrval_re, bv.bv_val,
-								REG_EXTENDED | REG_ICASE | REG_NOSUB );
+								REG_EXTENDED | REG_ICASE );
 							if ( e ) {
 								char	err[SLAP_TEXT_BUFLEN],
 									buf[ SLAP_TEXT_BUFLEN ];
@@ -1004,7 +1004,8 @@
 								< bdn->a_pat.bv_len;
 							exp = strchr( exp, '$' ) )
 						{
-							if ( isdigit( (unsigned char) exp[ 1 ] ) ) {
+							if ( ( isdigit( (unsigned char) exp[ 1 ] ) ||
+								    exp[ 1 ] == '{' ) ) {
 								gotit = 1;
 								break;
 							}
@@ -2449,19 +2450,12 @@
 	free( a );
 }
 
-/* Because backend_startup uses acl_append to tack on the global_acl to
- * the end of each backend's acl, we cannot just take one argument and
- * merrily free our way to the end of the list. backend_destroy calls us
- * with the be_acl in arg1, and global_acl in arg2 to give us a stopping
- * point. config_destroy calls us with global_acl in arg1 and NULL in
- * arg2, so we then proceed to polish off the global_acl.
- */
 void
-acl_destroy( AccessControl *a, AccessControl *end )
+acl_destroy( AccessControl *a )
 {
 	AccessControl *n;
 
-	for ( ; a && a != end; a = n ) {
+	for ( ; a; a = n ) {
 		n = a->acl_next;
 		acl_free( a );
 	}

Modified: openldap/vendor/openldap-release/servers/slapd/ad.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ad.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/ad.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ad.c - routines for dealing with attribute descriptions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ad.c,v 1.95.2.4 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ad.c,v 1.95.2.7 2009/02/09 16:01:20 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -64,6 +64,8 @@
 static Attr_option *options = &lang_option;
 static int option_count = 1;
 
+static int msad_range_hack = 0;
+
 static Attr_option *ad_find_option_definition( const char *opt, int optlen );
 
 static int ad_keystring(
@@ -76,7 +78,9 @@
 	}
 
 	for( i=1; i<bv->bv_len; i++ ) {
-		if( !AD_CHAR( bv->bv_val[i] ) ) {
+		if( !AD_CHAR( bv->bv_val[i] )) {
+			if ( msad_range_hack && bv->bv_val[i] == '=' )
+				continue;
 			return 1;
 		}
 	}
@@ -234,7 +238,8 @@
 		} else if ( ad_find_option_definition( opt, optlen ) ) {
 			int i;
 
-			if( opt[optlen-1] == '-' ) {
+			if( opt[optlen-1] == '-' ||
+				( opt[optlen-1] == '=' && msad_range_hack )) {
 				desc.ad_flags |= SLAP_DESC_TAG_RANGE;
 			}
 
@@ -817,7 +822,10 @@
 
 			*u_ad = (*u_ad)->ad_next;
 
+			tmp->ad_type = nat;
 			tmp->ad_next = NULL;
+			/* ad_cname was contiguous, no leak here */
+			tmp->ad_cname = nat->sat_cname;
 			*n_ad = tmp;
 			n_ad = &tmp->ad_next;
 		} else {
@@ -1175,6 +1183,11 @@
 	optlen = 0;
 	do {
 		if ( !DESC_CHAR( name[optlen] ) ) {
+			/* allow trailing '=', same as '-' */
+			if ( name[optlen] == '=' && !name[optlen+1] ) {
+				msad_range_hack = 1;
+				continue;
+			}
 			Debug( LDAP_DEBUG_ANY,
 			       "%s: line %d: illegal option name \"%s\"\n",
 				    fname, lineno, name );
@@ -1201,7 +1214,8 @@
 
 	options[i].name.bv_val = ch_strdup( name );
 	options[i].name.bv_len = optlen;
-	options[i].prefix = (name[optlen-1] == '-');
+	options[i].prefix = (name[optlen-1] == '-') ||
+ 		(name[optlen-1] == '=');
 
 	if ( i != option_count &&
 	     options[i].prefix &&

Modified: openldap/vendor/openldap-release/servers/slapd/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/add.c,v 1.244.2.6 2008/03/21 01:01:07 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/add.c,v 1.244.2.8 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -531,7 +531,7 @@
 
 	while ( a_new != NULL ) {
 		a_new_desc = a_new->a_desc;
-		mod = (Modifications *) malloc( sizeof( Modifications ));
+		mod = (Modifications *) ch_malloc( sizeof( Modifications ));
 		
 		mod->sml_op = LDAP_MOD_REPLACE;
 		mod->sml_flags = 0;
@@ -541,7 +541,7 @@
 		count = a_new->a_numvals;
 		mod->sml_numvals = a_new->a_numvals;
 
-		mod->sml_values = (struct berval*) malloc(
+		mod->sml_values = (struct berval*) ch_malloc(
 			(count+1) * sizeof( struct berval) );
 
 		/* see slap_mods_check() comments...
@@ -549,7 +549,7 @@
 		 * in this case, mod->sml_nvalues must be left NULL.
 		 */
 		if ( a_new->a_vals != a_new->a_nvals ) {
-			mod->sml_nvalues = (struct berval*) malloc(
+			mod->sml_nvalues = (struct berval*) ch_malloc(
 				(count+1) * sizeof( struct berval) );
 		} else {
 			mod->sml_nvalues = NULL;

Modified: openldap/vendor/openldap-release/servers/slapd/alock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/alock.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/alock.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* alock.c - access lock library */
-/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.5.2.7 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.c,v 1.5.2.10 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *
@@ -24,6 +24,7 @@
 #if SLAPD_BDB || SLAPD_HDB
 
 #include "alock.h"
+#include "lutil.h"
 
 #include <ac/stdlib.h>
 #include <ac/string.h>
@@ -177,7 +178,7 @@
 	assert (bufptr != NULL);
 
 	bufptr += sizeof (unsigned long int);
-	for (count=0; count <= sizeof (unsigned long int); ++count) {
+	for (count=0; count <= (int) sizeof (unsigned long int); ++count) {
 		val <<= 8;
 		val += (unsigned long int) *bufptr--;
 	}
@@ -239,6 +240,9 @@
 
 	if (slot_data->al_appname) free (slot_data->al_appname);
 	slot_data->al_appname = calloc (1, ALOCK_MAX_APPNAME);
+	if (slot_data->al_appname == NULL) {
+		return -1;
+	}
 	strncpy (slot_data->al_appname, (char *)slotbuf+32, ALOCK_MAX_APPNAME-1);
 	(slot_data->al_appname) [ALOCK_MAX_APPNAME-1] = '\0';
 
@@ -335,6 +339,7 @@
 	char * filename;
 	int res, max_slot;
 	int dirty_count, live_count, nosave;
+	char *ptr;
 
 	assert (info != NULL);
 	assert (appname != NULL);
@@ -345,12 +350,19 @@
 	slot_data.al_stamp = time(NULL);
 	slot_data.al_pid = getpid();
 	slot_data.al_appname = calloc (1, ALOCK_MAX_APPNAME);
+	if (slot_data.al_appname == NULL) {
+		return ALOCK_UNSTABLE;
+	}
 	strncpy (slot_data.al_appname, appname, ALOCK_MAX_APPNAME-1);
 	slot_data.al_appname [ALOCK_MAX_APPNAME-1] = '\0';
 
 	filename = calloc (1, strlen (envdir) + strlen ("/alock") + 1);
-	strcpy (filename, envdir);
-	strcat (filename, "/alock");
+	if (filename == NULL ) {
+		free (slot_data.al_appname);
+		return ALOCK_UNSTABLE;
+	}
+	ptr = lutil_strcopy(filename, envdir);
+	lutil_strcopy(ptr, "/alock");
 	info->al_fd = open (filename, O_CREAT|O_RDWR, 0666);
 	free (filename);
 	if (info->al_fd < 0) {

Modified: openldap/vendor/openldap-release/servers/slapd/alock.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/alock.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/alock.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* alock.h - access lock header */
-/* $OpenLDAP: pkg/ldap/servers/slapd/alock.h,v 1.3.2.4 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/alock.h,v 1.3.2.5 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/at.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/at.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/at.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* at.c - routines for dealing with attribute types */
-/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.84.2.6 2008/07/08 19:01:38 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/at.c,v 1.84.2.9 2009/01/22 00:00:59 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -722,8 +722,22 @@
 	 * its own superiorss
 	 */
 	if ( sat->sat_sup ) {
-		sat->sat_syntax = sat->sat_sup->sat_syntax;
-		sat->sat_equality = sat->sat_sup->sat_equality;
+		Syntax *syn = syn_find(sat->sat_sup->sat_syntax->ssyn_oid);
+		if ( syn != sat->sat_sup->sat_syntax ) {
+			sat->sat_syntax = ch_malloc( sizeof( Syntax ));
+			*sat->sat_syntax = *sat->sat_sup->sat_syntax;
+		} else {
+			sat->sat_syntax = sat->sat_sup->sat_syntax;
+		}
+		if ( sat->sat_sup->sat_equality ) {
+			MatchingRule *mr = mr_find( sat->sat_sup->sat_equality->smr_oid );
+			if ( mr != sat->sat_sup->sat_equality ) {
+				sat->sat_equality = ch_malloc( sizeof( MatchingRule ));
+				*sat->sat_equality = *sat->sat_sup->sat_equality;
+			} else {
+				sat->sat_equality = sat->sat_sup->sat_equality;
+			}
+		}
 		sat->sat_approx = sat->sat_sup->sat_approx;
 		sat->sat_ordering = sat->sat_sup->sat_ordering;
 		sat->sat_substr = sat->sat_sup->sat_substr;
@@ -925,6 +939,11 @@
 			at->at_oid = oidm;
 		}
 
+		if ( soidm ) {
+			SLAP_FREE( at->at_syntax_oid );
+			at->at_syntax_oid = soidm;
+		}
+
 	} else if ( rsat ) {
 		*rsat = sat;
 	}

Modified: openldap/vendor/openldap-release/servers/slapd/attr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/attr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/attr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* attr.c - routines for dealing with attributes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/attr.c,v 1.112.2.8 2008/07/10 00:17:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/attr.c,v 1.112.2.11 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -213,7 +213,7 @@
 {
 	tmp->a_flags = a->a_flags & SLAP_ATTR_PERSISTENT_FLAGS;
 	if ( a->a_vals != NULL ) {
-		int	i;
+		unsigned	i, j;
 
 		tmp->a_numvals = a->a_numvals;
 		tmp->a_vals = ch_malloc( (tmp->a_numvals + 1) * sizeof(struct berval) );
@@ -228,7 +228,6 @@
 		assert( a->a_nvals != NULL );
 
 		if ( a->a_nvals != a->a_vals ) {
-			int	j;
 
 			tmp->a_nvals = ch_malloc( (tmp->a_numvals + 1) * sizeof(struct berval) );
 			for ( j = 0; !BER_BVISNULL( &a->a_nvals[j] ); j++ ) {
@@ -404,7 +403,7 @@
 					rc = LDAP_TYPE_OR_VALUE_EXISTS;
 				return rc;
 			}
-			for ( j = a->a_numvals; j >= slot; j-- ) {
+			for ( j = a->a_numvals; j >= (int)slot; j-- ) {
 				a->a_vals[j+1] = a->a_vals[j];
 				if ( nvals )
 					a->a_nvals[j+1] = a->a_nvals[j];

Modified: openldap/vendor/openldap-release/servers/slapd/ava.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ava.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/ava.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ava.c - routines for dealing with attribute value assertions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ava.c,v 1.45.2.3 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ava.c,v 1.45.2.5 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -111,6 +111,7 @@
 		Debug( LDAP_DEBUG_FILTER,
 		"get_ava: illegal value for attributeType %s\n", type.bv_val, 0, 0 );
 		ber_dupbv_x( &aa->aa_value, &value, op->o_tmpmemctx );
+		*text = NULL;
 		rc = LDAP_SUCCESS;
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-bdb
-# $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/Makefile.in,v 1.34.2.5 2008/02/11 23:26:45 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/Makefile.in,v 1.34.2.6 2009/01/22 00:01:04 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* add.c - ldap BerkeleyDB back-end add routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.152.2.10 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/add.c,v 1.152.2.16 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,11 +32,10 @@
 	size_t textlen = sizeof textbuf;
 	AttributeDescription *children = slap_schema.si_ad_children;
 	AttributeDescription *entry = slap_schema.si_ad_entry;
-	DB_TXN		*ltid = NULL, *lt2;
+	DB_TXN		*ltid = NULL, *lt2, *rtxn;
 	ID eid = NOID;
-	struct bdb_op_info opinfo = {0};
+	struct bdb_op_info opinfo = {{{ 0 }}};
 	int subentry;
-	BDB_LOCKER	locker = 0, rlocker = 0;
 	DB_LOCK		lock;
 
 	int		num_retries = 0;
@@ -95,7 +94,7 @@
 
 	/* check entry's schema */
 	rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
-		get_relax(op), 1, &rs->sr_text, textbuf, textlen );
+		get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE,
 			LDAP_XSTRING(bdb_add) ": entry failed schema check: "
@@ -113,10 +112,17 @@
 		goto return_results;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 	subentry = is_entry_subentry( op->oq_add.rs_e );
 
-	/* Get our thread locker ID */
-	rs->sr_err = LOCK_ID( bdb->bi_dbenv, &rlocker );
+	/* Get our reader TXN */
+	rs->sr_err = bdb_reader_get( op, bdb->bi_dbenv, &rtxn );
 
 	if( 0 ) {
 retry:	/* transaction retry */
@@ -157,8 +163,6 @@
 		goto return_results;
 	}
 
-	locker = TXN_ID ( ltid );
-
 	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
@@ -176,7 +180,7 @@
 
 	/* get entry or parent */
 	rs->sr_err = bdb_dn2entry( op, ltid, &op->ora_e->e_nname, &ei,
-		1, locker, &lock );
+		1, &lock );
 	switch( rs->sr_err ) {
 	case 0:
 		rs->sr_err = LDAP_ALREADY_EXISTS;
@@ -302,6 +306,24 @@
 		goto return_results;;
 	}
 
+	/* 
+	 * Check ACL for attribute write access
+	 */
+	if (!acl_check_modlist(op, oe, op->ora_modlist)) {
+		switch( opinfo.boi_err ) {
+		case DB_LOCK_DEADLOCK:
+		case DB_LOCK_NOTGRANTED:
+			goto retry;
+		}
+
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
+			0, 0, 0 );
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to attribute";
+		goto return_results;;
+	}
+
 	if ( eid == NOID ) {
 		rs->sr_err = bdb_next_id( op->o_bd, &eid );
 		if( rs->sr_err != 0 ) {
@@ -428,8 +450,8 @@
 			nrdn = op->ora_e->e_nname;
 		}
 
-		/* Use the thread locker here, outside the txn */
-		bdb_cache_add( bdb, ei, op->ora_e, &nrdn, rlocker, &lock );
+		/* Use the reader txn here, outside the add txn */
+		bdb_cache_add( bdb, ei, op->ora_e, &nrdn, rtxn, &lock );
 
 		if(( rs->sr_err=TXN_COMMIT( ltid, 0 )) != 0 ) {
 			rs->sr_text = "txn_commit failed";

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/attr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* attr.c - backend routines for dealing with attributes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.36.2.4 2008/05/27 20:26:12 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/attr.c,v 1.36.2.8 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -23,20 +23,21 @@
 
 #include "slap.h"
 #include "back-bdb.h"
+#include "config.h"
 #include "lutil.h"
 
 /* Find the ad, return -1 if not found,
  * set point for insertion if ins is non-NULL
  */
 int
-bdb_attr_slot( struct bdb_info *bdb, AttributeDescription *ad, unsigned *ins )
+bdb_attr_slot( struct bdb_info *bdb, AttributeDescription *ad, int *ins )
 {
 	unsigned base = 0, cursor = 0;
 	unsigned n = bdb->bi_nattrs;
 	int val = 0;
 	
 	while ( 0 < n ) {
-		int pivot = n >> 1;
+		unsigned pivot = n >> 1;
 		cursor = base + pivot;
 
 		val = SLAP_PTRCMP( ad, bdb->bi_attrs[cursor]->ai_desc );
@@ -60,7 +61,7 @@
 static int
 ainfo_insert( struct bdb_info *bdb, AttrInfo *a )
 {
-	unsigned x;
+	int x;
 	int i = bdb_attr_slot( bdb, a->ai_desc, &x );
 
 	/* Is it a dup? */
@@ -92,7 +93,8 @@
 	const char		*fname,
 	int			lineno,
 	int			argc,
-	char		**argv )
+	char		**argv,
+	struct		config_reply_s *c_reply)
 {
 	int rc = 0;
 	int	i;
@@ -132,9 +134,14 @@
 			rc = slap_str2index( indexes[i], &index );
 
 			if( rc != LDAP_SUCCESS ) {
-				fprintf( stderr, "%s: line %d: "
-					"index type \"%s\" undefined\n",
-					fname, lineno, indexes[i] );
+				if ( c_reply )
+				{
+					snprintf(c_reply->msg, sizeof(c_reply->msg),
+						"index type \"%s\" undefined", indexes[i] );
+
+					fprintf( stderr, "%s: line %d: %s\n",
+						fname, lineno, c_reply->msg );
+				}
 				rc = LDAP_PARAM_ERROR;
 				goto done;
 			}
@@ -144,9 +151,13 @@
 	}
 
 	if( !mask ) {
-		fprintf( stderr, "%s: line %d: "
-			"no indexes selected\n",
-			fname, lineno );
+		if ( c_reply )
+		{
+			snprintf(c_reply->msg, sizeof(c_reply->msg),
+				"no indexes selected" );
+			fprintf( stderr, "%s: line %d: %s\n",
+				fname, lineno, c_reply->msg );
+		}
 		rc = LDAP_PARAM_ERROR;
 		goto done;
 	}
@@ -169,9 +180,14 @@
 		if ( is_component_reference( attrs[i] ) ) {
 			rc = extract_component_reference( attrs[i], &cr );
 			if ( rc != LDAP_SUCCESS ) {
-				fprintf( stderr, "%s: line %d: "
-					"index component reference\"%s\" undefined\n",
-					fname, lineno, attrs[i] );
+				if ( c_reply )
+				{
+					snprintf(c_reply->msg, sizeof(c_reply->msg),
+						"index component reference\"%s\" undefined",
+						attrs[i] );
+					fprintf( stderr, "%s: line %d: %s\n",
+						fname, lineno, c_reply->msg );
+				}
 				goto done;
 			}
 			cr->cr_indexmask = mask;
@@ -187,16 +203,25 @@
 		rc = slap_str2ad( attrs[i], &ad, &text );
 
 		if( rc != LDAP_SUCCESS ) {
-			fprintf( stderr, "%s: line %d: "
-				"index attribute \"%s\" undefined\n",
-				fname, lineno, attrs[i] );
+			if ( c_reply )
+			{
+				snprintf(c_reply->msg, sizeof(c_reply->msg),
+					"index attribute \"%s\" undefined",
+					attrs[i] );
+
+				fprintf( stderr, "%s: line %d: %s\n",
+					fname, lineno, c_reply->msg );
+			}
 			goto done;
 		}
 
-		if( slap_ad_is_binary( ad ) ) {
-			fprintf( stderr, "%s: line %d: "
-				"index of attribute \"%s\" disallowed\n",
-				fname, lineno, attrs[i] );
+		if( ad == slap_schema.si_ad_entryDN || slap_ad_is_binary( ad ) ) {
+			if (c_reply) {
+				snprintf(c_reply->msg, sizeof(c_reply->msg),
+					"index of attribute \"%s\" disallowed", attrs[i] );
+				fprintf( stderr, "%s: line %d: %s\n",
+					fname, lineno, c_reply->msg );
+			}
 			rc = LDAP_UNWILLING_TO_PERFORM;
 			goto done;
 		}
@@ -206,9 +231,12 @@
 				&& ad->ad_type->sat_approx->smr_indexer
 				&& ad->ad_type->sat_approx->smr_filter ) )
 		{
-			fprintf( stderr, "%s: line %d: "
-				"approx index of attribute \"%s\" disallowed\n",
-				fname, lineno, attrs[i] );
+			if (c_reply) {
+				snprintf(c_reply->msg, sizeof(c_reply->msg),
+					"approx index of attribute \"%s\" disallowed", attrs[i] );
+				fprintf( stderr, "%s: line %d: %s\n",
+					fname, lineno, c_reply->msg );
+			}
 			rc = LDAP_INAPPROPRIATE_MATCHING;
 			goto done;
 		}
@@ -218,9 +246,12 @@
 				&& ad->ad_type->sat_equality->smr_indexer
 				&& ad->ad_type->sat_equality->smr_filter ) )
 		{
-			fprintf( stderr, "%s: line %d: "
-				"equality index of attribute \"%s\" disallowed\n",
-				fname, lineno, attrs[i] );
+			if (c_reply) {
+				snprintf(c_reply->msg, sizeof(c_reply->msg),
+					"equality index of attribute \"%s\" disallowed", attrs[i] );
+				fprintf( stderr, "%s: line %d: %s\n",
+					fname, lineno, c_reply->msg );
+			}
 			rc = LDAP_INAPPROPRIATE_MATCHING;
 			goto done;
 		}
@@ -230,9 +261,12 @@
 				&& ad->ad_type->sat_substr->smr_indexer
 				&& ad->ad_type->sat_substr->smr_filter ) )
 		{
-			fprintf( stderr, "%s: line %d: "
-				"substr index of attribute \"%s\" disallowed\n",
-				fname, lineno, attrs[i] );
+			if (c_reply) {
+				snprintf(c_reply->msg, sizeof(c_reply->msg),
+					"substr index of attribute \"%s\" disallowed", attrs[i] );
+				fprintf( stderr, "%s: line %d: %s\n",
+					fname, lineno, c_reply->msg );
+			}
 			rc = LDAP_INAPPROPRIATE_MATCHING;
 			goto done;
 		}
@@ -295,9 +329,13 @@
 				rc = 0;
 				continue;
 			}
-			fprintf( stderr,
-				"%s: line %d: duplicate index definition for attr \"%s\".\n",
-				fname, lineno, attrs[i] );
+			if (c_reply) {
+				snprintf(c_reply->msg, sizeof(c_reply->msg),
+					"duplicate index definition for attr \"%s\"",
+					attrs[i] );
+				fprintf( stderr, "%s: line %d: %s\n",
+					fname, lineno, c_reply->msg );
+			}
 
 			rc = LDAP_PARAM_ERROR;
 			goto done;

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/back-bdb.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* back-bdb.h - bdb back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.141.2.14 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/back-bdb.h,v 1.141.2.19 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,34 +54,6 @@
 #define	BDB_ID2ENTRY_PAGESIZE	16384
 #endif
 
-#ifndef BDB_PAGESIZE
-#define	BDB_PAGESIZE	4096	/* BDB's original default */
-#endif
-
-/* 4.6.18 redefines cursor->locker */
-#if DB_VERSION_FULL >= 0x04060012
-
-struct __db_locker {
-	u_int32_t	id;
-};
-
-typedef struct __db_locker * BDB_LOCKER;
-
-extern int __lock_getlocker(DB_LOCKTAB *lt, u_int32_t locker, int create, DB_LOCKER **ret);
-
-#define CURSOR_SETLOCKER(cursor, id)	cursor->locker = id
-#define CURSOR_GETLOCKER(cursor)	cursor->locker
-#define BDB_LOCKID(locker)	locker->id
-#else
-
-typedef u_int32_t BDB_LOCKER;
-
-#define CURSOR_SETLOCKER(cursor, id)	cursor->locker = id
-#define CURSOR_GETLOCKER(cursor)	cursor->locker
-#define BDB_LOCKID(locker)	locker
-
-#endif
-
 #define DEFAULT_CACHE_SIZE     1000
 
 /* The default search IDL stack cache depth */
@@ -160,7 +132,7 @@
 	int		c_eiused;	/* EntryInfo's in use */
 	int		c_leaves;	/* EntryInfo leaf nodes */
 	int		c_purging;
-	BDB_LOCKER	c_locker;	/* used by lru cleaner */
+	DB_TXN	*c_txn;	/* used by lru cleaner */
 	ldap_pvt_thread_rdwr_t c_rwlock;
 	ldap_pvt_thread_mutex_t c_lru_mutex;
 	ldap_pvt_thread_mutex_t c_count_mutex;
@@ -180,6 +152,12 @@
 	DB			*bdi_db;
 };
 
+struct bdb_db_pgsize {
+	struct bdb_db_pgsize *bdp_next;
+	struct berval	bdp_name;
+	int	bdp_size;
+};
+
 #ifdef LDAP_DEVEL
 #define BDB_MONITOR_IDX
 #endif /* LDAP_DEVEL */
@@ -202,9 +180,10 @@
 	int			bi_dbenv_mode;
 
 	int			bi_ndatabases;
+	int		bi_db_opflags;	/* db-specific flags */
 	struct bdb_db_info **bi_databases;
 	ldap_pvt_thread_mutex_t	bi_database_mutex;
-	int		bi_db_opflags;	/* db-specific flags */
+	struct bdb_db_pgsize *bi_pagesizes;
 
 	slap_mask_t	bi_defaultmask;
 	Cache		bi_cache;
@@ -250,6 +229,7 @@
 #define	BDB_UPD_CONFIG	0x04
 #define	BDB_DEL_INDEX	0x08
 #define	BDB_RE_OPEN		0x10
+#define BDB_CHKSUM		0x20
 #ifdef BDB_HIER
 	int		bi_modrdns;		/* number of modrdns completed */
 	ldap_pvt_thread_mutex_t	bi_modrdns_mutex;
@@ -262,17 +242,21 @@
 
 struct bdb_lock_info {
 	struct bdb_lock_info *bli_next;
-	ID		bli_id;
 	DB_LOCK	bli_lock;
+	ID		bli_id;
+	int		bli_flag;
 };
+#define	BLI_DONTFREE	1
 
 struct bdb_op_info {
 	OpExtra boi_oe;
 	DB_TXN*		boi_txn;
-	u_int32_t	boi_err;
-	int		boi_acl_cache;
 	struct bdb_lock_info *boi_locks;	/* used when no txn */
+	u_int32_t	boi_err;
+	char		boi_acl_cache;
+	char		boi_flag;
 };
+#define BOI_DONTFREE	1
 
 #define	DB_OPEN(db, file, name, type, flags, mode) \
 	((db)->open)(db, file, name, type, flags, mode)
@@ -309,12 +293,6 @@
 	((db)->open)(db, NULL, file, name, type, flags, mode)
 #endif
 
-/* BDB 4.6.18 makes locker a struct instead of an int */
-#if DB_VERSION_FULL >= 0x04060012
-#undef TXN_ID
-#define TXN_ID(txn)	(txn)->locker
-#endif
-
 /* #undef BDB_LOG_DEBUG */
 
 #ifdef BDB_LOG_DEBUG
@@ -343,8 +321,6 @@
 #define DB_BUFFER_SMALL			ENOMEM
 #endif
 
-#define BDB_REUSE_LOCKERS
-
 #define BDB_CSN_COMMIT	0
 #define BDB_CSN_ABORT	1
 #define BDB_CSN_RETRY	2
@@ -360,7 +336,7 @@
 
 /* Copy a pointer "src" to a pointer "dst" from big-endian to native order */
 #define BDB_DISK2ID( src, dst ) \
-	do { int i0; ID tmp = 0; unsigned char *_p;	\
+	do { unsigned i0; ID tmp = 0; unsigned char *_p;	\
 		_p = (unsigned char *)(src);	\
 		for ( i0=0; i0<sizeof(ID); i0++ ) {	\
 			tmp <<= 8; tmp |= *_p++;	\

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - bdb backend bind routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/bind.c,v 1.45.2.4 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/bind.c,v 1.45.2.6 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
 
 	AttributeDescription *password = slap_schema.si_ad_userPassword;
 
-	BDB_LOCKER	locker;
+	DB_TXN		*rtxn;
 	DB_LOCK		lock;
 
 	Debug( LDAP_DEBUG_ARGS,
@@ -55,7 +55,7 @@
 		break;
 	}
 
-	rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
+	rs->sr_err = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
 	switch(rs->sr_err) {
 	case 0:
 		break;
@@ -67,8 +67,8 @@
 
 dn2entry_retry:
 	/* get entry with reader lock */
-	rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
-		locker, &lock );
+	rs->sr_err = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1,
+		&lock );
 
 	switch(rs->sr_err) {
 	case DB_NOTFOUND:
@@ -76,14 +76,12 @@
 		break;
 	case LDAP_BUSY:
 		send_ldap_error( op, rs, LDAP_BUSY, "ldap_server_busy" );
-		LOCK_ID_FREE(bdb->bi_dbenv, locker);
 		return LDAP_BUSY;
 	case DB_LOCK_DEADLOCK:
 	case DB_LOCK_NOTGRANTED:
 		goto dn2entry_retry;
 	default:
 		send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
-		LOCK_ID_FREE(bdb->bi_dbenv, locker);
 		return rs->sr_err;
 	}
 
@@ -97,8 +95,6 @@
 		rs->sr_err = LDAP_INVALID_CREDENTIALS;
 		send_ldap_result( op, rs );
 
-		LOCK_ID_FREE(bdb->bi_dbenv, locker);
-
 		return rs->sr_err;
 	}
 
@@ -158,8 +154,6 @@
 		bdb_cache_return_entry_r( bdb, e, &lock );
 	}
 
-	LOCK_ID_FREE(bdb->bi_dbenv, locker);
-
 	if ( rs->sr_err ) {
 		send_ldap_result( op, rs );
 		if ( rs->sr_ref ) {

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/cache.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* cache.c - routines to maintain an in-core cache of entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.120.2.15 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/cache.c,v 1.120.2.20 2009/01/26 20:23:35 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -159,7 +159,7 @@
 int
 bdb_cache_entry_db_relock(
 	struct bdb_info *bdb,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	EntryInfo *ei,
 	int rw,
 	int tryOnly,
@@ -183,7 +183,7 @@
 	list[1].lock = *lock;
 	list[1].mode = rw ? DB_LOCK_WRITE : DB_LOCK_READ;
 	list[1].obj = &lockobj;
-	rc = bdb->bi_dbenv->lock_vec(bdb->bi_dbenv, BDB_LOCKID(locker), tryOnly ? DB_LOCK_NOWAIT : 0,
+	rc = bdb->bi_dbenv->lock_vec(bdb->bi_dbenv, TXN_ID(txn), tryOnly ? DB_LOCK_NOWAIT : 0,
 		list, 2, NULL );
 
 	if (rc && !tryOnly) {
@@ -198,7 +198,7 @@
 }
 
 static int
-bdb_cache_entry_db_lock( struct bdb_info *bdb, BDB_LOCKER locker, EntryInfo *ei,
+bdb_cache_entry_db_lock( struct bdb_info *bdb, DB_TXN *txn, EntryInfo *ei,
 	int rw, int tryOnly, DB_LOCK *lock )
 {
 #ifdef NO_DB_LOCK
@@ -218,7 +218,7 @@
 	lockobj.data = &ei->bei_id;
 	lockobj.size = sizeof(ei->bei_id) + 1;
 
-	rc = LOCK_GET(bdb->bi_dbenv, BDB_LOCKID(locker), tryOnly ? DB_LOCK_NOWAIT : 0,
+	rc = LOCK_GET(bdb->bi_dbenv, TXN_ID(txn), tryOnly ? DB_LOCK_NOWAIT : 0,
 					&lockobj, db_rw, lock);
 	if (rc && !tryOnly) {
 		Debug( LDAP_DEBUG_TRACE,
@@ -394,7 +394,7 @@
 int
 bdb_cache_find_ndn(
 	Operation	*op,
-	BDB_LOCKER		locker,
+	DB_TXN		*txn,
 	struct berval	*ndn,
 	EntryInfo	**res )
 {
@@ -448,7 +448,7 @@
 				ei.bei_nrdn.bv_val );
 
 			lock.mode = DB_LOCK_NG;
-			rc = bdb_dn2id( op, &ei.bei_nrdn, &ei, locker, &lock );
+			rc = bdb_dn2id( op, &ei.bei_nrdn, &ei, txn, &lock );
 			if (rc) {
 				bdb_cache_entryinfo_lock( eip );
 				bdb_cache_entry_db_unlock( bdb, &lock );
@@ -508,7 +508,7 @@
 int
 hdb_cache_find_parent(
 	Operation *op,
-	BDB_LOCKER	locker,
+	DB_TXN	*txn,
 	ID id,
 	EntryInfo **res )
 {
@@ -521,7 +521,7 @@
 	ei.bei_ckids = 0;
 
 	for (;;) {
-		rc = hdb_dn2id_parent( op, locker, &ei, &eip.bei_id );
+		rc = hdb_dn2id_parent( op, txn, &ei, &eip.bei_id );
 		if ( rc ) break;
 
 		/* Save the previous node, if any */
@@ -662,13 +662,22 @@
 	/* Wait for the mutex; we're the only one trying to purge. */
 	ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_lru_mutex );
 
-	if ( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize ) {
+	/* maximum number of EntryInfo leaves to cache. In slapcat
+	 * we always free all leaf nodes.
+	 */
+	if ( slapMode & SLAP_TOOL_READONLY )
+		eimax = 0;
+	else
+		eimax = bdb->bi_cache.c_eimax;
+
+	if ( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize &&
+		bdb->bi_cache.c_leaves <= eimax ) {
 		ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_lru_mutex );
 		bdb->bi_cache.c_purging = 0;
 		return;
 	}
 
-	if ( bdb->bi_cache.c_locker ) {
+	if ( bdb->bi_cache.c_txn ) {
 		lockp = &lock;
 	} else {
 		lockp = NULL;
@@ -676,14 +685,6 @@
 
 	count = 0;
 
-	/* maximum number of EntryInfo leaves to cache. In slapcat
-	 * we always free all leaf nodes.
-	 */
-	if ( slapMode & SLAP_TOOL_READONLY )
-		eimax = 0;
-	else
-		eimax = bdb->bi_cache.c_eimax;
-
 	/* Look for an unused entry to remove */
 	for ( elru = bdb->bi_cache.c_lruhead; elru; elru = elnext ) {
 		elnext = elru->bei_lrunext;
@@ -715,18 +716,25 @@
 		 * the object is idle.
 		 */
 		if ( bdb_cache_entry_db_lock( bdb,
-			bdb->bi_cache.c_locker, elru, 1, 1, lockp ) == 0 ) {
+			bdb->bi_cache.c_txn, elru, 1, 1, lockp ) == 0 ) {
 
 			/* Free entry for this node if it's present */
 			if ( elru->bei_e ) {
-				elru->bei_e->e_private = NULL;
+				if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize &&
+					count < bdb->bi_cache.c_minfree ) {
+					elru->bei_e->e_private = NULL;
 #ifdef SLAP_ZONE_ALLOC
-				bdb_entry_return( bdb, elru->bei_e, elru->bei_zseq );
+					bdb_entry_return( bdb, elru->bei_e, elru->bei_zseq );
 #else
-				bdb_entry_return( elru->bei_e );
+					bdb_entry_return( elru->bei_e );
 #endif
-				elru->bei_e = NULL;
-				count++;
+					elru->bei_e = NULL;
+					count++;
+				} else {
+					/* Keep this node cached, skip to next */
+					bdb_cache_entry_db_unlock( bdb, lockp );
+					goto next;
+				}
 			}
 			bdb_cache_entry_db_unlock( bdb, lockp );
 
@@ -744,13 +752,17 @@
 			}	/* Leave on list until we need to free it */
 		}
 
+next:
 		if ( islocked )
 			bdb_cache_entryinfo_unlock( elru );
 
-		if ( count >= bdb->bi_cache.c_minfree ) {
-			ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
-			bdb->bi_cache.c_cursize -= count;
-			ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
+		if (( bdb->bi_cache.c_cursize <= bdb->bi_cache.c_maxsize ||
+			(unsigned) count >= bdb->bi_cache.c_minfree ) && bdb->bi_cache.c_leaves <= eimax ) {
+			if ( count ) {
+				ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
+				bdb->bi_cache.c_cursize -= count;
+				ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
+			}
 			break;
 		}
 bottom:
@@ -793,7 +805,6 @@
 	ID				id,
 	EntryInfo	**eip,
 	int		flag,
-	BDB_LOCKER	locker,
 	DB_LOCK		*lock )
 {
 	struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
@@ -842,9 +853,9 @@
 	/* See if the ID exists in the database; add it to the cache if so */
 	if ( !*eip ) {
 #ifndef BDB_HIER
-		rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
+		rc = bdb_id2entry( op->o_bd, tid, id, &ep );
 		if ( rc == 0 ) {
-			rc = bdb_cache_find_ndn( op, locker,
+			rc = bdb_cache_find_ndn( op, tid,
 				&ep->e_nname, eip );
 			if ( *eip ) flag |= ID_LOCKED;
 			if ( rc ) {
@@ -858,7 +869,7 @@
 			}
 		}
 #else
-		rc = hdb_cache_find_parent(op, locker, id, eip );
+		rc = hdb_cache_find_parent(op, tid, id, eip );
 		if ( rc == 0 ) flag |= ID_LOCKED;
 #endif
 	}
@@ -902,14 +913,14 @@
 				bdb_cache_entryinfo_unlock( *eip );
 				flag ^= ID_LOCKED;
 			}
-			rc = bdb_cache_entry_db_lock( bdb, locker, *eip, load, 0, lock );
+			rc = bdb_cache_entry_db_lock( bdb, tid, *eip, load, 0, lock );
 			if ( (*eip)->bei_state & CACHE_ENTRY_DELETED ) {
 				rc = DB_NOTFOUND;
 				bdb_cache_entry_db_unlock( bdb, lock );
 			} else if ( rc == 0 ) {
 				if ( load ) {
 					if ( !ep) {
-						rc = bdb_id2entry( op->o_bd, tid, locker, id, &ep );
+						rc = bdb_id2entry( op->o_bd, tid, id, &ep );
 					}
 					if ( rc == 0 ) {
 						ep->e_private = *eip;
@@ -934,7 +945,7 @@
 					}
 					if ( rc == 0 ) {
 						/* If we succeeded, downgrade back to a readlock. */
-						rc = bdb_cache_entry_db_relock( bdb, locker,
+						rc = bdb_cache_entry_db_relock( bdb, tid,
 							*eip, 0, 0, lock );
 					} else {
 						/* Otherwise, release the lock. */
@@ -955,12 +966,12 @@
 					rc = bdb_fix_dn( (*eip)->bei_e, 1 );
 					if ( rc ) {
 						bdb_cache_entry_db_relock( bdb,
-							locker, *eip, 1, 0, lock );
+							tid, *eip, 1, 0, lock );
 						/* check again in case other modifier did it already */
 						if ( bdb_fix_dn( (*eip)->bei_e, 1 ) )
 							rc = bdb_fix_dn( (*eip)->bei_e, 2 );
 						bdb_cache_entry_db_relock( bdb,
-							locker, *eip, 0, 0, lock );
+							tid, *eip, 0, 0, lock );
 					}
 #endif
 				}
@@ -987,16 +998,19 @@
 		int purge = 0;
 
 		if ( load ) {
+			ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
 			if ( !( flag & ID_NOCACHE )) {
-				ldap_pvt_thread_mutex_lock( &bdb->bi_cache.c_count_mutex );
 				bdb->bi_cache.c_cursize++;
 				if ( bdb->bi_cache.c_cursize > bdb->bi_cache.c_maxsize &&
 					!bdb->bi_cache.c_purging ) {
 					purge = 1;
 					bdb->bi_cache.c_purging = 1;
 				}
-				ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
+			} else if ( bdb->bi_cache.c_leaves > bdb->bi_cache.c_eimax && !bdb->bi_cache.c_purging ) {
+				purge = 1;
+				bdb->bi_cache.c_purging = 1;
 			}
+			ldap_pvt_thread_mutex_unlock( &bdb->bi_cache.c_count_mutex );
 		}
 		if ( purge )
 			bdb_cache_lru_purge( bdb );
@@ -1039,7 +1053,7 @@
 	EntryInfo *eip,
 	Entry *e,
 	struct berval *nrdn,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock )
 {
 	EntryInfo *new, ei;
@@ -1056,7 +1070,7 @@
 	/* Lock this entry so that bdb_add can run to completion.
 	 * It can only fail if BDB has run out of lock resources.
 	 */
-	rc = bdb_cache_entry_db_lock( bdb, locker, &ei, 0, 0, lock );
+	rc = bdb_cache_entry_db_lock( bdb, txn, &ei, 0, 0, lock );
 	if ( rc ) {
 		bdb_cache_entryinfo_unlock( eip );
 		return rc;
@@ -1114,13 +1128,13 @@
 	struct bdb_info *bdb,
 	Entry *e,
 	Attribute *newAttrs,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock )
 {
 	EntryInfo *ei = BEI(e);
 	int rc;
 	/* Get write lock on data */
-	rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
+	rc = bdb_cache_entry_db_relock( bdb, txn, ei, 1, 0, lock );
 
 	/* If we've done repeated mods on a cached entry, then e_attrs
 	 * is no longer contiguous with the entry, and must be freed.
@@ -1144,7 +1158,7 @@
 	struct berval *nrdn,
 	Entry *new,
 	EntryInfo *ein,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock )
 {
 	EntryInfo *ei = BEI(e), *pei;
@@ -1154,7 +1168,7 @@
 #endif
 
 	/* Get write lock on data */
-	rc =  bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
+	rc =  bdb_cache_entry_db_relock( bdb, txn, ei, 1, 0, lock );
 	if ( rc ) return rc;
 
 	/* If we've done repeated mods on a cached entry, then e_attrs
@@ -1249,7 +1263,7 @@
 bdb_cache_delete(
 	struct bdb_info *bdb,
     Entry		*e,
-    BDB_LOCKER	locker,
+    DB_TXN *txn,
     DB_LOCK	*lock )
 {
 	EntryInfo *ei = BEI(e);
@@ -1266,7 +1280,7 @@
 	bdb_cache_entryinfo_unlock( ei );
 
 	/* Get write lock on the data */
-	rc = bdb_cache_entry_db_relock( bdb, locker, ei, 1, 0, lock );
+	rc = bdb_cache_entry_db_relock( bdb, txn, ei, 1, 0, lock );
 	if ( rc ) {
 		/* couldn't lock, undo and give up */
 		ei->bei_state ^= CACHE_ENTRY_DELETED;
@@ -1436,56 +1450,36 @@
 #endif
 #endif
 
-#ifdef BDB_REUSE_LOCKERS
 static void
-bdb_locker_id_free( void *key, void *data )
+bdb_reader_free( void *key, void *data )
 {
-	DB_ENV *env = key;
-	u_int32_t lockid;
-	int rc;
+	/* DB_ENV *env = key; */
+	DB_TXN *txn = data;
 
-#if DB_VERSION_FULL >= 0x04060012
-	BDB_LOCKER lptr = data;
-	lockid = lptr->id;
-#else
-	lockid = (long)data;
-#endif
-	rc = XLOCK_ID_FREE( env, lockid );
-	if ( rc == EINVAL ) {
-		DB_LOCKREQ lr;
-		Debug( LDAP_DEBUG_ANY,
-			"bdb_locker_id_free: %lu err %s(%d)\n",
-			(unsigned long) lockid, db_strerror(rc), rc );
-		/* release all locks held by this locker. */
-		lr.op = DB_LOCK_PUT_ALL;
-		lr.obj = NULL;
-		env->lock_vec( env, lockid, 0, &lr, 1, NULL );
-		XLOCK_ID_FREE( env, lockid );
-	}
+	TXN_ABORT( txn );
 }
 
 /* free up any keys used by the main thread */
 void
-bdb_locker_flush( DB_ENV *env )
+bdb_reader_flush( DB_ENV *env )
 {
 	void *data;
 	void *ctx = ldap_pvt_thread_pool_context();
 
 	if ( !ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
 		ldap_pvt_thread_pool_setkey( ctx, env, NULL, 0, NULL, NULL );
-		bdb_locker_id_free( env, data );
+		bdb_reader_free( env, data );
 	}
 }
 
 int
-bdb_locker_id( Operation *op, DB_ENV *env, BDB_LOCKER *locker )
+bdb_reader_get( Operation *op, DB_ENV *env, DB_TXN **txn )
 {
 	int i, rc;
-	u_int32_t lockid;
 	void *data;
 	void *ctx;
 
-	if ( !env || !locker ) return -1;
+	if ( !env || !txn ) return -1;
 
 	/* If no op was provided, try to find the ctx anyway... */
 	if ( op ) {
@@ -1496,42 +1490,29 @@
 
 	/* Shouldn't happen unless we're single-threaded */
 	if ( !ctx ) {
-		*locker = 0;
+		*txn = NULL;
 		return 0;
 	}
 
 	if ( ldap_pvt_thread_pool_getkey( ctx, env, &data, NULL ) ) {
 		for ( i=0, rc=1; rc != 0 && i<4; i++ ) {
-			rc = XLOCK_ID( env, &lockid );
+			rc = TXN_BEGIN( env, NULL, txn, DB_READ_COMMITTED );
 			if (rc) ldap_pvt_thread_yield();
 		}
 		if ( rc != 0) {
 			return rc;
 		}
-#if DB_VERSION_FULL >= 0x04060012
-		{ BDB_LOCKER lptr;
-		__lock_getlocker( env->lk_handle, lockid, 0, &lptr );
-		data = lptr;
-		}
-#else
-		data = (void *)((long)lockid);
-#endif
+		data = *txn;
 		if ( ( rc = ldap_pvt_thread_pool_setkey( ctx, env,
-			data, bdb_locker_id_free, NULL, NULL ) ) ) {
-			XLOCK_ID_FREE( env, lockid );
-			Debug( LDAP_DEBUG_ANY, "bdb_locker_id: err %s(%d)\n",
+			data, bdb_reader_free, NULL, NULL ) ) ) {
+			TXN_ABORT( *txn );
+			Debug( LDAP_DEBUG_ANY, "bdb_reader_get: err %s(%d)\n",
 				db_strerror(rc), rc, 0 );
 
 			return rc;
 		}
 	} else {
-		lockid = (long)data;
+		*txn = data;
 	}
-#if DB_VERSION_FULL >= 0x04060012
-	*locker = data;
-#else
-	*locker = lockid;
-#endif
 	return 0;
 }
-#endif /* BDB_REUSE_LOCKERS */

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* compare.c - bdb backend compare routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/compare.c,v 1.51.2.5 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/compare.c,v 1.51.2.7 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,10 +30,10 @@
 	Attribute	*a;
 	int		manageDSAit = get_manageDSAit( op );
 
-	BDB_LOCKER	locker;
+	DB_TXN		*rtxn;
 	DB_LOCK		lock;
 
-	rs->sr_err = LOCK_ID(bdb->bi_dbenv, &locker);
+	rs->sr_err = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
 	switch(rs->sr_err) {
 	case 0:
 		break;
@@ -44,8 +44,8 @@
 
 dn2entry_retry:
 	/* get entry */
-	rs->sr_err = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1,
-		locker, &lock );
+	rs->sr_err = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1,
+		&lock );
 
 	switch( rs->sr_err ) {
 	case DB_NOTFOUND:
@@ -185,6 +185,5 @@
 		bdb_cache_return_entry_r( bdb, e, &lock );
 	}
 
-	LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 	return rs->sr_err;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - bdb backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.91.2.11 2008/04/14 21:28:42 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/config.c,v 1.91.2.16 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -49,7 +49,10 @@
 	BDB_DIRTYR,
 	BDB_INDEX,
 	BDB_LOCKD,
-	BDB_SSTACK
+	BDB_SSTACK,
+	BDB_MODE,
+	BDB_PGSIZE,
+	BDB_CHECKSUM
 };
 
 static ConfigTable bdbcfg[] = {
@@ -72,6 +75,10 @@
 		bdb_cf_gen, "( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' "
 			"DESC 'Database checkpoint interval in kbytes and minutes' "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )",NULL, NULL },
+	{ "checksum", NULL, 1, 2, 0, ARG_ON_OFF|ARG_MAGIC|BDB_CHECKSUM,
+		bdb_cf_gen, "( OLcfgDbAt:1.16 NAME 'olcDbChecksum' "
+			"DESC 'Enable database checksum validation' "
+			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "cryptfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|BDB_CRYPTFILE,
 		bdb_cf_gen, "( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' "
 			"DESC 'Pathname of file containing the DB encryption key' "
@@ -88,6 +95,11 @@
 		bdb_cf_gen, "( OLcfgDbAt:1.4 NAME 'olcDbNoSync' "
 			"DESC 'Disable synchronous database writes' "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ "dbpagesize", "db> <size", 3, 3, 0, ARG_MAGIC|BDB_PGSIZE,
+		bdb_cf_gen, "( OLcfgDbAt:1.15 NAME 'olcDbPageSize' "
+			"DESC 'Page size of specified DB, in Kbytes' "
+			"EQUALITY caseExactMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "dirtyread", NULL, 1, 2, 0,
 #ifdef SLAP_BDB_ALLOW_DIRTY_READ
 		ARG_ON_OFF|ARG_MAGIC|BDB_DIRTYR, bdb_cf_gen,
@@ -121,11 +133,10 @@
 		bdb_cf_gen, "( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' "
 		"DESC 'Deadlock detection algorithm' "
 		"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
-	{ "mode", "mode", 2, 2, 0, ARG_INT|ARG_OFFSET,
-		(void *)offsetof(struct bdb_info, bi_dbenv_mode),
-		"( OLcfgDbAt:0.3 NAME 'olcDbMode' "
+	{ "mode", "mode", 2, 2, 0, ARG_MAGIC|BDB_MODE,
+		bdb_cf_gen, "( OLcfgDbAt:0.3 NAME 'olcDbMode' "
 		"DESC 'Unix permissions of database files' "
-		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+		"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "searchstack", "depth", 2, 2, 0, ARG_INT|ARG_MAGIC|BDB_SSTACK,
 		bdb_cf_gen, "( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' "
 		"DESC 'Depth of search stack in IDLs' "
@@ -157,7 +168,7 @@
 		"olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ "
 		"olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ "
 		"olcDbMode $ olcDbSearchStack $ olcDbShmKey $ "
-		"olcDbCacheFree $ olcDbDNcacheSize ) )",
+		"olcDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) )",
 		 	Cft_Database, bdbcfg },
 	{ NULL, 0, NULL }
 };
@@ -202,7 +213,6 @@
 	DBT key, data;
 	DB_TXN *txn;
 	DB_LOCK lock;
-	BDB_LOCKER locker;
 	ID id, nid;
 	EntryInfo *ei;
 	int rc, getnext = 1;
@@ -231,7 +241,6 @@
 		rc = TXN_BEGIN( bdb->bi_dbenv, NULL, &txn, bdb->bi_db_opflags );
 		if ( rc ) 
 			break;
-		locker = TXN_ID( txn );
 		if ( getnext ) {
 			getnext = 0;
 			BDB_ID2DISK( id, &nid );
@@ -257,7 +266,7 @@
 		}
 
 		ei = NULL;
-		rc = bdb_cache_find_id( op, txn, id, &ei, 0, locker, &lock );
+		rc = bdb_cache_find_id( op, txn, id, &ei, 0, &lock );
 		if ( rc ) {
 			TXN_ABORT( txn );
 			if ( rc == DB_LOCK_DEADLOCK ) {
@@ -362,15 +371,31 @@
 	if ( c->op == SLAP_CONFIG_EMIT ) {
 		rc = 0;
 		switch( c->type ) {
+		case BDB_MODE: {
+			char buf[64];
+			struct berval bv;
+			bv.bv_len = snprintf( buf, sizeof(buf), "0%o", bdb->bi_dbenv_mode );
+			if ( bv.bv_len > 0 && bv.bv_len < sizeof(buf) ) {
+				bv.bv_val = buf;
+				value_add_one( &c->rvalue_vals, &bv );
+			} else {
+				rc = 1;
+			}
+			} break;
+
 		case BDB_CHKPT:
 			if ( bdb->bi_txn_cp ) {
 				char buf[64];
 				struct berval bv;
-				bv.bv_len = sprintf( buf, "%d %d", bdb->bi_txn_cp_kbyte,
+				bv.bv_len = snprintf( buf, sizeof(buf), "%d %d", bdb->bi_txn_cp_kbyte,
 					bdb->bi_txn_cp_min );
-				bv.bv_val = buf;
-				value_add_one( &c->rvalue_vals, &bv );
-			} else{
+				if ( bv.bv_len > 0 && bv.bv_len < sizeof(buf) ) {
+					bv.bv_val = buf;
+					value_add_one( &c->rvalue_vals, &bv );
+				} else {
+					rc = 1;
+				}
+			} else {
 				rc = 1;
 			}
 			break;
@@ -447,6 +472,11 @@
 				c->value_int = 1;
 			break;
 			
+		case BDB_CHECKSUM:
+			if ( bdb->bi_flags & BDB_CHKSUM )
+				c->value_int = 1;
+			break;
+
 		case BDB_INDEX:
 			bdb_attr_index_unparse( bdb, &c->rvalue_vals );
 			if ( !c->rvalue_vals ) rc = 1;
@@ -469,11 +499,36 @@
 		case BDB_SSTACK:
 			c->value_int = bdb->bi_search_stack_depth;
 			break;
+
+		case BDB_PGSIZE: {
+				struct bdb_db_pgsize *ps;
+				char buf[SLAP_TEXT_BUFLEN];
+				struct berval bv;
+				int rc = 1;
+
+				bv.bv_val = buf;
+				for ( ps = bdb->bi_pagesizes; ps; ps = ps->bdp_next ) {
+					bv.bv_len = sprintf( buf, "%s %d", ps->bdp_name.bv_val,
+						ps->bdp_size / 1024 );
+					value_add_one( &c->rvalue_vals, &bv );
+					rc = 0;
+
+				}
+				break;
+			}
 		}
 		return rc;
 	} else if ( c->op == LDAP_MOD_DELETE ) {
 		rc = 0;
 		switch( c->type ) {
+		case BDB_MODE:
+#if 0
+			/* FIXME: does it make any sense to change the mode,
+			 * if we don't exec a chmod()? */
+			bdb->bi_dbenv_mode = SLAPD_DEFAULT_DB_MODE;
+			break;
+#endif
+
 		/* single-valued no-ops */
 		case BDB_LOCKD:
 		case BDB_SSTACK:
@@ -532,6 +587,9 @@
 		case BDB_NOSYNC:
 			bdb->bi_dbenv->set_flags( bdb->bi_dbenv, DB_TXN_NOSYNC, 0 );
 			break;
+		case BDB_CHECKSUM:
+			bdb->bi_flags &= ~BDB_CHKSUM;
+			break;
 		case BDB_INDEX:
 			if ( c->valx == -1 ) {
 				int i;
@@ -586,11 +644,69 @@
 				}
 			}
 			break;
+		/* doesn't make sense on the fly; the DB file must be
+		 * recreated
+		 */
+		case BDB_PGSIZE: {
+				struct bdb_db_pgsize *ps, **prev;
+				int i;
+
+				for ( i = 0, prev = &bdb->bi_pagesizes, ps = *prev; ps;
+					prev = &ps->bdp_next, ps = ps->bdp_next, i++ ) {
+					if ( c->valx == -1 || i == c->valx ) {
+						*prev = ps->bdp_next;
+						ch_free( ps );
+						ps = *prev;
+						if ( i == c->valx ) break;
+					}
+				}
+			}
+			break;
 		}
 		return rc;
 	}
 
 	switch( c->type ) {
+	case BDB_MODE:
+		if ( ASCII_DIGIT( c->argv[1][0] ) ) {
+			long mode;
+			char *next;
+			errno = 0;
+			mode = strtol( c->argv[1], &next, 0 );
+			if ( errno != 0 || next == c->argv[1] || next[0] != '\0' ) {
+				fprintf( stderr, "%s: "
+					"unable to parse mode=\"%s\".\n",
+					c->log, c->argv[1] );
+				return 1;
+			}
+			bdb->bi_dbenv_mode = mode;
+
+		} else {
+			char *m = c->argv[1];
+			int who, what, mode = 0;
+
+			if ( strlen( m ) != STRLENOF("-rwxrwxrwx") ) {
+				return 1;
+			}
+
+			if ( m[0] != '-' ) {
+				return 1;
+			}
+
+			m++;
+			for ( who = 0; who < 3; who++ ) {
+				for ( what = 0; what < 3; what++, m++ ) {
+					if ( m[0] == '-' ) {
+						continue;
+					} else if ( m[0] != "rwx"[what] ) {
+						return 1;
+					}
+					mode += ((1 << (2 - what)) << 3*(2 - who));
+				}
+			}
+			bdb->bi_dbenv_mode = mode;
+		}
+		break;
 	case BDB_CHKPT: {
 		long	l;
 		bdb->bi_txn_cp = 1;
@@ -736,9 +852,16 @@
 		}
 		break;
 
+	case BDB_CHECKSUM:
+		if ( c->value_int )
+			bdb->bi_flags |= BDB_CHKSUM;
+		else
+			bdb->bi_flags &= ~BDB_CHKSUM;
+		break;
+
 	case BDB_INDEX:
 		rc = bdb_attr_index_config( bdb, c->fname, c->lineno,
-			c->argc - 1, &c->argv[1] );
+			c->argc - 1, &c->argv[1], &c->reply);
 
 		if( rc != LDAP_SUCCESS ) return 1;
 		if (( bdb->bi_flags & BDB_IS_OPEN ) && !bdb->bi_index_task ) {
@@ -779,6 +902,31 @@
 		}
 		bdb->bi_search_stack_depth = c->value_int;
 		break;
+
+	case BDB_PGSIZE: {
+		struct bdb_db_pgsize *ps, **prev;
+		int i, s;
+		
+		s = atoi(c->argv[2]);
+		if ( s < 1 || s > 64 ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"%s: size must be > 0 and <= 64: %d",
+				c->log, s );
+			Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+			return -1;
+		}
+		i = strlen(c->argv[1]);
+		ps = ch_malloc( sizeof(struct bdb_db_pgsize) + i + 1 );
+		ps->bdp_next = NULL;
+		ps->bdp_name.bv_len = i;
+		ps->bdp_name.bv_val = (char *)(ps+1);
+		strcpy( ps->bdp_name.bv_val, c->argv[1] );
+		ps->bdp_size = s * 1024;
+		for ( prev = &bdb->bi_pagesizes; *prev; prev = &(*prev)->bdp_next )
+			;
+		*prev = ps;
+		}
+		break;
 	}
 	return 0;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dbcache.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dbcache.c - manage cache of open databases */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dbcache.c,v 1.43.2.6 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dbcache.c,v 1.43.2.8 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -57,7 +57,30 @@
 #define	BDB_INDEXTYPE	DB_BTREE
 #endif
 
+/* If a configured size is found, return it, otherwise return 0 */
 int
+bdb_db_findsize(
+	struct bdb_info *bdb,
+	struct berval *name
+)
+{
+	struct bdb_db_pgsize *bp;
+	int rc;
+
+	for ( bp = bdb->bi_pagesizes; bp; bp=bp->bdp_next ) {
+		rc = strncmp( name->bv_val, bp->bdp_name.bv_val, name->bv_len );
+		if ( !rc ) {
+			if ( name->bv_len == bp->bdp_name.bv_len )
+				return bp->bdp_size;
+			if ( name->bv_len < bp->bdp_name.bv_len &&
+				bp->bdp_name.bv_val[name->bv_len] == '.' )
+				return bp->bdp_size;
+		}
+	}
+	return 0;
+}
+
+int
 bdb_db_cache(
 	Backend	*be,
 	struct berval *name,
@@ -121,7 +144,24 @@
 		}
 	}
 
-	rc = db->bdi_db->set_pagesize( db->bdi_db, BDB_PAGESIZE );
+	if( bdb->bi_flags & BDB_CHKSUM ) {
+		rc = db->bdi_db->set_flags( db->bdi_db, DB_CHKSUM );
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY,
+				"bdb_db_cache: db set_flags(DB_CHKSUM)(%s) failed: %s (%d)\n",
+				bdb->bi_dbenv_home, db_strerror(rc), rc );
+			ldap_pvt_thread_mutex_unlock( &bdb->bi_database_mutex );
+			db->bdi_db->close( db->bdi_db, 0 );
+			ch_free( db );
+			return rc;
+		}
+	}
+
+	/* If no explicit size set, use the FS default */
+	flags = bdb_db_findsize( bdb, name );
+	if ( flags )
+		rc = db->bdi_db->set_pagesize( db->bdi_db, flags );
+
 #ifdef BDB_INDEX_USE_HASH
 	rc = db->bdi_db->set_h_hash( db->bdi_db, bdb_db_hash );
 #endif

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* delete.c - bdb backend delete routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/delete.c,v 1.155.2.8 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/delete.c,v 1.155.2.11 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -35,10 +35,9 @@
 	AttributeDescription *children = slap_schema.si_ad_children;
 	AttributeDescription *entry = slap_schema.si_ad_entry;
 	DB_TXN		*ltid = NULL, *lt2;
-	struct bdb_op_info opinfo = {0};
+	struct bdb_op_info opinfo = {{{ 0 }}};
 	ID	eid;
 
-	BDB_LOCKER	locker = 0;
 	DB_LOCK		lock, plock;
 
 	int		num_retries = 0;
@@ -154,8 +153,6 @@
 		goto return_results;
 	}
 
-	locker = TXN_ID ( ltid );
-
 	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
@@ -168,7 +165,7 @@
 
 	/* get entry */
 	rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
-		locker, &lock );
+		&lock );
 
 	switch( rs->sr_err ) {
 	case 0:
@@ -217,7 +214,7 @@
 		goto return_results;
 	}
 
-	rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, locker, &plock );
+	rc = bdb_cache_find_id( op, ltid, eip->bei_id, &eip, 0, &plock );
 	switch( rc ) {
 	case DB_LOCK_DEADLOCK:
 	case DB_LOCK_NOTGRANTED:
@@ -527,7 +524,7 @@
 		BDB_LOG_PRINTF( bdb->bi_dbenv, ltid, "slapd Cache delete %s(%d)",
 			e->e_nname.bv_val, e->e_id );
 
-		rc = bdb_cache_delete( bdb, e, locker, &lock );
+		rc = bdb_cache_delete( bdb, e, ltid, &lock );
 		switch( rc ) {
 		case DB_LOCK_DEADLOCK:
 		case DB_LOCK_NOTGRANTED:

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2entry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dn2entry.c - routines to deal with the dn2id / id2entry glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2entry.c,v 1.28.2.7 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2entry.c,v 1.28.2.9 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,7 +34,6 @@
 	struct berval *dn,
 	EntryInfo **e,
 	int matched,
-	BDB_LOCKER locker,
 	DB_LOCK *lock )
 {
 	EntryInfo *ei = NULL;
@@ -45,7 +44,7 @@
 
 	*e = NULL;
 
-	rc = bdb_cache_find_ndn( op, locker, dn, &ei );
+	rc = bdb_cache_find_ndn( op, tid, dn, &ei );
 	if ( rc ) {
 		if ( matched && rc == DB_NOTFOUND ) {
 			/* Set the return value, whether we have its entry
@@ -54,7 +53,7 @@
 			*e = ei;
 			if ( ei && ei->bei_id ) {
 				rc2 = bdb_cache_find_id( op, tid, ei->bei_id,
-					&ei, ID_LOCKED, locker, lock );
+					&ei, ID_LOCKED, lock );
 				if ( rc2 ) rc = rc2;
 			} else if ( ei ) {
 				bdb_cache_entryinfo_unlock( ei );
@@ -66,7 +65,7 @@
 		}
 	} else {
 		rc = bdb_cache_find_id( op, tid, ei->bei_id, &ei, ID_LOCKED,
-			locker, lock );
+			lock );
 		if ( rc == 0 ) {
 			*e = ei;
 		} else if ( matched && rc == DB_NOTFOUND ) {
@@ -74,7 +73,7 @@
 			if ( ei->bei_parent ) {
 				ei = ei->bei_parent;
 				rc2 = bdb_cache_find_id( op, tid, ei->bei_id, &ei, 0,
-					locker, lock );
+					lock );
 				if ( rc2 ) rc = rc2;
 			}
 			*e = ei;

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/dn2id.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dn2id.c - routines to deal with the dn2id index */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.137.2.10 2008/05/20 00:14:04 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/dn2id.c,v 1.137.2.16 2009/01/26 21:27:59 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27,13 +27,13 @@
 
 static int
 bdb_dn2id_lock( struct bdb_info *bdb, struct berval *dn,
-	int rw, BDB_LOCKER locker, DB_LOCK *lock )
+	int rw, DB_TXN *txn, DB_LOCK *lock )
 {
 	int       rc;
 	DBT       lockobj;
 	int       db_rw;
 
-	if (!locker)
+	if (!txn)
 		return 0;
 
 	if (rw)
@@ -44,7 +44,7 @@
 	lockobj.data = dn->bv_val;
 	lockobj.size = dn->bv_len;
 
-	rc = LOCK_GET(bdb->bi_dbenv, BDB_LOCKID(locker), DB_LOCK_NOWAIT,
+	rc = LOCK_GET(bdb->bi_dbenv, TXN_ID(txn), DB_LOCK_NOWAIT,
 					&lockobj, db_rw, lock);
 	return rc;
 }
@@ -89,8 +89,11 @@
 	/* store it -- don't override */
 	rc = db->put( db, txn, &key, &data, DB_NOOVERWRITE );
 	if( rc != 0 ) {
-		Debug( LDAP_DEBUG_ANY, "=> bdb_dn2id_add 0x%lx: put failed: %s %d\n",
-			e->e_id, db_strerror(rc), rc );
+		char buf[ SLAP_TEXT_BUFLEN ];
+		snprintf( buf, sizeof( buf ), "%s => bdb_dn2id_add dn=\"%s\" ID=0x%lx",
+			op->o_log_prefix, e->e_name.bv_val, e->e_id );
+		Debug( LDAP_DEBUG_ANY, "%s: put failed: %s %d\n",
+			buf, db_strerror(rc), rc );
 		goto done;
 	}
 
@@ -193,7 +196,7 @@
 	ptr.bv_val[ptr.bv_len] = '\0';
 
 	/* We hold this lock until the TXN completes */
-	rc = bdb_dn2id_lock( bdb, &e->e_nname, 1, TXN_ID( txn ), &lock );
+	rc = bdb_dn2id_lock( bdb, &e->e_nname, 1, txn, &lock );
 	if ( rc ) goto done;
 
 	/* delete it */
@@ -277,7 +280,7 @@
 	Operation *op,
 	struct berval	*dn,
 	EntryInfo *ei,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock )
 {
 	struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
@@ -301,16 +304,12 @@
 	data.ulen = sizeof(ID);
 	data.flags = DB_DBT_USERMEM;
 
-	rc = db->cursor( db, NULL, &cursor, bdb->bi_db_opflags );
+	rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
 	if ( rc ) goto func_leave;
 
-	rc = bdb_dn2id_lock( bdb, dn, 0, locker, lock );
+	rc = bdb_dn2id_lock( bdb, dn, 0, txn, lock );
 	if ( rc ) goto nolock;
 
-	if ( locker ) {
-		CURSOR_SETLOCKER(cursor, locker);
-	}
-
 	/* fetch it */
 	rc = cursor->c_get( cursor, &key, &data, DB_SET );
 
@@ -379,7 +378,7 @@
 int
 bdb_dn2idl(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	struct berval *ndn,
 	EntryInfo *ei,
 	ID *ids,
@@ -397,7 +396,8 @@
 
 #ifndef	BDB_MULTIPLE_SUFFIXES
 	if ( prefix == DN_SUBTREE_PREFIX
-		&& ( ei->bei_id == 0 || ei->bei_parent->bei_id == 0 )) {
+		&& ( ei->bei_id == 0 ||
+		( ei->bei_parent->bei_id == 0 && op->o_bd->be_suffix[0].bv_len ))) {
 		BDB_IDL_ALL(bdb, ids);
 		return 0;
 	}
@@ -412,7 +412,7 @@
 	AC_MEMCPY( &((char *)key.data)[1], ndn->bv_val, key.size - 1 );
 
 	BDB_IDL_ZERO( ids );
-	rc = bdb_idl_fetch_key( op->o_bd, db, locker, &key, ids, NULL, 0 );
+	rc = bdb_idl_fetch_key( op->o_bd, db, txn, &key, ids, NULL, 0 );
 
 	if( rc != 0 ) {
 		Debug( LDAP_DEBUG_TRACE,
@@ -617,14 +617,20 @@
 		tmp[1] = eip->bei_id;
 		*ptr = DN_ONE_PREFIX;
 		bdb_idl_cache_add_id( bdb, db, &key, e->e_id );
-		*ptr = DN_SUBTREE_PREFIX;
-		for (; eip && eip->bei_parent->bei_id; eip = eip->bei_parent) {
-			tmp[1] = eip->bei_id;
-			bdb_idl_cache_add_id( bdb, db, &key, e->e_id );
+		if ( eip->bei_parent ) {
+			*ptr = DN_SUBTREE_PREFIX;
+			for (; eip && eip->bei_parent->bei_id; eip = eip->bei_parent) {
+				tmp[1] = eip->bei_id;
+				bdb_idl_cache_add_id( bdb, db, &key, e->e_id );
+			}
+			/* Handle DB with empty suffix */
+			if ( !op->o_bd->be_suffix[0].bv_len && eip ) {
+				tmp[1] = eip->bei_id;
+				bdb_idl_cache_add_id( bdb, db, &key, e->e_id );
+			}
 		}
 	}
 
-func_leave:
 	op->o_tmpfree( d, op->o_tmpmemctx );
 	Debug( LDAP_DEBUG_TRACE, "<= hdb_dn2id_add 0x%lx: %d\n", e->e_id, rc, 0 );
 
@@ -677,7 +683,7 @@
 	if ( rc ) goto func_leave;
 
 	/* We hold this lock until the TXN completes */
-	rc = bdb_dn2id_lock( bdb, &e->e_nname, 1, TXN_ID( txn ), &lock );
+	rc = bdb_dn2id_lock( bdb, &e->e_nname, 1, txn, &lock );
 	if ( rc ) goto nolock;
 
 	/* Delete our ID from the parent's list */
@@ -715,10 +721,17 @@
 		tmp[1] = eip->bei_id;
 		*ptr = DN_ONE_PREFIX;
 		bdb_idl_cache_del_id( bdb, db, &key, e->e_id );
-		*ptr = DN_SUBTREE_PREFIX;
-		for (; eip && eip->bei_parent->bei_id; eip = eip->bei_parent) {
-			tmp[1] = eip->bei_id;
-			bdb_idl_cache_del_id( bdb, db, &key, e->e_id );
+		if ( eip ->bei_parent ) {
+			*ptr = DN_SUBTREE_PREFIX;
+			for (; eip && eip->bei_parent->bei_id; eip = eip->bei_parent) {
+				tmp[1] = eip->bei_id;
+				bdb_idl_cache_del_id( bdb, db, &key, e->e_id );
+			}
+			/* Handle DB with empty suffix */
+			if ( !op->o_bd->be_suffix[0].bv_len && eip ) {
+				tmp[1] = eip->bei_id;
+				bdb_idl_cache_del_id( bdb, db, &key, e->e_id );
+			}
 		}
 	}
 	Debug( LDAP_DEBUG_TRACE, "<= hdb_dn2id_delete 0x%lx: %d\n", e->e_id, rc, 0 );
@@ -731,7 +744,7 @@
 	Operation	*op,
 	struct berval	*in,
 	EntryInfo	*ei,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock )
 {
 	struct bdb_info *bdb = (struct bdb_info *) op->o_bd->be_private;
@@ -763,11 +776,8 @@
 	data.dlen = data.ulen;
 	data.flags = DB_DBT_USERMEM | DB_DBT_PARTIAL;
 
-	rc = db->cursor( db, NULL, &cursor, bdb->bi_db_opflags );
+	rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
 	if ( rc ) return rc;
-	if ( locker ) {
-		CURSOR_SETLOCKER( cursor, locker );
-	}
 
 	d = op->o_tmpalloc( data.size * 3, op->o_tmpmemctx );
 	d->nrdnlen[1] = nrlen & 0xff;
@@ -778,7 +788,7 @@
 	*ptr = '\0';
 	data.data = d;
 
-	rc = bdb_dn2id_lock( bdb, in, 0, locker, lock );
+	rc = bdb_dn2id_lock( bdb, in, 0, txn, lock );
 	if ( rc ) goto func_leave;
 
 	rc = cursor->c_get( cursor, &key, &data, DB_GET_BOTH_RANGE );
@@ -820,7 +830,7 @@
 int
 hdb_dn2id_parent(
 	Operation *op,
-	BDB_LOCKER	locker,
+	DB_TXN *txn,
 	EntryInfo *ei,
 	ID *idp )
 {
@@ -843,11 +853,8 @@
 	DBTzero(&data);
 	data.flags = DB_DBT_USERMEM;
 
-	rc = db->cursor( db, NULL, &cursor, bdb->bi_db_opflags );
+	rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
 	if ( rc ) return rc;
-	if ( locker ) {
-		CURSOR_SETLOCKER(cursor, locker);
-	}
 
 	data.ulen = sizeof(diskNode) + (SLAP_LDAPDN_MAXLEN * 2);
 	d = op->o_tmpalloc( data.ulen, op->o_tmpmemctx );
@@ -941,7 +948,7 @@
 struct dn2id_cookie {
 	struct bdb_info *bdb;
 	Operation *op;
-	BDB_LOCKER locker;
+	DB_TXN *txn;
 	EntryInfo *ei;
 	ID *ids;
 	ID *tmp;
@@ -1176,7 +1183,7 @@
 int
 hdb_dn2idl(
 	Operation	*op,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	struct berval *ndn,
 	EntryInfo	*ei,
 	ID *ids,
@@ -1191,7 +1198,7 @@
 #ifndef BDB_MULTIPLE_SUFFIXES
 	if ( op->ors_scope != LDAP_SCOPE_ONELEVEL && 
 		( ei->bei_id == 0 ||
-		ei->bei_parent->bei_id == 0 ))
+		( ei->bei_parent->bei_id == 0 && op->o_bd->be_suffix[0].bv_len )))
 	{
 		BDB_IDL_ALL( bdb, ids );
 		return 0;
@@ -1209,7 +1216,7 @@
 	cx.tmp = stack;
 	cx.buf = stack + BDB_IDL_UM_SIZE;
 	cx.op = op;
-	cx.locker = locker;
+	cx.txn = txn;
 	cx.need_sort = 0;
 	cx.depth = 0;
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/error.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* error.c - BDB errcall routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/error.c,v 1.18.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/error.c,v 1.18.2.4 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/extended.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* extended.c - bdb backend extended routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/extended.c,v 1.18.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/extended.c,v 1.18.2.4 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/filterindex.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* filterindex.c - generate the list of candidate entries from a filter */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/filterindex.c,v 1.64.2.5 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/filterindex.c,v 1.64.2.10 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27,39 +27,39 @@
 
 static int presence_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeDescription *desc,
 	ID *ids );
 
 static int equality_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	ID *ids,
 	ID *tmp );
 static int inequality_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	ID *ids,
 	ID *tmp,
 	int gtorlt );
 static int approx_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	ID *ids,
 	ID *tmp );
 static int substring_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	SubstringsAssertion *sub,
 	ID *ids,
 	ID *tmp );
 
 static int list_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	Filter *flist,
 	int ftype,
 	ID *ids,
@@ -69,7 +69,7 @@
 static int
 ext_candidates(
         Operation *op,
-		BDB_LOCKER locker,
+		DB_TXN *rtxn,
         MatchingRuleAssertion *mra,
         ID *ids,
         ID *tmp,
@@ -79,7 +79,7 @@
 static int
 comp_candidates (
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	MatchingRuleAssertion *mra,
 	ComponentFilter *f,
 	ID *ids,
@@ -89,7 +89,7 @@
 static int
 ava_comp_candidates (
 		Operation *op,
-		BDB_LOCKER locker,
+		DB_TXN *rtxn,
 		AttributeAssertion *ava,
 		AttributeAliasing *aa,
 		ID *ids,
@@ -100,7 +100,7 @@
 int
 bdb_filter_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	Filter	*f,
 	ID *ids,
 	ID *tmp,
@@ -139,30 +139,30 @@
 		break;
 	case LDAP_FILTER_PRESENT:
 		Debug( LDAP_DEBUG_FILTER, "\tPRESENT\n", 0, 0, 0 );
-		rc = presence_candidates( op, locker, f->f_desc, ids );
+		rc = presence_candidates( op, rtxn, f->f_desc, ids );
 		break;
 
 	case LDAP_FILTER_EQUALITY:
 		Debug( LDAP_DEBUG_FILTER, "\tEQUALITY\n", 0, 0, 0 );
 #ifdef LDAP_COMP_MATCH
 		if ( is_aliased_attribute && ( aa = is_aliased_attribute ( f->f_ava->aa_desc ) ) ) {
-			rc = ava_comp_candidates ( op, locker, f->f_ava, aa, ids, tmp, stack );
+			rc = ava_comp_candidates ( op, rtxn, f->f_ava, aa, ids, tmp, stack );
 		}
 		else
 #endif
 		{
-			rc = equality_candidates( op, locker, f->f_ava, ids, tmp );
+			rc = equality_candidates( op, rtxn, f->f_ava, ids, tmp );
 		}
 		break;
 
 	case LDAP_FILTER_APPROX:
 		Debug( LDAP_DEBUG_FILTER, "\tAPPROX\n", 0, 0, 0 );
-		rc = approx_candidates( op, locker, f->f_ava, ids, tmp );
+		rc = approx_candidates( op, rtxn, f->f_ava, ids, tmp );
 		break;
 
 	case LDAP_FILTER_SUBSTRINGS:
 		Debug( LDAP_DEBUG_FILTER, "\tSUBSTRINGS\n", 0, 0, 0 );
-		rc = substring_candidates( op, locker, f->f_sub, ids, tmp );
+		rc = substring_candidates( op, rtxn, f->f_sub, ids, tmp );
 		break;
 
 	case LDAP_FILTER_GE:
@@ -170,9 +170,9 @@
 		Debug( LDAP_DEBUG_FILTER, "\tGE\n", 0, 0, 0 );
 		if( f->f_ava->aa_desc->ad_type->sat_ordering &&
 			( f->f_ava->aa_desc->ad_type->sat_ordering->smr_usage & SLAP_MR_ORDERED_INDEX ) )
-			rc = inequality_candidates( op, locker, f->f_ava, ids, tmp, LDAP_FILTER_GE );
+			rc = inequality_candidates( op, rtxn, f->f_ava, ids, tmp, LDAP_FILTER_GE );
 		else
-			rc = presence_candidates( op, locker, f->f_ava->aa_desc, ids );
+			rc = presence_candidates( op, rtxn, f->f_ava->aa_desc, ids );
 		break;
 
 	case LDAP_FILTER_LE:
@@ -180,9 +180,9 @@
 		Debug( LDAP_DEBUG_FILTER, "\tLE\n", 0, 0, 0 );
 		if( f->f_ava->aa_desc->ad_type->sat_ordering &&
 			( f->f_ava->aa_desc->ad_type->sat_ordering->smr_usage & SLAP_MR_ORDERED_INDEX ) )
-			rc = inequality_candidates( op, locker, f->f_ava, ids, tmp, LDAP_FILTER_LE );
+			rc = inequality_candidates( op, rtxn, f->f_ava, ids, tmp, LDAP_FILTER_LE );
 		else
-			rc = presence_candidates( op, locker, f->f_ava->aa_desc, ids );
+			rc = presence_candidates( op, rtxn, f->f_ava->aa_desc, ids );
 		break;
 
 	case LDAP_FILTER_NOT:
@@ -195,18 +195,18 @@
 
 	case LDAP_FILTER_AND:
 		Debug( LDAP_DEBUG_FILTER, "\tAND\n", 0, 0, 0 );
-		rc = list_candidates( op, locker, 
+		rc = list_candidates( op, rtxn, 
 			f->f_and, LDAP_FILTER_AND, ids, tmp, stack );
 		break;
 
 	case LDAP_FILTER_OR:
 		Debug( LDAP_DEBUG_FILTER, "\tOR\n", 0, 0, 0 );
-		rc = list_candidates( op, locker,
+		rc = list_candidates( op, rtxn,
 			f->f_or, LDAP_FILTER_OR, ids, tmp, stack );
 		break;
 	case LDAP_FILTER_EXT:
                 Debug( LDAP_DEBUG_FILTER, "\tEXT\n", 0, 0, 0 );
-                rc = ext_candidates( op, locker, f->f_mra, ids, tmp, stack );
+                rc = ext_candidates( op, rtxn, f->f_mra, ids, tmp, stack );
                 break;
 	default:
 		Debug( LDAP_DEBUG_FILTER, "\tUNKNOWN %lu\n",
@@ -231,7 +231,7 @@
 static int
 comp_list_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	MatchingRuleAssertion* mra,
 	ComponentFilter	*flist,
 	int	ftype,
@@ -250,7 +250,7 @@
 			continue;
 		}
 		BDB_IDL_ZERO( save );
-		rc = comp_candidates( op, locker, mra, f, save, tmp, save+BDB_IDL_UM_SIZE );
+		rc = comp_candidates( op, rtxn, mra, f, save, tmp, save+BDB_IDL_UM_SIZE );
 
 		if ( rc != 0 ) {
 			if ( ftype == LDAP_COMP_FILTER_AND ) {
@@ -296,7 +296,7 @@
 static int
 comp_equality_candidates (
         Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
         MatchingRuleAssertion *mra,
 	ComponentAssertion *ca,
         ID *ids,
@@ -370,7 +370,7 @@
                 return 0;
         }
         for ( i= 0; keys[i].bv_val != NULL; i++ ) {
-                rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
+                rc = bdb_key_read( op->o_bd, db, rtxn, &keys[i], tmp, NULL, 0 );
 
                 if( rc == DB_NOTFOUND ) {
                         BDB_IDL_ZERO( ids );
@@ -407,7 +407,7 @@
 static int
 ava_comp_candidates (
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	AttributeAliasing *aa,
 	ID *ids,
@@ -425,13 +425,13 @@
 	mra.ma_desc = aa->aa_aliased_ad;
 	mra.ma_rule = ava->aa_desc->ad_type->sat_equality;
 	
-	return comp_candidates ( op, locker, &mra, ava->aa_cf, ids, tmp, stack );
+	return comp_candidates ( op, rtxn, &mra, ava->aa_cf, ids, tmp, stack );
 }
 
 static int
 comp_candidates (
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	MatchingRuleAssertion *mra,
 	ComponentFilter *f,
 	ID *ids,
@@ -448,10 +448,10 @@
 		rc = f->cf_result;
 		break;
 	case LDAP_COMP_FILTER_AND:
-		rc = comp_list_candidates( op, locker, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack );
+		rc = comp_list_candidates( op, rtxn, mra, f->cf_and, LDAP_COMP_FILTER_AND, ids, tmp, stack );
 		break;
 	case LDAP_COMP_FILTER_OR:
-		rc = comp_list_candidates( op, locker, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack );
+		rc = comp_list_candidates( op, rtxn, mra, f->cf_or, LDAP_COMP_FILTER_OR, ids, tmp, stack );
 		break;
 	case LDAP_COMP_FILTER_NOT:
 		/* No component indexing supported for NOT filter */
@@ -463,7 +463,7 @@
 		rc = LDAP_PROTOCOL_ERROR;
 		break;
 	case LDAP_COMP_FILTER_ITEM:
-		rc = comp_equality_candidates( op, locker, mra, f->cf_ca, ids, tmp, stack );
+		rc = comp_equality_candidates( op, rtxn, mra, f->cf_ca, ids, tmp, stack );
 		break;
 	default:
 		{
@@ -480,7 +480,7 @@
 static int
 ext_candidates(
         Operation *op,
-		BDB_LOCKER locker,
+		DB_TXN *rtxn,
         MatchingRuleAssertion *mra,
         ID *ids,
         ID *tmp,
@@ -494,7 +494,7 @@
 	 * Indexing for an extensible filter is not supported yet
 	 */
 	if ( mra->ma_cf ) {
-		return comp_candidates ( op, locker, mra, mra->ma_cf, ids, tmp, stack);
+		return comp_candidates ( op, rtxn, mra, mra->ma_cf, ids, tmp, stack);
 	}
 #endif
 	if ( mra->ma_desc == slap_schema.si_ad_entryDN ) {
@@ -504,7 +504,7 @@
 		BDB_IDL_ZERO( ids );
 		if ( mra->ma_rule == slap_schema.si_mr_distinguishedNameMatch ) {
 			ei = NULL;
-			rc = bdb_cache_find_ndn( op, locker, &mra->ma_value, &ei );
+			rc = bdb_cache_find_ndn( op, rtxn, &mra->ma_value, &ei );
 			if ( rc == LDAP_SUCCESS )
 				bdb_idl_insert( ids, ei->bei_id );
 			if ( ei )
@@ -518,7 +518,7 @@
 				struct berval pdn;
 				ei = NULL;
 				dnParent( &mra->ma_value, &pdn );
-				bdb_cache_find_ndn( op, locker, &pdn, &ei );
+				bdb_cache_find_ndn( op, rtxn, &pdn, &ei );
 				if ( ei ) {
 					bdb_cache_entryinfo_unlock( ei );
 					while ( ei && ei->bei_id ) {
@@ -538,13 +538,13 @@
 				scope = LDAP_SCOPE_BASE;
 			if ( scope > LDAP_SCOPE_BASE ) {
 				ei = NULL;
-				rc = bdb_cache_find_ndn( op, locker, &mra->ma_value, &ei );
+				rc = bdb_cache_find_ndn( op, rtxn, &mra->ma_value, &ei );
 				if ( ei )
 					bdb_cache_entryinfo_unlock( ei );
 				if ( rc == LDAP_SUCCESS ) {
 					int sc = op->ors_scope;
 					op->ors_scope = scope;
-					rc = bdb_dn2idl( op, locker, &mra->ma_value, ei, ids,
+					rc = bdb_dn2idl( op, rtxn, &mra->ma_value, ei, ids,
 						stack );
 					op->ors_scope = sc;
 				}
@@ -560,7 +560,7 @@
 static int
 list_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	Filter	*flist,
 	int		ftype,
 	ID *ids,
@@ -578,10 +578,13 @@
 			continue;
 		}
 		BDB_IDL_ZERO( save );
-		rc = bdb_filter_candidates( op, locker, f, save, tmp,
+		rc = bdb_filter_candidates( op, rtxn, f, save, tmp,
 			save+BDB_IDL_UM_SIZE );
 
 		if ( rc != 0 ) {
+			if ( rc == DB_LOCK_DEADLOCK )
+				return rc;
+
 			if ( ftype == LDAP_FILTER_AND ) {
 				rc = 0;
 				continue;
@@ -626,7 +629,7 @@
 static int
 presence_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeDescription *desc,
 	ID *ids )
 {
@@ -671,7 +674,7 @@
 		return -1;
 	}
 
-	rc = bdb_key_read( op->o_bd, db, locker, &prefix, ids, NULL, 0 );
+	rc = bdb_key_read( op->o_bd, db, rtxn, &prefix, ids, NULL, 0 );
 
 	if( rc == DB_NOTFOUND ) {
 		BDB_IDL_ZERO( ids );
@@ -697,7 +700,7 @@
 static int
 equality_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	ID *ids,
 	ID *tmp )
@@ -714,6 +717,20 @@
 	Debug( LDAP_DEBUG_TRACE, "=> bdb_equality_candidates (%s)\n",
 			ava->aa_desc->ad_cname.bv_val, 0, 0 );
 
+	if ( ava->aa_desc == slap_schema.si_ad_entryDN ) {
+		EntryInfo *ei = NULL;
+		rc = bdb_cache_find_ndn( op, rtxn, &ava->aa_value, &ei );
+		if ( rc == LDAP_SUCCESS ) {
+			/* exactly one ID can match */
+			ids[0] = 1;
+			ids[1] = ei->bei_id;
+		}
+		if ( ei ) {
+			bdb_cache_entryinfo_unlock( ei );
+		}
+		return rc;
+	}
+
 	BDB_IDL_ALL( bdb, ids );
 
 	rc = bdb_index_param( op->o_bd, ava->aa_desc, LDAP_FILTER_EQUALITY,
@@ -768,7 +785,7 @@
 	}
 
 	for ( i= 0; keys[i].bv_val != NULL; i++ ) {
-		rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
+		rc = bdb_key_read( op->o_bd, db, rtxn, &keys[i], tmp, NULL, 0 );
 
 		if( rc == DB_NOTFOUND ) {
 			BDB_IDL_ZERO( ids );
@@ -814,7 +831,7 @@
 static int
 approx_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	ID *ids,
 	ID *tmp )
@@ -890,7 +907,7 @@
 	}
 
 	for ( i= 0; keys[i].bv_val != NULL; i++ ) {
-		rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
+		rc = bdb_key_read( op->o_bd, db, rtxn, &keys[i], tmp, NULL, 0 );
 
 		if( rc == DB_NOTFOUND ) {
 			BDB_IDL_ZERO( ids );
@@ -934,7 +951,7 @@
 static int
 substring_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	SubstringsAssertion	*sub,
 	ID *ids,
 	ID *tmp )
@@ -1006,7 +1023,7 @@
 	}
 
 	for ( i= 0; keys[i].bv_val != NULL; i++ ) {
-		rc = bdb_key_read( op->o_bd, db, locker, &keys[i], tmp, NULL, 0 );
+		rc = bdb_key_read( op->o_bd, db, rtxn, &keys[i], tmp, NULL, 0 );
 
 		if( rc == DB_NOTFOUND ) {
 			BDB_IDL_ZERO( ids );
@@ -1050,7 +1067,7 @@
 static int
 inequality_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *rtxn,
 	AttributeAssertion *ava,
 	ID *ids,
 	ID *tmp,
@@ -1123,7 +1140,7 @@
 
 	BDB_IDL_ZERO( ids );
 	while(1) {
-		rc = bdb_key_read( op->o_bd, db, locker, &keys[0], tmp, &cursor, gtorlt );
+		rc = bdb_key_read( op->o_bd, db, rtxn, &keys[0], tmp, &cursor, gtorlt );
 
 		if( rc == DB_NOTFOUND ) {
 			rc = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/id2entry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* id2entry.c - routines to deal with the id2entry database */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/id2entry.c,v 1.72.2.6 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/id2entry.c,v 1.72.2.13 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -93,7 +93,6 @@
 int bdb_id2entry(
 	BackendDB *be,
 	DB_TXN *tid,
-	BDB_LOCKER locker,
 	ID id,
 	Entry **e )
 {
@@ -120,11 +119,6 @@
 	rc = db->cursor( db, tid, &cursor, bdb->bi_db_opflags );
 	if ( rc ) return rc;
 
-	/* Use our own locker if needed */
-	if ( !tid && locker ) {
-		CURSOR_SETLOCKER( cursor, locker );
-	}
-
 	/* Get the nattrs / nvals counts first */
 	data.ulen = data.dlen = sizeof(buf);
 	data.data = buf;
@@ -273,13 +267,18 @@
 				if ( bli->bli_id == e->e_id ) {
 					bdb_cache_return_entry_rw( bdb, e, rw, &bli->bli_lock );
 					prev->bli_next = bli->bli_next;
-					op->o_tmpfree( bli, op->o_tmpmemctx );
+					/* Cleanup, or let caller know we unlocked */
+					if ( bli->bli_flag & BLI_DONTFREE )
+						bli->bli_flag = 0;
+					else
+						op->o_tmpfree( bli, op->o_tmpmemctx );
 					break;
 				}
 			}
 			if ( !boi->boi_locks ) {
 				LDAP_SLIST_REMOVE( &op->o_extra, &boi->boi_oe, OpExtra, oe_next );
-				op->o_tmpfree( boi, op->o_tmpmemctx );
+				if ( !(boi->boi_flag & BOI_DONTFREE))
+					op->o_tmpfree( boi, op->o_tmpmemctx );
 			}
 		}
 	} else {
@@ -322,9 +321,7 @@
 	int	rc;
 	const char *at_name = at ? at->ad_cname.bv_val : "(null)";
 
-	BDB_LOCKER	locker = 0;
 	DB_LOCK		lock;
-	int		free_lock_id = 0;
 
 	Debug( LDAP_DEBUG_ARGS,
 		"=> bdb_entry_get: ndn: \"%s\"\n", ndn->bv_val, 0, 0 ); 
@@ -342,11 +339,8 @@
 			txn = boi->boi_txn;
 	}
 
-	if ( txn != NULL ) {
-		locker = TXN_ID ( txn );
-	} else {
-		rc = LOCK_ID ( bdb->bi_dbenv, &locker );
-		free_lock_id = 1;
+	if ( !txn ) {
+		rc = bdb_reader_get( op, bdb->bi_dbenv, &txn );
 		switch(rc) {
 		case 0:
 			break;
@@ -357,7 +351,7 @@
 
 dn2entry_retry:
 	/* can we find entry */
-	rc = bdb_dn2entry( op, txn, ndn, &ei, 0, locker, &lock );
+	rc = bdb_dn2entry( op, txn, ndn, &ei, 0, &lock );
 	switch( rc ) {
 	case DB_NOTFOUND:
 	case 0:
@@ -366,16 +360,13 @@
 	case DB_LOCK_NOTGRANTED:
 		/* the txn must abort and retry */
 		if ( txn ) {
-			boi->boi_err = rc;
+			if ( boi ) boi->boi_err = rc;
 			return LDAP_BUSY;
 		}
 		ldap_pvt_thread_yield();
 		goto dn2entry_retry;
 	default:
 		if ( boi ) boi->boi_err = rc;
-		if ( free_lock_id ) {
-			LOCK_ID_FREE( bdb->bi_dbenv, locker );
-		}
 		return (rc != LDAP_BUSY) ? LDAP_OTHER : LDAP_BUSY;
 	}
 	if (ei) e = ei->bei_e;
@@ -383,9 +374,6 @@
 		Debug( LDAP_DEBUG_ACL,
 			"=> bdb_entry_get: cannot find entry: \"%s\"\n",
 				ndn->bv_val, 0, 0 ); 
-		if ( free_lock_id ) {
-			LOCK_ID_FREE( bdb->bi_dbenv, locker );
-		}
 		return LDAP_NO_SUCH_OBJECT; 
 	}
 	
@@ -401,6 +389,15 @@
 		goto return_results;
 	}
 
+	/* NOTE: attr_find() or attrs_find()? */
+	if ( at && attr_find( e->e_attrs, at ) == NULL ) {
+		Debug( LDAP_DEBUG_ACL,
+			"<= bdb_entry_get: failed to find attribute %s\n",
+			at->ad_cname.bv_val, 0, 0 ); 
+		rc = LDAP_NO_SUCH_ATTRIBUTE;
+		goto return_results;
+	}
+
 return_results:
 	if( rc != LDAP_SUCCESS ) {
 		/* free entry */
@@ -425,6 +422,7 @@
 						op->o_tmpmemctx );
 					bli->bli_next = boi->boi_locks;
 					bli->bli_id = e->e_id;
+					bli->bli_flag = 0;
 					bli->bli_lock = lock;
 					boi->boi_locks = bli;
 				}
@@ -435,10 +433,6 @@
 		}
 	}
 
-	if ( free_lock_id ) {
-		LOCK_ID_FREE( bdb->bi_dbenv, locker );
-	}
-
 	Debug( LDAP_DEBUG_TRACE,
 		"bdb_entry_get: rc=%d\n",
 		rc, 0, 0 ); 

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* idl.c - ldap id list handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.c,v 1.124.2.7 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.c,v 1.124.2.9 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -502,7 +502,7 @@
 bdb_idl_fetch_key(
 	BackendDB	*be,
 	DB			*db,
-	BDB_LOCKER locker,
+	DB_TXN		*txn,
 	DBT			*key,
 	ID			*ids,
 	DBC                     **saved_cursor,
@@ -575,13 +575,12 @@
 
 	/* If we're not reusing an existing cursor, get a new one */
 	if( opflag != DB_NEXT ) {
-		rc = db->cursor( db, NULL, &cursor, bdb->bi_db_opflags );
+		rc = db->cursor( db, txn, &cursor, bdb->bi_db_opflags );
 		if( rc != 0 ) {
 			Debug( LDAP_DEBUG_ANY, "=> bdb_idl_fetch_key: "
 				"cursor failed: %s (%d)\n", db_strerror(rc), rc, 0 );
 			return rc;
 		}
-		CURSOR_SETLOCKER( cursor, locker );
 	} else {
 		cursor = *saved_cursor;
 	}

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/idl.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* idl.h - ldap bdb back-end ID list header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.h,v 1.19.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/idl.h,v 1.19.2.4 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/index.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* index.c - routines for dealing with attribute indexes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/index.c,v 1.61.2.7 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/index.c,v 1.61.2.8 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize bdb backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.247.2.11 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/init.c,v 1.247.2.17 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -61,7 +61,7 @@
 
 	/* DBEnv parameters */
 	bdb->bi_dbenv_home = ch_strdup( SLAPD_DEFAULT_DB_DIR );
-	bdb->bi_dbenv_xflags = 0;
+	bdb->bi_dbenv_xflags = DB_TIME_NOTGRANTED;
 	bdb->bi_dbenv_mode = SLAPD_DEFAULT_DB_MODE;
 
 	bdb->bi_cache.c_maxsize = DEFAULT_CACHE_SIZE;
@@ -168,6 +168,8 @@
 			be->be_suffix[0].bv_val, 0, 0 );
 		return -1;
 	}
+	if ( rc == ALOCK_CLEAN )
+		be->be_flags |= SLAP_DBFLAG_CLEAN;
 
 	/*
 	 * The DB_CONFIG file may have changed. If so, recover the
@@ -416,19 +418,40 @@
 			}
 		}
 
+		if( bdb->bi_flags & BDB_CHKSUM ) {
+			rc = db->bdi_db->set_flags( db->bdi_db, DB_CHKSUM );
+			if ( rc ) {
+				snprintf(cr->msg, sizeof(cr->msg),
+					"database \"%s\": db set_flags(DB_CHKSUM)(%s) failed: %s (%d).",
+					be->be_suffix[0].bv_val, 
+					bdb->bi_dbenv_home, db_strerror(rc), rc );
+				Debug( LDAP_DEBUG_ANY,
+					LDAP_XSTRING(bdb_db_open) ": %s\n",
+					cr->msg, 0, 0 );
+				goto fail;
+			}
+		}
+
+		rc = bdb_db_findsize( bdb, (struct berval *)&bdbi_databases[i].name );
+
 		if( i == BDB_ID2ENTRY ) {
+			if ( !rc ) rc = BDB_ID2ENTRY_PAGESIZE;
+			rc = db->bdi_db->set_pagesize( db->bdi_db, rc );
+
 			if ( slapMode & SLAP_TOOL_MODE )
 				db->bdi_db->mpf->set_priority( db->bdi_db->mpf,
 					DB_PRIORITY_VERY_LOW );
 
-			rc = db->bdi_db->set_pagesize( db->bdi_db,
-				BDB_ID2ENTRY_PAGESIZE );
 			if ( slapMode & SLAP_TOOL_READMAIN ) {
 				flags |= DB_RDONLY;
 			} else {
 				flags |= DB_CREATE;
 			}
 		} else {
+			/* Use FS default size if not configured */
+			if ( rc )
+				rc = db->bdi_db->set_pagesize( db->bdi_db, rc );
+
 			rc = db->bdi_db->set_flags( db->bdi_db, 
 				DB_DUP | DB_DUPSORT );
 #ifndef BDB_HIER
@@ -446,8 +469,6 @@
 				flags |= DB_CREATE;
 			}
 #endif
-			rc = db->bdi_db->set_pagesize( db->bdi_db,
-				BDB_PAGESIZE );
 		}
 
 #ifdef HAVE_EBCDIC
@@ -503,13 +524,7 @@
 	}
 
 	if ( !quick ) {
-#if DB_VERSION_FULL >= 0x04060012
-		u_int32_t lid;
-		XLOCK_ID(bdb->bi_dbenv, &lid);
-		__lock_getlocker(bdb->bi_dbenv->lk_handle, lid, 0, &bdb->bi_cache.c_locker);
-#else
-		XLOCK_ID(bdb->bi_dbenv, &bdb->bi_cache.c_locker);
-#endif
+		TXN_BEGIN(bdb->bi_dbenv, NULL, &bdb->bi_cache.c_txn, DB_READ_COMMITTED | DB_TXN_NOWAIT);
 	}
 
 	entry_prealloc( bdb->bi_cache.c_maxsize );
@@ -517,7 +532,7 @@
 
 	/* setup for empty-DN contexts */
 	if ( BER_BVISEMPTY( &be->be_nsuffix[0] )) {
-		rc = bdb_id2entry( be, NULL, 0, 0, &e );
+		rc = bdb_id2entry( be, NULL, 0, &e );
 	}
 	if ( !e ) {
 		e = entry_alloc();
@@ -569,6 +584,17 @@
 	ber_bvarray_free( bdb->bi_db_config );
 	bdb->bi_db_config = NULL;
 
+	if( bdb->bi_dbenv ) {
+		/* Free cache locker if we enabled locking.
+		 * TXNs must all be closed before DBs...
+		 */
+		if ( !( slapMode & SLAP_TOOL_QUICK ) && bdb->bi_cache.c_txn ) {
+			TXN_ABORT( bdb->bi_cache.c_txn );
+			bdb->bi_cache.c_txn = NULL;
+		}
+		bdb_reader_flush( bdb->bi_dbenv );
+	}
+
 	while( bdb->bi_databases && bdb->bi_ndatabases-- ) {
 		db = bdb->bi_databases[bdb->bi_ndatabases];
 		rc = db->bdi_db->close( db->bdi_db, 0 );
@@ -599,18 +625,6 @@
 
 	/* close db environment */
 	if( bdb->bi_dbenv ) {
-		/* Free cache locker if we enabled locking */
-		if ( !( slapMode & SLAP_TOOL_QUICK ) && bdb->bi_cache.c_locker ) {
-#if DB_VERSION_FULL >= 0x04060012
-			XLOCK_ID_FREE(bdb->bi_dbenv, bdb->bi_cache.c_locker->id);
-#else
-			XLOCK_ID_FREE(bdb->bi_dbenv, bdb->bi_cache.c_locker);
-#endif
-			bdb->bi_cache.c_locker = 0;
-		}
-#ifdef BDB_REUSE_LOCKERS
-		bdb_locker_flush( bdb->bi_dbenv );
-#endif
 		/* force a checkpoint, but not if we were ReadOnly,
 		 * and not in Quick mode since there are no transactions there.
 		 */
@@ -651,6 +665,17 @@
 {
 	struct bdb_info *bdb = (struct bdb_info *) be->be_private;
 
+	/* stop and remove checkpoint task */
+	if ( bdb->bi_txn_cp_task ) {
+		struct re_s *re = bdb->bi_txn_cp_task;
+		bdb->bi_txn_cp_task = NULL;
+		ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+		if ( ldap_pvt_runqueue_isrunning( &slapd_rq, re ) )
+			ldap_pvt_runqueue_stoptask( &slapd_rq, re );
+		ldap_pvt_runqueue_remove( &slapd_rq, re );
+		ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+	}
+
 	/* monitor handling */
 	(void)bdb_monitor_db_destroy( be );
 
@@ -745,9 +770,10 @@
 	db_env_set_func_free( ber_memfree );
 	db_env_set_func_malloc( (db_malloc *)ber_memalloc );
 	db_env_set_func_realloc( (db_realloc *)ber_memrealloc );
-#ifndef NO_THREAD
+#if !defined(NO_THREAD) && DB_VERSION_FULL <= 0x04070000
 	/* This is a no-op on a NO_THREAD build. Leave the default
 	 * alone so that BDB will sleep on interprocess conflicts.
+	 * Don't bother on BDB 4.7...
 	 */
 	db_env_set_func_yield( ldap_pvt_thread_yield );
 #endif

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/key.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* index.c - routines for dealing with attribute indexes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/key.c,v 1.20.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/key.c,v 1.20.2.5 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,7 +30,7 @@
 bdb_key_read(
 	Backend	*be,
 	DB *db,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	struct berval *k,
 	ID *ids,
 	DBC **saved_cursor,
@@ -47,7 +47,7 @@
 	key.ulen = key.size;
 	key.flags = DB_DBT_USERMEM;
 
-	rc = bdb_idl_fetch_key( be, db, locker, &key, ids, saved_cursor, get_flag );
+	rc = bdb_idl_fetch_key( be, db, txn, &key, ids, saved_cursor, get_flag );
 
 	if( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE, "<= bdb_index_read: failed (%d)\n",

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modify.c - bdb backend modify routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.156.2.11 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modify.c,v 1.156.2.16 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27,6 +27,44 @@
 	BER_BVNULL
 };
 
+static void
+bdb_modify_idxflags(
+	Operation *op,
+	AttributeDescription *desc,
+	int got_delete,
+	Attribute *newattrs,
+	Attribute *oldattrs )
+{
+	struct berval	ix_at;
+	AttrInfo	*ai;
+
+	/* check if modified attribute was indexed
+	 * but not in case of NOOP... */
+	ai = bdb_index_mask( op->o_bd, desc, &ix_at );
+	if ( ai ) {
+		if ( got_delete ) {
+			Attribute 	*ap;
+			struct berval	ix2;
+
+			ap = attr_find( oldattrs, desc );
+			if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
+
+			/* Find all other attrs that index to same slot */
+			for ( ap = newattrs; ap; ap = ap->a_next ) {
+				ai = bdb_index_mask( op->o_bd, ap->a_desc, &ix2 );
+				if ( ai && ix2.bv_val == ix_at.bv_val )
+					ap->a_flags |= SLAP_ATTR_IXADD;
+			}
+
+		} else {
+			Attribute 	*ap;
+
+			ap = attr_find( newattrs, desc );
+			if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
+		}
+	}
+}
+
 int bdb_modify_internal(
 	Operation *op,
 	DB_TXN *tid,
@@ -43,7 +81,6 @@
 	Attribute 	*ap;
 	int			glue_attr_delete = 0;
 	int			got_delete;
-	AttrInfo *ai;
 
 	Debug( LDAP_DEBUG_TRACE, "bdb_modify_internal: 0x%08lx: %s\n",
 		e->e_id, e->e_dn, 0);
@@ -89,7 +126,6 @@
 	}
 
 	for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
-		struct berval ix_at;
 		mod = &ml->sml_mod;
 		got_delete = 0;
 
@@ -202,31 +238,17 @@
 
 		if ( glue_attr_delete ) e->e_ocflags = 0;
 
+
 		/* check if modified attribute was indexed
 		 * but not in case of NOOP... */
-		ai = bdb_index_mask( op->o_bd, mod->sm_desc, &ix_at );
-		if ( ai && !op->o_noop ) {
-			if ( got_delete ) {
-				struct berval ix2;
-
-				ap = attr_find( save_attrs, mod->sm_desc );
-				if ( ap ) ap->a_flags |= SLAP_ATTR_IXDEL;
-
-				/* Find all other attrs that index to same slot */
-				for ( ap = e->e_attrs; ap; ap=ap->a_next ) {
-					ai = bdb_index_mask( op->o_bd, ap->a_desc, &ix2 );
-					if ( ai && ix2.bv_val == ix_at.bv_val )
-						ap->a_flags |= SLAP_ATTR_IXADD;
-				}
-			} else {
-				ap = attr_find( e->e_attrs, mod->sm_desc );
-				if ( ap ) ap->a_flags |= SLAP_ATTR_IXADD;
-			}
+		if ( !op->o_noop ) {
+			bdb_modify_idxflags( op, mod->sm_desc, got_delete, e->e_attrs, save_attrs );
 		}
 	}
 
 	/* check that the entry still obeys the schema */
-	rc = entry_schema_check( op, e, save_attrs, get_relax(op), 0,
+	ap = NULL;
+	rc = entry_schema_check( op, e, save_attrs, get_relax(op), 0, &ap,
 		text, textbuf, textlen );
 	if ( rc != LDAP_SUCCESS || op->o_noop ) {
 		attrs_free( e->e_attrs );
@@ -246,6 +268,15 @@
 		return rc;
 	}
 
+	/* structuralObjectClass modified! */
+	if ( ap ) {
+		assert( ap->a_desc == slap_schema.si_ad_structuralObjectClass );
+		if ( !op->o_noop ) {
+			bdb_modify_idxflags( op, slap_schema.si_ad_structuralObjectClass,
+				1, e->e_attrs, save_attrs );
+		}
+	}
+
 	/* update the indices of the modified attributes */
 
 	/* start with deleting the old index entries */
@@ -287,11 +318,11 @@
 				rc = bdb_index_values( op, tid, ap->a_desc,
 					vals, e->e_id, SLAP_INDEX_DELETE_OP );
 				if ( rc != LDAP_SUCCESS ) {
+					Debug( LDAP_DEBUG_ANY,
+						"%s: attribute \"%s\" index delete failure\n",
+						op->o_log_prefix, ap->a_desc->ad_cname.bv_val, 0 );
 					attrs_free( e->e_attrs );
 					e->e_attrs = save_attrs;
-					Debug( LDAP_DEBUG_ANY,
-						   "Attribute index delete failure",
-						   0, 0, 0 );
 					return rc;
 				}
 			}
@@ -306,11 +337,11 @@
 				ap->a_nvals,
 				e->e_id, SLAP_INDEX_ADD_OP );
 			if ( rc != LDAP_SUCCESS ) {
+				Debug( LDAP_DEBUG_ANY,
+				       "%s: attribute \"%s\" index add failure\n",
+					op->o_log_prefix, ap->a_desc->ad_cname.bv_val, 0 );
 				attrs_free( e->e_attrs );
 				e->e_attrs = save_attrs;
-				Debug( LDAP_DEBUG_ANY,
-				       "Attribute index add failure",
-				       0, 0, 0 );
 				return rc;
 			}
 		}
@@ -330,11 +361,10 @@
 	char textbuf[SLAP_TEXT_BUFLEN];
 	size_t textlen = sizeof textbuf;
 	DB_TXN	*ltid = NULL, *lt2;
-	struct bdb_op_info opinfo = {0};
+	struct bdb_op_info opinfo = {{{ 0 }}};
 	Entry		dummy = {0};
 	int			fakeroot = 0;
 
-	BDB_LOCKER	locker = 0;
 	DB_LOCK		lock;
 
 	int		num_retries = 0;
@@ -438,8 +468,6 @@
 		goto return_results;
 	}
 
-	locker = TXN_ID ( ltid );
-
 	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
@@ -448,7 +476,7 @@
 
 	/* get entry or ancestor */
 	rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
-		locker, &lock );
+		&lock );
 
 	if ( rs->sr_err != 0 ) {
 		Debug( LDAP_DEBUG_TRACE,
@@ -655,7 +683,7 @@
 			attrs_free( dummy.e_attrs );
 
 		} else {
-			rc = bdb_cache_modify( bdb, e, dummy.e_attrs, locker, &lock );
+			rc = bdb_cache_modify( bdb, e, dummy.e_attrs, ltid, &lock );
 			switch( rc ) {
 			case DB_LOCK_DEADLOCK:
 			case DB_LOCK_NOTGRANTED:

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modrdn.c - bdb backend modrdn routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modrdn.c,v 1.185.2.11 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/modrdn.c,v 1.185.2.14 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36,7 +36,7 @@
 	char textbuf[SLAP_TEXT_BUFLEN];
 	size_t textlen = sizeof textbuf;
 	DB_TXN		*ltid = NULL, *lt2;
-	struct bdb_op_info opinfo = {0};
+	struct bdb_op_info opinfo = {{{ 0 }}};
 	Entry dummy = {0};
 
 	Entry		*np = NULL;			/* newSuperior Entry */
@@ -46,7 +46,6 @@
 
 	int		manageDSAit = get_manageDSAit( op );
 
-	BDB_LOCKER	locker = 0;
 	DB_LOCK		lock, plock, nplock;
 
 	int		num_retries = 0;
@@ -164,8 +163,6 @@
 		goto return_results;
 	}
 
-	locker = TXN_ID ( ltid );
-
 	opinfo.boi_oe.oe_key = bdb;
 	opinfo.boi_txn = ltid;
 	opinfo.boi_err = 0;
@@ -174,7 +171,7 @@
 
 	/* get entry */
 	rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei, 1,
-		locker, &lock );
+		&lock );
 
 	switch( rs->sr_err ) {
 	case 0:
@@ -309,7 +306,7 @@
 		 * children.
 		 */
 		rs->sr_err = bdb_cache_find_id( op, ltid,
-			eip->bei_id, &eip, 0, locker, &plock );
+			eip->bei_id, &eip, 0, &plock );
 
 		switch( rs->sr_err ) {
 		case 0:
@@ -418,7 +415,7 @@
 			/* Get Entry with dn=newSuperior. Does newSuperior exist? */
 
 			rs->sr_err = bdb_dn2entry( op, ltid, np_ndn,
-				&neip, 0, locker, &nplock );
+				&neip, 0, &nplock );
 
 			switch( rs->sr_err ) {
 			case 0: np = neip->bei_e;
@@ -551,7 +548,7 @@
 
 	/* Shortcut the search */
 	nei = neip ? neip : eip;
-	rs->sr_err = bdb_cache_find_ndn ( op, locker, &new_ndn, &nei );
+	rs->sr_err = bdb_cache_find_ndn ( op, ltid, &new_ndn, &nei );
 	if ( nei ) bdb_cache_entryinfo_unlock( nei );
 	switch( rs->sr_err ) {
 	case DB_LOCK_DEADLOCK:
@@ -747,7 +744,7 @@
 
 	} else {
 		rc = bdb_cache_modrdn( bdb, e, &op->orr_nnewrdn, &dummy, neip,
-			locker, &lock );
+			ltid, &lock );
 		switch( rc ) {
 		case DB_LOCK_DEADLOCK:
 		case DB_LOCK_NOTGRANTED:

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/monitor.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/monitor.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/monitor.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* monitor.c - monitor bdb backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/monitor.c,v 1.19.2.9 2008/05/26 18:57:01 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/monitor.c,v 1.19.2.11 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -551,9 +551,9 @@
 {
 	int	key;
 
-	for ( key = 0; key < 8*sizeof(slap_mask_t) && !( bitmask & 0x1U ); key++ ) {
+	for ( key = 0; key < 8 * (int)sizeof(slap_mask_t) && !( bitmask & 0x1U );
+			key++ )
 		bitmask >>= 1;
-	}
 
 	return key;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/nextid.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize bdb backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/nextid.c,v 1.26.2.4 2008/02/12 00:34:58 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/nextid.c,v 1.26.2.5 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/operational.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* operational.c - bdb backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.29.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/operational.c,v 1.29.2.4 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/proto-bdb.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.137.2.9 2008/02/12 00:34:58 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/proto-bdb.h,v 1.137.2.14 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45,11 +45,11 @@
 void bdb_attr_flush( struct bdb_info *bdb );
 
 int bdb_attr_slot( struct bdb_info *bdb,
-	AttributeDescription *desc, unsigned *insert );
+	AttributeDescription *desc, int *insert );
 
 int bdb_attr_index_config LDAP_P(( struct bdb_info *bdb,
 	const char *fname, int lineno,
-	int argc, char **argv ));
+	int argc, char **argv, struct config_reply_s *cr ));
 
 void bdb_attr_index_unparse LDAP_P(( struct bdb_info *bdb, BerVarray *bva ));
 void bdb_attr_index_destroy LDAP_P(( struct bdb_info *bdb ));
@@ -70,6 +70,7 @@
  * dbcache.c
  */
 #define bdb_db_cache				BDB_SYMBOL(db_cache)
+#define bdb_db_findsize				BDB_SYMBOL(db_findsize)
 
 int
 bdb_db_cache(
@@ -77,6 +78,11 @@
     struct berval *name,
 	DB **db );
 
+int
+bdb_db_findsize(
+	struct bdb_info *bdb,
+	struct berval *name );
+
 /*
  * dn2entry.c
  */
@@ -84,7 +90,7 @@
 
 int bdb_dn2entry LDAP_P(( Operation *op, DB_TXN *tid,
 	struct berval *dn, EntryInfo **e, int matched,
-	BDB_LOCKER locker, DB_LOCK *lock ));
+	DB_LOCK *lock ));
 
 /*
  * dn2id.c
@@ -99,7 +105,7 @@
 	Operation *op,
 	struct berval *dn,
 	EntryInfo *ei,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock );
 
 int bdb_dn2id_add(
@@ -121,7 +127,7 @@
 
 int bdb_dn2idl(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	struct berval *ndn,
 	EntryInfo *ei,
 	ID *ids,
@@ -134,7 +140,7 @@
 
 int bdb_dn2id_parent(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	EntryInfo *ei,
 	ID *idp );
 
@@ -174,7 +180,7 @@
 
 int bdb_filter_candidates(
 	Operation *op,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	Filter	*f,
 	ID *ids,
 	ID *tmp,
@@ -208,7 +214,6 @@
 int bdb_id2entry(
 	BackendDB *be,
 	DB_TXN *tid,
-	BDB_LOCKER locker,
 	ID id,
 	Entry **e);
 #endif
@@ -291,7 +296,7 @@
 int bdb_idl_fetch_key(
 	BackendDB	*be,
 	DB			*db,
-	BDB_LOCKER locker,
+	DB_TXN		*txn,
 	DBT			*key,
 	ID			*ids,
 	DBC                     **saved_cursor,
@@ -398,7 +403,7 @@
 bdb_key_read(
     Backend	*be,
 	DB *db,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
     struct berval *k,
 	ID *ids,
     DBC **saved_cursor,
@@ -514,7 +519,7 @@
 	EntryInfo *pei,
 	Entry   *e,
 	struct berval *nrdn,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock
 );
 int bdb_cache_modrdn(
@@ -523,19 +528,19 @@
 	struct berval *nrdn,
 	Entry	*new,
 	EntryInfo *ein,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock
 );
 int bdb_cache_modify(
 	struct bdb_info *bdb,
 	Entry *e,
 	Attribute *newAttrs,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock
 );
 int bdb_cache_find_ndn(
 	Operation *op,
-	BDB_LOCKER	locker,
+	DB_TXN *txn,
 	struct berval   *ndn,
 	EntryInfo	**res
 );
@@ -552,20 +557,19 @@
 	ID		id,
 	EntryInfo **eip,
 	int	flag,
-	BDB_LOCKER	locker,
 	DB_LOCK		*lock
 );
 int
 bdb_cache_find_parent(
 	Operation *op,
-	BDB_LOCKER	locker,
+	DB_TXN *txn,
 	ID id,
 	EntryInfo **res
 );
 int bdb_cache_delete(
 	struct bdb_info *bdb,
 	Entry	*e,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK	*lock
 );
 void bdb_cache_delete_cleanup(
@@ -585,7 +589,7 @@
 #define bdb_cache_entry_db_relock		BDB_SYMBOL(cache_entry_db_relock)
 int bdb_cache_entry_db_relock(
 	struct bdb_info *bdb,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	EntryInfo *ei,
 	int rw,
 	int tryOnly,
@@ -595,23 +599,11 @@
 	struct bdb_info *bdb,
 	DB_LOCK *lock );
 
-#ifdef BDB_REUSE_LOCKERS
+#define bdb_reader_get				BDB_SYMBOL(reader_get)
+#define bdb_reader_flush			BDB_SYMBOL(reader_flush)
+int bdb_reader_get( Operation *op, DB_ENV *env, DB_TXN **txn );
+void bdb_reader_flush( DB_ENV *env );
 
-#define bdb_locker_id				BDB_SYMBOL(locker_id)
-#define bdb_locker_flush			BDB_SYMBOL(locker_flush)
-int bdb_locker_id( Operation *op, DB_ENV *env, BDB_LOCKER *locker );
-void bdb_locker_flush( DB_ENV *env );
-
-#define	LOCK_ID_FREE(env, locker)	((void)0)
-#define	LOCK_ID(env, locker)	bdb_locker_id(op, env, locker)
-
-#else
-
-#define	LOCK_ID_FREE(env, locker)	XLOCK_ID_FREE(env, locker)
-#define	LOCK_ID(env, locker)		XLOCK_ID(env, locker)
-
-#endif
-
 /*
  * trans.c
  */

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/referral.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* referral.c - BDB backend referral handler */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/referral.c,v 1.42.2.6 2008/04/16 16:41:17 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/referral.c,v 1.42.2.8 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28,7 +28,7 @@
 	EntryInfo *ei;
 	int rc = LDAP_SUCCESS;
 
-	BDB_LOCKER	locker;
+	DB_TXN		*rtxn;
 	DB_LOCK		lock;
 
 	if( op->o_tag == LDAP_REQ_SEARCH ) {
@@ -41,7 +41,7 @@
 		return rc;
 	} 
 
-	rc = LOCK_ID(bdb->bi_dbenv, &locker);
+	rc = bdb_reader_get(op, bdb->bi_dbenv, &rtxn);
 	switch(rc) {
 	case 0:
 		break;
@@ -51,7 +51,7 @@
 
 dn2entry_retry:
 	/* get entry */
-	rc = bdb_dn2entry( op, NULL, &op->o_req_ndn, &ei, 1, locker, &lock );
+	rc = bdb_dn2entry( op, rtxn, &op->o_req_ndn, &ei, 1, &lock );
 
 	/* bdb_dn2entry() may legally leave ei == NULL
 	 * if rc != 0 and rc != DB_NOTFOUND
@@ -65,7 +65,6 @@
 	case 0:
 		break;
 	case LDAP_BUSY:
-		LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 		rs->sr_text = "ldap server busy";
 		return LDAP_BUSY;
 	case DB_LOCK_DEADLOCK:
@@ -76,7 +75,6 @@
 			LDAP_XSTRING(bdb_referrals)
 			": dn2entry failed: %s (%d)\n",
 			db_strerror(rc), rc, 0 ); 
-		LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 		rs->sr_text = "internal error";
 		return LDAP_OTHER;
 	}
@@ -116,7 +114,6 @@
 			rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
 		}
 
-		LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 		if (rs->sr_matched) {
 			op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
 			rs->sr_matched = NULL;
@@ -151,6 +148,5 @@
 	}
 
 	bdb_cache_return_entry_r(bdb, e, &lock);
-	LOCK_ID_FREE ( bdb->bi_dbenv, locker );
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - search operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.246.2.14 2008/05/01 21:39:35 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/search.c,v 1.246.2.21 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,7 +31,7 @@
 	Operation *op,
 	SlapReply *rs,
 	Entry *e,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	ID	*ids,
 	ID	*scopes );
 
@@ -51,7 +51,7 @@
 	SlapReply *rs,
 	Entry *e,
 	Entry **matched,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	DB_LOCK *lock,
 	ID	*tmp,
 	ID	*visited )
@@ -101,8 +101,10 @@
 			break;
 		}
 
-		rs->sr_err = bdb_dn2entry( op, NULL, &ndn, &ei,
-			0, locker, &lockr );
+		rs->sr_err = bdb_dn2entry( op, txn, &ndn, &ei,
+			0, &lockr );
+		if ( rs->sr_err == DB_LOCK_DEADLOCK )
+			return NULL;
 
 		if ( ei ) {
 			e = ei->bei_e;
@@ -143,7 +145,7 @@
 	Operation *op,
 	SlapReply *rs,
 	Entry *e,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	ID *ids,
 	ID *scopes,
 	ID *stack )
@@ -180,7 +182,7 @@
 
 	/* Find all aliases in database */
 	BDB_IDL_ZERO( aliases );
-	rs->sr_err = bdb_filter_candidates( op, locker, &af, aliases,
+	rs->sr_err = bdb_filter_candidates( op, txn, &af, aliases,
 		curscop, visited );
 	if (rs->sr_err != LDAP_SUCCESS) {
 		return rs->sr_err;
@@ -202,13 +204,17 @@
 		 * to the cumulative list of candidates.
 		 */
 		BDB_IDL_CPY( curscop, aliases );
-		rs->sr_err = bdb_dn2idl( op, locker, &e->e_nname, BEI(e), subscop,
+		rs->sr_err = bdb_dn2idl( op, txn, &e->e_nname, BEI(e), subscop,
 			subscop2+BDB_IDL_DB_SIZE );
+
 		if (first) {
 			first = 0;
 		} else {
 			bdb_cache_return_entry_r (bdb, e, &locka);
 		}
+		if ( rs->sr_err == DB_LOCK_DEADLOCK )
+			return rs->sr_err;
+
 		BDB_IDL_CPY(subscop2, subscop);
 		rs->sr_err = bdb_idl_intersection(curscop, subscop);
 		bdb_idl_union( ids, subscop2 );
@@ -220,11 +226,13 @@
 		{
 			ei = NULL;
 retry1:
-			rs->sr_err = bdb_cache_find_id(op, NULL,
-				ida, &ei, 0, locker, &lockr );
+			rs->sr_err = bdb_cache_find_id(op, txn,
+				ida, &ei, 0, &lockr );
 			if (rs->sr_err != LDAP_SUCCESS) {
-				if ( rs->sr_err == DB_LOCK_DEADLOCK ||
-					rs->sr_err == DB_LOCK_NOTGRANTED ) goto retry1;
+				if ( rs->sr_err == DB_LOCK_DEADLOCK )
+					return rs->sr_err;
+				if ( rs->sr_err == DB_LOCK_NOTGRANTED )
+					goto retry1;
 				continue;
 			}
 			a = ei->bei_e;
@@ -239,7 +247,7 @@
 
 			/* Actually dereference the alias */
 			BDB_IDL_ZERO(tmp);
-			a = deref_base( op, rs, a, &matched, locker, &lockr,
+			a = deref_base( op, rs, a, &matched, txn, &lockr,
 				tmp, visited );
 			if (a) {
 				/* If the target was not already in our current candidates,
@@ -253,6 +261,8 @@
 				}
 				bdb_cache_return_entry_r( bdb, a, &lockr);
 
+			} else if ( rs->sr_err == DB_LOCK_DEADLOCK ) {
+				return rs->sr_err;
 			} else if (matched) {
 				/* Alias could not be dereferenced, or it deref'd to
 				 * an ID we've already seen. Ignore it.
@@ -286,11 +296,12 @@
 		 */
 		ei = NULL;
 sameido:
-		rs->sr_err = bdb_cache_find_id(op, NULL, ido, &ei,
-			0, locker, &locka );
+		rs->sr_err = bdb_cache_find_id(op, txn, ido, &ei,
+			0, &locka );
 		if ( rs->sr_err != LDAP_SUCCESS ) {
-			if ( rs->sr_err == DB_LOCK_DEADLOCK ||
-				rs->sr_err == DB_LOCK_NOTGRANTED )
+			if ( rs->sr_err == DB_LOCK_DEADLOCK )
+				return rs->sr_err;
+			if ( rs->sr_err == DB_LOCK_NOTGRANTED )
 				goto sameido;
 			goto nextido;
 		}
@@ -318,7 +329,6 @@
 	int		tentries = 0, nentries = 0;
 	int		idflag = 0;
 
-	BDB_LOCKER	locker = 0;
 	DB_LOCK		lock;
 	struct	bdb_op_info	*opinfo = NULL;
 	DB_TXN			*ltid = NULL;
@@ -337,9 +347,8 @@
 
 	if ( opinfo && opinfo->boi_txn ) {
 		ltid = opinfo->boi_txn;
-		locker = TXN_ID( ltid );
 	} else {
-		rs->sr_err = LOCK_ID( bdb->bi_dbenv, &locker );
+		rs->sr_err = bdb_reader_get( op, bdb->bi_dbenv, &ltid );
 
 		switch(rs->sr_err) {
 		case 0:
@@ -362,7 +371,7 @@
 dn2entry_retry:
 		/* get entry with reader lock */
 		rs->sr_err = bdb_dn2entry( op, ltid, &op->o_req_ndn, &ei,
-			1, locker, &lock );
+			1, &lock );
 	}
 
 	switch(rs->sr_err) {
@@ -372,18 +381,20 @@
 	case 0:
 		e = ei->bei_e;
 		break;
+	case DB_LOCK_DEADLOCK:
+		if ( !opinfo ) {
+			ltid->flags &= ~TXN_DEADLOCK;
+			goto dn2entry_retry;
+		}
+		opinfo->boi_err = rs->sr_err;
+		/* FALLTHRU */
 	case LDAP_BUSY:
 		send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
-		if ( !opinfo )
-			LOCK_ID_FREE (bdb->bi_dbenv, locker );
 		return LDAP_BUSY;
-	case DB_LOCK_DEADLOCK:
 	case DB_LOCK_NOTGRANTED:
 		goto dn2entry_retry;
 	default:
 		send_ldap_error( op, rs, LDAP_OTHER, "internal error" );
-		if ( !opinfo )
-			LOCK_ID_FREE (bdb->bi_dbenv, locker );
 		return rs->sr_err;
 	}
 
@@ -393,7 +404,7 @@
 
 			stub.bv_val = op->o_req_ndn.bv_val;
 			stub.bv_len = op->o_req_ndn.bv_len - matched->e_nname.bv_len - 1;
-			e = deref_base( op, rs, matched, &matched, locker, &lock,
+			e = deref_base( op, rs, matched, &matched, ltid, &lock,
 				candidates, NULL );
 			if ( e ) {
 				build_new_dn( &op->o_req_ndn, &e->e_nname, &stub,
@@ -403,7 +414,7 @@
 				goto dn2entry_retry;
 			}
 		} else if ( e && is_entry_alias( e )) {
-			e = deref_base( op, rs, e, &matched, locker, &lock,
+			e = deref_base( op, rs, e, &matched, ltid, &lock,
 				candidates, NULL );
 		}
 	}
@@ -456,8 +467,6 @@
 
 		send_ldap_result( op, rs );
 
-		if ( !opinfo )
-			LOCK_ID_FREE (bdb->bi_dbenv, locker );
 		if ( rs->sr_ref ) {
 			ber_bvarray_free( rs->sr_ref );
 			rs->sr_ref = NULL;
@@ -523,9 +532,6 @@
 		rs->sr_matched = matched_dn.bv_val;
 		send_ldap_result( op, rs );
 
-		if ( !opinfo ) {
-			LOCK_ID_FREE (bdb->bi_dbenv, locker );
-		}
 		ber_bvarray_free( rs->sr_ref );
 		rs->sr_ref = NULL;
 		ber_memfree( matched_dn.bv_val );
@@ -573,10 +579,20 @@
 		rs->sr_err = base_candidate( op->o_bd, &base, candidates );
 
 	} else {
+cand_retry:
 		BDB_IDL_ZERO( candidates );
 		BDB_IDL_ZERO( scopes );
 		rs->sr_err = search_candidates( op, rs, &base,
-			locker, candidates, scopes );
+			ltid, candidates, scopes );
+		if ( rs->sr_err == DB_LOCK_DEADLOCK ) {
+			if ( !opinfo ) {
+				ltid->flags &= ~TXN_DEADLOCK;
+				goto cand_retry;
+			}
+			opinfo->boi_err = rs->sr_err;
+			send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
+			return LDAP_BUSY;
+		}
 	}
 
 	/* start cursor at beginning of candidates.
@@ -679,48 +695,57 @@
 		 * any subsequent entries
 		 */
 		nentries++;
-		if ( nentries > bdb->bi_cache.c_maxsize && !idflag )
+		if ( nentries > bdb->bi_cache.c_maxsize && !idflag ) {
 			idflag = ID_NOCACHE;
+		}
 
 fetch_entry_retry:
-			/* get the entry with reader lock */
-			ei = NULL;
-			rs->sr_err = bdb_cache_find_id( op, ltid,
-				id, &ei, idflag, locker, &lock );
+		/* get the entry with reader lock */
+		ei = NULL;
+		rs->sr_err = bdb_cache_find_id( op, ltid,
+			id, &ei, idflag, &lock );
 
-			if (rs->sr_err == LDAP_BUSY) {
-				rs->sr_text = "ldap server busy";
-				send_ldap_result( op, rs );
-				goto done;
+		if (rs->sr_err == LDAP_BUSY) {
+			rs->sr_text = "ldap server busy";
+			send_ldap_result( op, rs );
+			goto done;
 
-			} else if ( rs->sr_err == DB_LOCK_DEADLOCK
-				|| rs->sr_err == DB_LOCK_NOTGRANTED )
-			{
+		} else if ( rs->sr_err == DB_LOCK_DEADLOCK ) {
+			if ( !opinfo ) {
+				ltid->flags &= ~TXN_DEADLOCK;
 				goto fetch_entry_retry;
-			} else if ( rs->sr_err == LDAP_OTHER ) {
-				rs->sr_text = "internal error";
-				send_ldap_result( op, rs );
-				goto done;
 			}
+			opinfo->boi_err = rs->sr_err;
+			send_ldap_error( op, rs, LDAP_BUSY, "ldap server busy" );
+			goto done;
 
-			if ( ei && rs->sr_err == LDAP_SUCCESS ) {
-				e = ei->bei_e;
-			} else {
-				e = NULL;
-			}
+		} else if ( rs->sr_err == DB_LOCK_NOTGRANTED )
+		{
+			goto fetch_entry_retry;
+		} else if ( rs->sr_err == LDAP_OTHER ) {
+			rs->sr_text = "internal error";
+			send_ldap_result( op, rs );
+			goto done;
+		}
 
-			if ( e == NULL ) {
-				if( !BDB_IDL_IS_RANGE(candidates) ) {
-					/* only complain for non-range IDLs */
-					Debug( LDAP_DEBUG_TRACE,
-						LDAP_XSTRING(bdb_search)
-						": candidate %ld not found\n",
-						(long) id, 0, 0 );
-				}
+		if ( ei && rs->sr_err == LDAP_SUCCESS ) {
+			e = ei->bei_e;
+		} else {
+			e = NULL;
+		}
 
-				goto loop_continue;
+		if ( e == NULL ) {
+			if( !BDB_IDL_IS_RANGE(candidates) ) {
+				/* only complain for non-range IDLs */
+				Debug( LDAP_DEBUG_TRACE,
+					LDAP_XSTRING(bdb_search)
+					": candidate %ld not found\n",
+					(long) id, 0, 0 );
 			}
 
+			goto loop_continue;
+		}
+
 		rs->sr_entry = e;
 
 		if ( is_entry_subentry( e ) ) {
@@ -828,13 +853,51 @@
 		if ( !manageDSAit && op->oq_search.rs_scope != LDAP_SCOPE_BASE
 			&& is_entry_referral( e ) )
 		{
+			struct bdb_op_info bois;
+			struct bdb_lock_info blis;
 			BerVarray erefs = get_entry_referrals( op, e );
 			rs->sr_ref = referral_rewrite( erefs, &e->e_name, NULL,
 				op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
 					? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
 
+			/* Must set lockinfo so that entry_release will work */
+			if (!opinfo) {
+				bois.boi_oe.oe_key = bdb;
+				bois.boi_txn = NULL;
+				bois.boi_err = 0;
+				bois.boi_acl_cache = op->o_do_not_cache;
+				bois.boi_flag = BOI_DONTFREE;
+				bois.boi_locks = &blis;
+				blis.bli_next = NULL;
+				LDAP_SLIST_INSERT_HEAD( &op->o_extra, &bois.boi_oe,
+					oe_next );
+			} else {
+				blis.bli_next = opinfo->boi_locks;
+				opinfo->boi_locks = &blis;
+			}
+			blis.bli_id = e->e_id;
+			blis.bli_lock = lock;
+			blis.bli_flag = BLI_DONTFREE;
+
+			rs->sr_flags = REP_ENTRY_MUSTRELEASE;
+
 			send_search_reference( op, rs );
 
+			if ( blis.bli_flag ) {
+#ifdef SLAP_ZONE_ALLOC
+				slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+				bdb_cache_return_entry_r(bdb, e, &lock);
+				if ( opinfo ) {
+					opinfo->boi_locks = blis.bli_next;
+				} else {
+					LDAP_SLIST_REMOVE( &op->o_extra, &bois.boi_oe,
+						OpExtra, oe_next );
+				}
+			}
+			rs->sr_entry = NULL;
+			e = NULL;
+
 			ber_bvarray_free( rs->sr_ref );
 			ber_bvarray_free( erefs );
 			rs->sr_ref = NULL;
@@ -865,14 +928,55 @@
 			}
 
 			if (e) {
+				struct bdb_op_info bois;
+				struct bdb_lock_info blis;
+
+				/* Must set lockinfo so that entry_release will work */
+				if (!opinfo) {
+					bois.boi_oe.oe_key = bdb;
+					bois.boi_txn = NULL;
+					bois.boi_err = 0;
+					bois.boi_acl_cache = op->o_do_not_cache;
+					bois.boi_flag = BOI_DONTFREE;
+					bois.boi_locks = &blis;
+					blis.bli_next = NULL;
+					LDAP_SLIST_INSERT_HEAD( &op->o_extra, &bois.boi_oe,
+						oe_next );
+				} else {
+					blis.bli_next = opinfo->boi_locks;
+					opinfo->boi_locks = &blis;
+				}
+				blis.bli_id = e->e_id;
+				blis.bli_lock = lock;
+				blis.bli_flag = BLI_DONTFREE;
+
 				/* safe default */
 				rs->sr_attrs = op->oq_search.rs_attrs;
 				rs->sr_operational_attrs = NULL;
 				rs->sr_ctrls = NULL;
-				rs->sr_flags = 0;
+				rs->sr_flags = REP_ENTRY_MUSTRELEASE;
 				rs->sr_err = LDAP_SUCCESS;
 				rs->sr_err = send_search_entry( op, rs );
 
+				/* send_search_entry will usually free it.
+				 * an overlay might leave its own copy here;
+				 * bli_flag will be 0 if lock was already released.
+				 */
+				if ( blis.bli_flag ) {
+#ifdef SLAP_ZONE_ALLOC
+					slap_zn_runlock(bdb->bi_cache.c_zctx, e);
+#endif
+					bdb_cache_return_entry_r(bdb, e, &lock);
+					if ( opinfo ) {
+						opinfo->boi_locks = blis.bli_next;
+					} else {
+						LDAP_SLIST_REMOVE( &op->o_extra, &bois.boi_oe,
+							OpExtra, oe_next );
+					}
+				}
+				rs->sr_entry = NULL;
+				e = NULL;
+
 				switch ( rs->sr_err ) {
 				case LDAP_SUCCESS:	/* entry sent ok */
 					break;
@@ -880,12 +984,6 @@
 					break;
 				case LDAP_UNAVAILABLE:
 				case LDAP_SIZELIMIT_EXCEEDED:
-#ifdef SLAP_ZONE_ALLOC
-					slap_zn_runlock(bdb->bi_cache.c_zctx, e);
-#endif
-					bdb_cache_return_entry_r(bdb, e, &lock);
-					e = NULL;
-					rs->sr_entry = NULL;
 					if ( rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ) {
 						rs->sr_ref = rs->sr_v2ref;
 						send_ldap_result( op, rs );
@@ -931,9 +1029,6 @@
 	rs->sr_err = LDAP_SUCCESS;
 
 done:
-	if ( !opinfo )
-		LOCK_ID_FREE( bdb->bi_dbenv, locker );
-
 	if( rs->sr_v2ref ) {
 		ber_bvarray_free( rs->sr_v2ref );
 		rs->sr_v2ref = NULL;
@@ -1026,7 +1121,7 @@
 	Operation *op,
 	SlapReply *rs,
 	Entry *e,
-	BDB_LOCKER locker,
+	DB_TXN *txn,
 	ID	*ids,
 	ID	*scopes )
 {
@@ -1100,13 +1195,13 @@
 	}
 
 	if( op->ors_deref & LDAP_DEREF_SEARCHING ) {
-		rc = search_aliases( op, rs, e, locker, ids, scopes, stack );
+		rc = search_aliases( op, rs, e, txn, ids, scopes, stack );
 	} else {
-		rc = bdb_dn2idl( op, locker, &e->e_nname, BEI(e), ids, stack );
+		rc = bdb_dn2idl( op, txn, &e->e_nname, BEI(e), ids, stack );
 	}
 
 	if ( rc == LDAP_SUCCESS ) {
-		rc = bdb_filter_candidates( op, locker, &f, ids,
+		rc = bdb_filter_candidates( op, txn, &f, ids,
 			stack, stack+BDB_IDL_UM_SIZE );
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/tools.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* tools.c - tools for slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/tools.c,v 1.105.2.10 2008/02/12 00:34:58 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/tools.c,v 1.105.2.16 2009/01/26 20:34:03 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -75,12 +75,22 @@
 static ldap_pvt_thread_cond_t bdb_tool_index_cond_main;
 static ldap_pvt_thread_cond_t bdb_tool_index_cond_work;
 
+#if DB_VERSION_FULL >= 0x04060000
+#define	USE_TRICKLE	1
+#else
+/* Seems to slow things down too much in BDB 4.5 */
+#undef USE_TRICKLE
+#endif
+
+#ifdef USE_TRICKLE
 static ldap_pvt_thread_mutex_t bdb_tool_trickle_mutex;
 static ldap_pvt_thread_cond_t bdb_tool_trickle_cond;
 
-static void * bdb_tool_index_task( void *ctx, void *ptr );
 static void * bdb_tool_trickle_task( void *ctx, void *ptr );
+#endif
 
+static void * bdb_tool_index_task( void *ctx, void *ptr );
+
 int bdb_tool_entry_open(
 	BackendDB *be, int mode )
 {
@@ -96,7 +106,7 @@
 
 	if (cursor == NULL) {
 		int rc = bdb->bi_id2entry->bdi_db->cursor(
-			bdb->bi_id2entry->bdi_db, NULL, &cursor,
+			bdb->bi_id2entry->bdi_db, bdb->bi_cache.c_txn, &cursor,
 			bdb->bi_db_opflags );
 		if( rc != 0 ) {
 			return -1;
@@ -106,9 +116,11 @@
 	/* Set up for threaded slapindex */
 	if (( slapMode & (SLAP_TOOL_QUICK|SLAP_TOOL_READONLY)) == SLAP_TOOL_QUICK ) {
 		if ( !bdb_tool_info ) {
+#ifdef USE_TRICKLE
 			ldap_pvt_thread_mutex_init( &bdb_tool_trickle_mutex );
 			ldap_pvt_thread_cond_init( &bdb_tool_trickle_cond );
 			ldap_pvt_thread_pool_submit( &connection_pool, bdb_tool_trickle_task, bdb->bi_dbenv );
+#endif
 
 			ldap_pvt_thread_mutex_init( &bdb_tool_index_mutex );
 			ldap_pvt_thread_cond_init( &bdb_tool_index_cond_main );
@@ -137,9 +149,11 @@
 {
 	if ( bdb_tool_info ) {
 		slapd_shutdown = 1;
+#ifdef USE_TRICKLE
 		ldap_pvt_thread_mutex_lock( &bdb_tool_trickle_mutex );
 		ldap_pvt_thread_cond_signal( &bdb_tool_trickle_cond );
 		ldap_pvt_thread_mutex_unlock( &bdb_tool_trickle_mutex );
+#endif
 		ldap_pvt_thread_mutex_lock( &bdb_tool_index_mutex );
 		bdb_tool_index_tcount = slap_tool_thread_max - 1;
 		ldap_pvt_thread_cond_broadcast( &bdb_tool_index_cond_work );
@@ -297,6 +311,7 @@
 		e->e_id = id;
 #ifdef BDB_HIER
 		if ( slapMode & SLAP_TOOL_READONLY ) {
+			struct bdb_info *bdb = (struct bdb_info *) be->be_private;
 			EntryInfo *ei = NULL;
 			Operation op = {0};
 			Opheader ohdr = {0};
@@ -306,7 +321,7 @@
 			op.o_tmpmemctx = NULL;
 			op.o_tmpmfuncs = &ch_mfuncs;
 
-			rc = bdb_cache_find_parent( &op, CURSOR_GETLOCKER(cursor), id, &ei );
+			rc = bdb_cache_find_parent( &op, bdb->bi_cache.c_txn, id, &ei );
 			if ( rc == LDAP_SUCCESS ) {
 				bdb_cache_entryinfo_unlock( ei );
 				e->e_private = ei;
@@ -340,7 +355,7 @@
 		return 0;
 	}
 
-	rc = bdb_cache_find_ndn( op, tid ? TXN_ID( tid ) : 0, &ndn, &ei );
+	rc = bdb_cache_find_ndn( op, tid, &ndn, &ei );
 	if ( ei ) bdb_cache_entryinfo_unlock( ei );
 	if ( rc == DB_NOTFOUND ) {
 		if ( !be_issuffix( op->o_bd, &ndn ) ) {
@@ -394,13 +409,12 @@
 			holes[nholes++].id = e->e_id;
 		}
 	} else if ( !hole ) {
-		unsigned i;
+		unsigned i, j;
 
 		e->e_id = ei->bei_id;
 
 		for ( i=0; i<nholes; i++) {
 			if ( holes[i].id == e->e_id ) {
-				int j;
 				free(holes[i].dn.bv_val);
 				for (j=i;j<nholes;j++) holes[j] = holes[j+1];
 				holes[j].id = 0;
@@ -521,11 +535,11 @@
 		goto done;
 	}
 
+#ifdef USE_TRICKLE
 	if (( slapMode & SLAP_TOOL_QUICK ) && (( e->e_id & 0xfff ) == 0xfff )) {
-		ldap_pvt_thread_mutex_lock( &bdb_tool_trickle_mutex );
 		ldap_pvt_thread_cond_signal( &bdb_tool_trickle_cond );
-		ldap_pvt_thread_mutex_unlock( &bdb_tool_trickle_mutex );
 	}
+#endif
 
 	if ( !bdb->bi_linear_index )
 		rc = bdb_tool_index_add( &op, tid, e );
@@ -1098,6 +1112,7 @@
 }
 #endif
 
+#ifdef USE_TRICKLE
 static void *
 bdb_tool_trickle_task( void *ctx, void *ptr )
 {
@@ -1116,6 +1131,7 @@
 
 	return NULL;
 }
+#endif
 
 static void *
 bdb_tool_index_task( void *ctx, void *ptr )

Modified: openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-bdb/trans.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* trans.c - bdb backend transaction routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/trans.c,v 1.8.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-bdb/trans.c,v 1.8.2.4 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-dnssrv
-# $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/Makefile.in,v 1.14.2.3 2008/02/11 23:26:46 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/Makefile.in,v 1.14.2.4 2009/01/22 00:01:05 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## Portions Copyright 1998-2003 Kurt D. Zeilenga.
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - DNS SRV backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.22.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/bind.c,v 1.22.2.4 2009/01/22 00:01:05 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* compare.c - DNS SRV backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/compare.c,v 1.18.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/compare.c,v 1.18.2.4 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - DNS SRV backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.16.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/config.c,v 1.16.2.4 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize ldap backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.29.2.4 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/init.c,v 1.29.2.5 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/proto-dnssrv.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/proto-dnssrv.h,v 1.5.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/proto-dnssrv.h,v 1.5.2.4 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/referral.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* referral.c - DNS SRV backend referral handler */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/referral.c,v 1.26.2.4 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/referral.c,v 1.26.2.5 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-dnssrv/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - DNS SRV backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/search.c,v 1.44.2.4 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-dnssrv/search.c,v 1.44.2.6 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *
@@ -169,9 +169,9 @@
 		AttributeDescription *ad_objectClass
 			= slap_schema.si_ad_objectClass;
 		AttributeDescription *ad_ref = slap_schema.si_ad_ref;
-		e.e_name.bv_val = strdup( op->o_req_dn.bv_val );
+		e.e_name.bv_val = ch_strdup( op->o_req_dn.bv_val );
 		e.e_name.bv_len = op->o_req_dn.bv_len;
-		e.e_nname.bv_val = strdup( op->o_req_ndn.bv_val );
+		e.e_nname.bv_val = ch_strdup( op->o_req_ndn.bv_val );
 		e.e_nname.bv_len = op->o_req_ndn.bv_len;
 
 		e.e_attrs = NULL;

Modified: openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-hdb/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile for back-hdb
-# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.14.2.6 2008/02/11 23:26:46 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/Makefile.in,v 1.14.2.7 2009/01/22 00:01:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-hdb/back-bdb.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* back-bdb.h - hdb back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/back-bdb.h,v 1.5.2.3 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-hdb/back-bdb.h,v 1.5.2.4 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu @ Symas Corp.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-ldap
-# $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/Makefile.in,v 1.30.2.4 2008/02/11 23:26:46 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/Makefile.in,v 1.30.2.5 2009/01/22 00:01:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* add.c - ldap backend add function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/add.c,v 1.61.2.5 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/add.c,v 1.61.2.6 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/back-ldap.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* back-ldap.h - ldap backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.10 2008/07/10 00:28:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/back-ldap.h,v 1.88.2.13 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -316,6 +316,7 @@
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
 #define LDAP_BACK_F_NOREFS		(0x00080000U)
+#define LDAP_BACK_F_NOUNDEFFILTER	(0x00100000U)
 
 #define	LDAP_BACK_ISSET_F(ff,f)		( ( (ff) & (f) ) == (f) )
 #define	LDAP_BACK_ISMASK_F(ff,m,f)	( ( (ff) & (m) ) == (f) )
@@ -356,6 +357,7 @@
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
 #define	LDAP_BACK_NOREFS(li)		LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOREFS)
+#define	LDAP_BACK_NOUNDEFFILTER(li)	LDAP_BACK_ISSET( (li), LDAP_BACK_F_NOUNDEFFILTER)
 
 	int			li_version;
 
@@ -391,6 +393,8 @@
 	time_t			li_timeout[ SLAP_OP_LAST ];
 } ldapinfo_t;
 
+#define	LDAP_ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
+
 typedef enum ldap_back_send_t {
 	LDAP_BACK_DONTSEND		= 0x00,
 	LDAP_BACK_SENDOK		= 0x01,

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - ldap backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.162.2.17 2008/04/14 20:02:21 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/bind.c,v 1.162.2.21 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -1637,8 +1637,6 @@
 	char		**refs = NULL;
 	LDAPControl	**ctrls = NULL;
 
-#define	ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
-
 	rs->sr_text = NULL;
 	rs->sr_matched = NULL;
 	rs->sr_ref = NULL;
@@ -1647,7 +1645,7 @@
 	/* if the error recorded in the reply corresponds
 	 * to a successful state, get the error from the
 	 * remote server response */
-	if ( ERR_OK( rs->sr_err ) ) {
+	if ( LDAP_ERR_OK( rs->sr_err ) ) {
 		int		rc;
 		struct timeval	tv;
 		LDAPMessage	*res = NULL;
@@ -1800,7 +1798,7 @@
 	/* if the error in the reply structure is not
 	 * LDAP_SUCCESS, try to map it from client 
 	 * to server error */
-	if ( !ERR_OK( rs->sr_err ) ) {
+	if ( !LDAP_ERR_OK( rs->sr_err ) ) {
 		rs->sr_err = slap_map_api2result( rs );
 
 		/* internal ops ( op->o_conn == NULL ) 
@@ -1825,8 +1823,8 @@
 		}
 
 	} else if ( op->o_conn &&
-		( ( ( sendok & LDAP_BACK_SENDOK ) && ERR_OK( rs->sr_err ) )
-			|| ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
+		( ( ( sendok & LDAP_BACK_SENDOK ) && LDAP_ERR_OK( rs->sr_err ) )
+			|| ( ( sendok & LDAP_BACK_SENDERR ) && !LDAP_ERR_OK( rs->sr_err ) ) ) )
 	{
 		send_ldap_result( op, rs );
 	}
@@ -1859,7 +1857,7 @@
 		rs->sr_ctrls = NULL;
 	}
 
-	return( ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
+	return( LDAP_ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
 }
 
 /* return true if bound, false if failed */
@@ -2208,7 +2206,9 @@
 		 * so that referral chasing is attempted using the right
 		 * identity */
 		LDAP_BACK_CONN_ISBOUND_SET( lc );
-		ber_bvreplace( &lc->lc_bound_ndn, binddn );
+		if ( !BER_BVISNULL( binddn ) ) {
+			ber_bvreplace( &lc->lc_bound_ndn, binddn );
+		}
 
 		if ( !BER_BVISNULL( &lc->lc_cred ) ) {
 			memset( lc->lc_cred.bv_val, 0,
@@ -2216,8 +2216,10 @@
 		}
 
 		if ( LDAP_BACK_SAVECRED( li ) ) {
-			ber_bvreplace( &lc->lc_cred, bindcred );
-			ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+			if ( !BER_BVISNULL( bindcred ) ) {
+				ber_bvreplace( &lc->lc_cred, bindcred );
+				ldap_set_rebind_proc( lc->lc_ld, li->li_rebind_f, lc );
+			}
 
 		} else {
 			lc->lc_cred.bv_len = 0;
@@ -2613,7 +2615,7 @@
 		goto done;
 	}
 
-	assert( j1 + j1 <= sizeof( c )/sizeof(LDAPControl) );
+	assert( j1 + j2 <= (int) (sizeof( c )/sizeof( c[0] )) );
 
 	if ( op->o_ctrls ) {
 		for ( n = 0; op->o_ctrls[ n ]; n++ )

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/chain.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* chain.c - chain LDAP operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.52.2.7 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/chain.c,v 1.52.2.10 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu.
  * All rights reserved.
  *
@@ -63,6 +63,7 @@
 	LDAP_CH_RES,
 	LDAP_CH_ERR
 } ldap_chain_status_t;
+
 static BackendInfo	*lback;
 
 typedef struct ldap_chain_t {
@@ -596,6 +597,8 @@
 	struct berval	odn = op->o_req_dn,
 			ondn = op->o_req_ndn;
 	slap_response	*save_response = op->o_callback->sc_response;
+	Entry		*save_entry = rs->sr_entry;
+	slap_mask_t	save_flags = rs->sr_flags;
 
 	int		rc = LDAP_OTHER,
 			first_rc = -1;
@@ -760,7 +763,8 @@
 	op->o_req_ndn = ondn;
 	op->o_callback->sc_response = save_response;
 	rs->sr_type = REP_SEARCHREF;
-	rs->sr_entry = NULL;
+	rs->sr_entry = save_entry;
+	rs->sr_flags = save_flags;
 
 	if ( rc != LDAP_SUCCESS ) {
 		/* couldn't chase any of the referrals */
@@ -1096,7 +1100,7 @@
 		"NAME 'olcChainDatabase' "
 		"DESC 'Chain remote server configuration' "
 		"AUXILIARY )",
-		Cft_Misc, chaincfg, chain_ldadd },
+		Cft_Misc, olcDatabaseDummy, chain_ldadd },
 	{ NULL, 0, NULL }
 };
 
@@ -1187,6 +1191,8 @@
 		}
 	}
 
+	ca->ca_private = on;
+
 done:;
 	if ( rc != LDAP_SUCCESS ) {
 		(void)ldap_chain_db_destroy_one( ca->be, NULL );
@@ -1510,17 +1516,11 @@
 	ldap_chain_t	*lc = NULL;
 
 	if ( lback == NULL ) {
-		static BackendInfo	lback2;
-
 		lback = backend_info( "ldap" );
 
 		if ( lback == NULL ) {
 			return 1;
 		}
-
-		lback2 = *lback;
-		lback2.bi_type = ldapchain.on_bi.bi_type;
-		lback = &lback2;
 	}
 
 	lc = ch_malloc( sizeof( ldap_chain_t ) );
@@ -2062,7 +2062,8 @@
 int
 chain_initialize( void )
 {
-	int	rc;
+	int rc;
+	const char *text;
 
 	/* Make sure we don't exceed the bits reserved for userland */
 	config_check_userland( CH_LAST );

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* compare.c - ldap backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/compare.c,v 1.60.2.5 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/compare.c,v 1.60.2.6 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - ldap backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/config.c,v 1.115.2.9 2008/07/10 00:28:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/config.c,v 1.115.2.14 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -71,6 +71,7 @@
 	LDAP_BACK_CFG_QUARANTINE,
 	LDAP_BACK_CFG_ST_REQUEST,
 	LDAP_BACK_CFG_NOREFS,
+	LDAP_BACK_CFG_NOUNDEFFILTER,
 
 	LDAP_BACK_CFG_REWRITE,
 
@@ -311,11 +312,19 @@
 	{ "norefs", "true|FALSE", 2, 2, 0,
 		ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOREFS,
 		ldap_back_cf_gen, "( OLcfgDbAt:3.25 "
-			"NAME 'olcDbNorefs' "
+			"NAME 'olcDbNoRefs' "
 			"DESC 'Do not return search reference responses' "
 			"SYNTAX OMsBoolean "
 			"SINGLE-VALUE )",
 		NULL, NULL },
+	{ "noundeffilter", "true|FALSE", 2, 2, 0,
+		ARG_MAGIC|ARG_ON_OFF|LDAP_BACK_CFG_NOUNDEFFILTER,
+		ldap_back_cf_gen, "( OLcfgDbAt:3.26 "
+			"NAME 'olcDbNoUndefFilter' "
+			"DESC 'Do not propagate undefined search filters' "
+			"SYNTAX OMsBoolean "
+			"SINGLE-VALUE )",
+		NULL, NULL },
 	{ "suffixmassage", "[virtual]> <real", 2, 3, 0,
 		ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
 		ldap_back_cf_gen, NULL, NULL, NULL },
@@ -358,7 +367,8 @@
 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
 			"$ olcDbSessionTrackingRequest "
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
-			"$ olcDbNorefs "
+			"$ olcDbNoRefs "
+			"$ olcDbNoUndefFilter "
 		") )",
 		 	Cft_Database, ldapcfg},
 	{ NULL, 0, NULL }
@@ -500,53 +510,51 @@
 	slap_retry_info_t	*ri,
 	struct berval		*bvout )
 {
-	int		i;
 	char		buf[ BUFSIZ * 2 ],
 			*ptr = buf;
-	struct berval	bv = BER_BVNULL;
+	int		i, len, restlen = (int) sizeof( buf );
+	struct berval	bv;
 
 	assert( ri != NULL );
 	assert( bvout != NULL );
 
 	BER_BVZERO( bvout );
 
-#define WHATSLEFT	( sizeof( buf ) - ( ptr - buf ) )
-
 	for ( i = 0; ri->ri_num[ i ] != SLAP_RETRYNUM_TAIL; i++ ) {
 		if ( i > 0 ) {
-			if ( WHATSLEFT <= 1 ) {
+			if ( --restlen <= 0 ) {
 				return 1;
 			}
 			*ptr++ = ';';
 		}
 
-		if ( lutil_unparse_time( ptr, WHATSLEFT, (long)ri->ri_interval[i] ) ) {
+		if ( lutil_unparse_time( ptr, restlen, ri->ri_interval[i] ) < 0 ) {
 			return 1;
 		}
-		ptr += strlen( ptr );
-
-		if ( WHATSLEFT <= 1 ) {
+		len = (int) strlen( ptr );
+		if ( (restlen -= len + 1) <= 0 ) {
 			return 1;
 		}
+		ptr += len;
 		*ptr++ = ',';
 
 		if ( ri->ri_num[i] == SLAP_RETRYNUM_FOREVER ) {
-			if ( WHATSLEFT <= 1 ) {
+			if ( --restlen <= 0 ) {
 				return 1;
 			}
 			*ptr++ = '+';
 
 		} else {
-			ptr += snprintf( ptr, WHATSLEFT, "%d", ri->ri_num[i] );
-			if ( WHATSLEFT <= 0 ) {
+			len = snprintf( ptr, restlen, "%d", ri->ri_num[i] );
+			if ( (restlen -= len) <= 0 || len < 0 ) {
 				return 1;
 			}
+			ptr += len;
 		}
 	}
 
 	bv.bv_val = buf;
 	bv.bv_len = ptr - buf;
-
 	ber_dupbv( bvout, &bv );
 
 	return 0;
@@ -735,6 +743,19 @@
 			return 1;
 		}
 	}
+
+	if ( si->si_bc.sb_method == LDAP_AUTH_SIMPLE ) {
+		if ( BER_BVISNULL( &si->si_bc.sb_binddn )
+			|| BER_BVISNULL( &si->si_bc.sb_cred ) )
+		{
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"idassert-bind <args>\": "
+				"SIMPLE needs \"binddn\" and \"credentials\"" );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+			return 1;
+		}
+	}
+
 	bindconf_tls_defaults( &si->si_bc );
 
 	return 0;
@@ -1152,6 +1173,10 @@
 			c->value_int = LDAP_BACK_NOREFS( li );
 			break;
 
+		case LDAP_BACK_CFG_NOUNDEFFILTER:
+			c->value_int = LDAP_BACK_NOUNDEFFILTER( li );
+			break;
+
 		default:
 			/* FIXME: we need to handle all... */
 			assert( 0 );
@@ -1278,6 +1303,10 @@
 			li->li_flags &= ~LDAP_BACK_F_NOREFS;
 			break;
 
+		case LDAP_BACK_CFG_NOUNDEFFILTER:
+			li->li_flags &= ~LDAP_BACK_F_NOUNDEFFILTER;
+			break;
+
 		default:
 			/* FIXME: we need to handle all... */
 			assert( 0 );
@@ -1931,6 +1960,15 @@
 		}
 		break;
 
+	case LDAP_BACK_CFG_NOUNDEFFILTER:
+		if ( c->value_int ) {
+			li->li_flags |= LDAP_BACK_F_NOUNDEFFILTER;
+
+		} else {
+			li->li_flags &= ~LDAP_BACK_F_NOUNDEFFILTER;
+		}
+		break;
+
 	case LDAP_BACK_CFG_REWRITE:
 		snprintf( c->cr_msg, sizeof( c->cr_msg ),
 			"rewrite/remap capabilities have been moved "

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* delete.c - ldap backend delete function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/delete.c,v 1.46.2.5 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/delete.c,v 1.46.2.6 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/distproc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/distproc.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/distproc.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* distproc.c - implement distributed procedures */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/distproc.c,v 1.3.2.7 2008/02/12 00:58:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/distproc.c,v 1.3.2.8 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/extended.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* extended.c - ldap backend extended routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/extended.c,v 1.36.2.8 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/extended.c,v 1.36.2.9 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize ldap backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/init.c,v 1.99.2.8 2008/07/09 23:36:23 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/init.c,v 1.99.2.11 2009/01/30 19:07:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -62,8 +62,11 @@
 		 * and the entryTtl attribute */
 		SLAP_BFLAG_DYNAMIC |
 #endif /* LDAP_DYNAMIC_OBJECTS */
-		0;
 
+		/* back-ldap recognizes RFC4525 increment;
+		 * let the remote server complain, if needed (ITS#5912) */
+		SLAP_BFLAG_INCREMENT;
+
 	bi->bi_open = ldap_back_open;
 	bi->bi_config = 0;
 	bi->bi_close = 0;
@@ -233,14 +236,10 @@
 	if ( rc != 0 ) {
 		/* ignore by now */
 		rc = 0;
-#if 0
-		goto fail;
-#endif
 	}
 
 	li->li_flags |= LDAP_BACK_F_ISOPEN;
 
-fail:;
 	return rc;
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modify.c - ldap backend modify function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modify.c,v 1.69.2.5 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modify.c,v 1.69.2.6 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modrdn.c - ldap backend modrdn function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modrdn.c,v 1.47.2.7 2008/04/14 18:57:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/modrdn.c,v 1.47.2.8 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/monitor.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/monitor.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/monitor.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* monitor.c - monitor ldap backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/monitor.c,v 1.2.2.4 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/monitor.c,v 1.2.2.6 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -469,7 +469,7 @@
 	ptr = lutil_strncopy( ptr, suffix.bv_val, suffix.bv_len );
 	ptr = lutil_strcopy( ptr, "))" );
 	ptr[ 0 ] = '\0';
-	assert( filter->bv_len == ptr - filter->bv_val );
+	assert( ptr == &filter->bv_val[ filter->bv_len ] );
 
 	if ( suffix.bv_val != be->be_nsuffix[ 0 ].bv_val ) {
 		ch_free( suffix.bv_val );

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/proto-ldap.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/proto-ldap.h,v 1.15.2.7 2008/07/09 23:36:23 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/proto-ldap.h,v 1.15.2.8 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - ldap backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.201.2.11 2008/07/10 00:28:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/search.c,v 1.201.2.18 2009/02/11 00:20:01 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -94,6 +94,17 @@
 
 		} else if ( strncmp( ptr, bv_undefined.bv_val, bv_undefined.bv_len ) == 0 )
 		{
+			/* if undef or invalid filter is not allowed,
+			 * don't rewrite filter */
+			if ( LDAP_BACK_NOUNDEFFILTER( li ) ) {
+				if ( filter->bv_val != op->ors_filterstr.bv_val ) {
+					op->o_tmpfree( filter->bv_val, op->o_tmpmemctx );
+				}
+				BER_BVZERO( filter );
+				gotit = -1;
+				goto done;
+			}
+
 			oldbv = &bv_undefined;
 			newbv = &bv_F;
 
@@ -103,23 +114,21 @@
 		}
 
 		oldfilter = *filter;
-		if ( newbv->bv_len > oldbv->bv_len ) {
-			filter->bv_len += newbv->bv_len - oldbv->bv_len;
-			if ( filter->bv_val == op->ors_filterstr.bv_val ) {
-				filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
-						op->o_tmpmemctx );
+		filter->bv_len += newbv->bv_len - oldbv->bv_len;
+		if ( filter->bv_val == op->ors_filterstr.bv_val ) {
+			filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
+					op->o_tmpmemctx );
 
-				AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
-						op->ors_filterstr.bv_len + 1 );
+			AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
+					op->ors_filterstr.bv_len + 1 );
 
-			} else {
-				filter->bv_val = op->o_tmprealloc( filter->bv_val,
-						filter->bv_len + 1, op->o_tmpmemctx );
-			}
-
-			ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
+		} else {
+			filter->bv_val = op->o_tmprealloc( filter->bv_val,
+					filter->bv_len + 1, op->o_tmpmemctx );
 		}
 
+		ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
+
 		AC_MEMCPY( &ptr[ newbv->bv_len ],
 				&ptr[ oldbv->bv_len ], 
 				oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 );
@@ -152,7 +161,6 @@
 			msgid; 
 	struct berval	match = BER_BVNULL,
 			filter = BER_BVNULL;
-	int		free_filter = 0;
 	int		i;
 	char		**attrs = NULL;
 	int		freetext = 0;
@@ -172,12 +180,6 @@
 	 * to map attrs and maybe rewrite value
 	 */
 
-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		ldap_set_option( lc->lc_ld, LDAP_OPT_DEREF,
-				(void *)&op->ors_deref );
-	}
-
 	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
 		tv.tv_sec = op->ors_tlimit;
 		tv.tv_usec = 0;
@@ -213,11 +215,11 @@
 	/* deal with <draft-zeilenga-ldap-t-f> filters */
 	filter = op->ors_filterstr;
 retry:
-	rs->sr_err = ldap_search_ext( lc->lc_ld, op->o_req_dn.bv_val,
+	rs->sr_err = ldap_pvt_search( lc->lc_ld, op->o_req_dn.bv_val,
 			op->ors_scope, filter.bv_val,
 			attrs, op->ors_attrsonly, ctrls, NULL,
 			tv.tv_sec ? &tv : NULL,
-			op->ors_slimit, &msgid );
+			op->ors_slimit, op->ors_deref, &msgid );
 
 	if ( rs->sr_err != LDAP_SUCCESS ) {
 		switch ( rs->sr_err ) {
@@ -240,8 +242,7 @@
 			goto finish;
 
 		case LDAP_FILTER_ERROR:
-			if ( ldap_back_munge_filter( op, &filter ) ) {
-				free_filter = 1;
+			if (ldap_back_munge_filter( op, &filter ) > 0 ) {
 				goto retry;
 			}
 
@@ -353,7 +354,12 @@
 				entry_clean( &ent );
 			}
 			ldap_msgfree( res );
-			if ( rc != LDAP_SUCCESS ) {
+			switch ( rc ) {
+			case LDAP_SUCCESS:
+			case LDAP_INSUFFICIENT_ACCESS:
+				break;
+
+			default:
 				if ( rc == LDAP_UNAVAILABLE ) {
 					rc = rs->sr_err = LDAP_OTHER;
 				} else {
@@ -417,6 +423,36 @@
 				rs->sr_ctrls = NULL;
 			}
 
+		} else if ( rc == LDAP_RES_INTERMEDIATE ) {
+			/* FIXME: response controls
+			 * are passed without checks */
+			rc = ldap_parse_intermediate( lc->lc_ld,
+				res,
+				&rs->sr_rspoid,
+				&rs->sr_rspdata,
+				&rs->sr_ctrls,
+				0 );
+			if ( rc != LDAP_SUCCESS ) {
+				continue;
+			}
+
+			slap_send_ldap_intermediate( op, rs );
+
+			if ( rs->sr_rspoid != NULL ) {
+				ber_memfree( rs->sr_rspoid );
+				rs->sr_rspoid = NULL;
+			}
+
+			if ( rs->sr_rspdata != NULL ) {
+				ber_bvfree( rs->sr_rspdata );
+				rs->sr_rspdata = NULL;
+			}
+
+			if ( rs->sr_ctrls != NULL ) {
+				ldap_controls_free( rs->sr_ctrls );
+				rs->sr_ctrls = NULL;
+			}
+
 		} else {
 			char		*err = NULL;
 
@@ -525,6 +561,10 @@
 		ldap_back_quarantine( op, rs );
 	}
 
+	if ( filter.bv_val != op->ors_filterstr.bv_val ) {
+		op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
+	}
+
 #if 0
 	/* let send_ldap_result play cleanup handlers (ITS#4645) */
 	if ( rc != SLAPD_ABANDON )
@@ -550,10 +590,6 @@
 		rs->sr_matched = save_matched;
 	}
 
-	if ( free_filter ) {
-		op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
-	}
-
 	if ( rs->sr_text ) {
 		if ( freetext ) {
 			LDAP_FREE( (char *)rs->sr_text );
@@ -634,7 +670,7 @@
 
 		attr = attr_alloc( NULL );
 		if ( attr == NULL ) {
-			continue;
+			return LDAP_OTHER;
 		}
 		if ( slap_bv2ad( &a, &attr->a_desc, &text ) 
 				!= LDAP_SUCCESS )
@@ -646,6 +682,8 @@
 					"%s ldap_build_entry: "
 					"slap_bv2undef_ad(%s): %s\n",
 					op->o_log_prefix, a.bv_val, text );
+
+				( void )ber_scanf( &ber, "x" /* [W] */ );
 				attr_free( attr );
 				continue;
 			}
@@ -668,7 +706,6 @@
 			 * present...
 			 */
 			( void )ber_scanf( &ber, "x" /* [W] */ );
-
 			attr_free( attr );
 			continue;
 		}
@@ -706,11 +743,13 @@
 			}
 
 			if ( rc != LDAP_SUCCESS ) {
+				ObjectClass *oc;
+
 				/* check if, by chance, it's an undefined objectClass */
 				if ( attr->a_desc == slap_schema.si_ad_objectClass &&
-						oc_bvfind_undef( &attr->a_vals[i] ) != NULL )
+						( oc = oc_bvfind_undef( &attr->a_vals[i] ) ) != NULL )
 				{
-					ber_dupbv( &pval, &attr->a_vals[i] );
+					ber_dupbv( &pval, &oc->soc_cname );
 
 				} else {
 					attr->a_nvals = NULL;
@@ -839,9 +878,9 @@
 	}
 
 	/* TODO: timeout? */
-	rc = ldap_search_ext_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
+	rc = ldap_pvt_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
 				attrp, 0, ctrls, NULL,
-				NULL, LDAP_NO_LIMIT, &result );
+				NULL, LDAP_NO_LIMIT, op->ors_deref, &result );
 	if ( rc != LDAP_SUCCESS ) {
 		if ( rc == LDAP_SERVER_DOWN && do_retry ) {
 			do_retry = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldap/unbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* unbind.c - ldap backend unbind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/unbind.c,v 1.33.2.4 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldap/unbind.c,v 1.33.2.5 2009/01/22 00:01:06 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldif/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-ldif
-# $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/Makefile.in,v 1.2.2.3 2008/02/11 23:26:46 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/Makefile.in,v 1.2.2.4 2009/01/22 00:01:06 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2005-2008 The OpenLDAP Foundation.
+## Copyright 2005-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-ldif/ldif.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldif.c - the ldif backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.48.2.14 2008/04/21 18:53:52 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ldif/ldif.c,v 1.48.2.19 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,24 +31,37 @@
 #include "lutil.h"
 #include "config.h"
 
-typedef struct enumCookie {
-	Operation *op;
-	SlapReply *rs;
-	Entry **entries;
-	int elen;
-	int eind;
-} enumCookie;
+struct ldif_tool {
+	Entry	**entries;			/* collected by bi_tool_entry_first() */
+	ID		elen;				/* length of entries[] array */
+	ID		ecount;				/* number of entries */
+	ID		ecurrent;			/* bi_tool_entry_next() position */
+#	define	ENTRY_BUFF_INCREMENT 500 /* initial entries[] length */
+};
 
+/* Per-database data */
 struct ldif_info {
-	struct berval li_base_path;
-	enumCookie li_tool_cookie;
-	ID li_tool_current;
-	ldap_pvt_thread_rdwr_t  li_rdwr;
+	struct berval li_base_path;			/* database directory */
+	struct ldif_tool li_tool;			/* for slap tools */
+	/*
+	 * Read-only LDAP requests readlock li_rdwr for filesystem input.
+	 * Update requests first lock li_modop_mutex for filesystem I/O,
+	 * and then writelock li_rdwr as well for filesystem output.
+	 * This allows update requests to do callbacks that acquire
+	 * read locks, e.g. access controls that inspect entries.
+	 * (An alternative would be recursive read/write locks.)
+	 */
+	ldap_pvt_thread_mutex_t	li_modop_mutex; /* serialize update requests */
+	ldap_pvt_thread_rdwr_t	li_rdwr;	/* no other I/O when writing */
 };
 
 #ifdef _WIN32
 #define mkdir(a,b)	mkdir(a)
+#define move_file(from, to) (!MoveFileEx(from, to, MOVEFILE_REPLACE_EXISTING))
+#else
+#define move_file(from, to) rename(from, to)
 #endif
+#define move_dir(from, to) rename(from, to)
 
 
 #define LDIF	".ldif"
@@ -58,11 +71,10 @@
  * Unsafe/translated characters in the filesystem.
  *
  * LDIF_UNSAFE_CHAR(c) returns true if the character c is not to be used
- * in relative filenames, except it should accept '\\' even if unsafe and
- * need not reject '{' and '}'.  The value should be a constant expression.
+ * in relative filenames, except it should accept '\\', '{' and '}' even
+ * if unsafe.  The value should be a constant expression.
  *
  * If '\\' is unsafe, #define LDIF_ESCAPE_CHAR as a safe character.
- *
  * If '{' and '}' are unsafe, #define IX_FSL/IX_FSR as safe characters.
  * (Not digits, '-' or '+'.  IX_FSL == IX_FSR is allowed.)
  *
@@ -87,7 +99,7 @@
 #else /* _WIN32 */
 
 /* Windows version - Microsoft's list of unsafe characters, except '\\' */
-#define LDIF_ESCAPE_CHAR	'^'
+#define LDIF_ESCAPE_CHAR	'^'			/* Not '\\' (unsafe on Windows) */
 #define LDIF_UNSAFE_CHAR(c)	\
 	((c) == '/' || (c) == ':' || \
 	 (c) == '<' || (c) == '>' || (c) == '"' || \
@@ -132,8 +144,19 @@
 	(!(LDIF_UNSAFE_CHAR(x) || (x) == '\\' || (x) == IX_DNL || (x) == IX_DNR) \
 	 && (c) == (x))
 
+/* Collect other "safe char" tests here, until someone needs a fix. */
+enum {
+	eq_unsafe = LDIF_UNSAFE_CHAR('='),
+	safe_filenames = STRLENOF("" LDAP_DIRSEP "") == 1 && !(
+		LDIF_UNSAFE_CHAR('-') || /* for "{-1}frontend" in bconfig.c */
+		LDIF_UNSAFE_CHAR(LDIF_ESCAPE_CHAR) ||
+		LDIF_UNSAFE_CHAR(IX_FSL) || LDIF_UNSAFE_CHAR(IX_FSR))
+};
+/* Sanity check: Try to force a compilation error if !safe_filenames */
+typedef struct {
+	int assert_safe_filenames : safe_filenames ? 2 : -2;
+} assert_safe_filenames[safe_filenames ? 2 : -2];
 
-#define ENTRY_BUFF_INCREMENT 500
 
 static ConfigTable ldifcfg[] = {
 	{ "directory", "dir", 2, 2, 0, ARG_BERVAL|ARG_OFFSET,
@@ -156,6 +179,10 @@
 };
 
 
+/*
+ * Handle file/directory names.
+ */
+
 /* Set *res = LDIF filename path for the normalized DN */
 static void
 dn2path( BackendDB *be, struct berval *dn, struct berval *res )
@@ -215,48 +242,157 @@
 	assert( res->bv_len <= len );
 }
 
-static char * slurp_file(int fd) {
-	int read_chars_total = 0;
-	int read_chars = 0;
-	int entry_size;
-	char * entry;
-	char * entry_pos;
+/*
+ * *dest = dupbv(<dir + LDAP_DIRSEP>), plus room for <more>-sized filename.
+ * Return pointer past the dirname.
+ */
+static char *
+fullpath_alloc( struct berval *dest, const struct berval *dir, ber_len_t more )
+{
+	char *s = SLAP_MALLOC( dir->bv_len + more + 2 );
+
+	dest->bv_val = s;
+	if ( s == NULL ) {
+		dest->bv_len = 0;
+		Debug( LDAP_DEBUG_ANY, "back-ldif: out of memory\n", 0, 0, 0 );
+	} else {
+		s = lutil_strcopy( dest->bv_val, dir->bv_val );
+		*s++ = LDAP_DIRSEP[0];
+		*s = '\0';
+		dest->bv_len = s - dest->bv_val;
+	}
+	return s;
+}
+
+/*
+ * Append filename to fullpath_alloc() dirname or replace previous filename.
+ * dir_end = fullpath_alloc() return value.
+ */
+#define FILL_PATH(fpath, dir_end, filename) \
+	((fpath)->bv_len = lutil_strcopy(dir_end, filename) - (fpath)->bv_val)
+
+
+/* .ldif entry filename length <-> subtree dirname length. */
+#define ldif2dir_len(bv)  ((bv).bv_len -= STRLENOF(LDIF))
+#define dir2ldif_len(bv)  ((bv).bv_len += STRLENOF(LDIF))
+/* .ldif entry filename <-> subtree dirname, both with dirname length. */
+#define ldif2dir_name(bv) ((bv).bv_val[(bv).bv_len] = '\0')
+#define dir2ldif_name(bv) ((bv).bv_val[(bv).bv_len] = LDIF_FILETYPE_SEP)
+
+/* Get the parent directory path, plus the LDIF suffix overwritten by a \0. */
+static int
+get_parent_path( struct berval *dnpath, struct berval *res )
+{
+	ber_len_t i = dnpath->bv_len;
+
+	while ( i > 0 && dnpath->bv_val[ --i ] != LDAP_DIRSEP[0] ) ;
+	if ( res == NULL ) {
+		res = dnpath;
+	} else {
+		res->bv_val = SLAP_MALLOC( i + 1 + STRLENOF(LDIF) );
+		if ( res->bv_val == NULL )
+			return LDAP_OTHER;
+		AC_MEMCPY( res->bv_val, dnpath->bv_val, i );
+	}
+	res->bv_len = i;
+	strcpy( res->bv_val + i, LDIF );
+	res->bv_val[i] = '\0';
+	return LDAP_SUCCESS;
+}
+
+/* Make temporary filename pattern for mkstemp() based on dnpath. */
+static char *
+ldif_tempname( const struct berval *dnpath )
+{
+	static const char suffix[] = ".XXXXXX";
+	ber_len_t len = dnpath->bv_len - STRLENOF( LDIF );
+	char *name = SLAP_MALLOC( len + sizeof( suffix ) );
+
+	if ( name != NULL ) {
+		AC_MEMCPY( name, dnpath->bv_val, len );
+		strcpy( name + len, suffix );
+	}
+	return name;
+}
+
+/*
+ * Read a file, or stat() it if datap == NULL.  Allocate and fill *datap.
+ * Return LDAP_SUCCESS, LDAP_NO_SUCH_OBJECT (no such file), or another error.
+ */
+static int
+ldif_read_file( const char *path, char **datap )
+{
+	int rc, fd, len;
+	int res = -1;	/* 0:success, <0:error, >0:file too big/growing. */
 	struct stat st;
+	char *data = NULL, *ptr;
 
-	fstat(fd, &st);
-	entry_size = st.st_size;
-	entry = ch_malloc( entry_size+1 );
-	entry_pos = entry;
-	
-	while(1) {
-		read_chars = read(fd, (void *) entry_pos, entry_size - read_chars_total);
-		if(read_chars == -1) {
-			SLAP_FREE(entry);
-			return NULL;
+	if ( datap == NULL ) {
+		res = stat( path, &st );
+		goto done;
+	}
+	fd = open( path, O_RDONLY );
+	if ( fd >= 0 ) {
+		if ( fstat( fd, &st ) == 0 ) {
+			if ( st.st_size > INT_MAX - 2 ) {
+				res = 1;
+			} else {
+				len = st.st_size + 1; /* +1 detects file size > st.st_size */
+				*datap = data = ptr = SLAP_MALLOC( len + 1 );
+				if ( ptr != NULL ) {
+					while ( len && (res = read( fd, ptr, len )) ) {
+						if ( res > 0 ) {
+							len -= res;
+							ptr += res;
+						} else if ( errno != EINTR ) {
+							break;
+						}
+					}
+					*ptr = '\0';
+				}
+			}
 		}
-		if(read_chars == 0) {
-			entry[read_chars_total] = '\0';
-			break;
+		if ( close( fd ) < 0 )
+			res = -1;
+	}
+
+ done:
+	if ( res == 0 ) {
+		Debug( LDAP_DEBUG_TRACE, "ldif_read_file: %s: \"%s\"\n",
+			datap ? "read entry file" : "entry file exists", path, 0 );
+		rc = LDAP_SUCCESS;
+	} else {
+		if ( res < 0 && errno == ENOENT ) {
+			Debug( LDAP_DEBUG_TRACE, "ldif_read_file: "
+				"no entry file \"%s\"\n", path, 0, 0 );
+			rc = LDAP_NO_SUCH_OBJECT;
+		} else {
+			const char *msg = res < 0 ? STRERROR( errno ) : "bad stat() size";
+			Debug( LDAP_DEBUG_ANY, "ldif_read_file: %s for \"%s\"\n",
+				msg, path, 0 );
+			rc = LDAP_OTHER;
 		}
-		else {
-			read_chars_total += read_chars;
-			entry_pos += read_chars;
-		}
+		if ( data != NULL )
+			SLAP_FREE( data );
 	}
-	return entry;
+	return rc;
 }
 
 /*
  * return nonnegative for success or -1 for error
  * do not return numbers less than -1
  */
-static int spew_file(int fd, char * spew, int len) {
+static int
+spew_file( int fd, const char *spew, int len, int *save_errno )
+{
 	int writeres = 0;
-	
+
 	while(len > 0) {
 		writeres = write(fd, spew, len);
 		if(writeres == -1) {
-			return -1;
+			*save_errno = errno;
+			if (*save_errno != EINTR)
+				break;
 		}
 		else {
 			spew += writeres;
@@ -266,406 +402,603 @@
 	return writeres;
 }
 
+/* Write an entry LDIF file.  Create parentdir first if non-NULL. */
 static int
-spew_entry( Entry * e, struct berval * path, int dolock, int *save_errnop )
+ldif_write_entry(
+	Operation *op,
+	Entry *e,
+	const struct berval *path,
+	const char *parentdir,
+	const char **text )
 {
-	int rs, save_errno = 0;
-	int openres;
-	int res, spew_res;
-	int entry_length;
-	char * entry_as_string;
-	char *tmpfname = NULL;
+	int rc = LDAP_OTHER, res, save_errno = 0;
+	int fd, entry_length;
+	char *entry_as_string, *tmpfname;
 
-	tmpfname = ch_malloc( path->bv_len + STRLENOF( "XXXXXX" ) + 1 );
-	AC_MEMCPY( tmpfname, path->bv_val, path->bv_len );
-	AC_MEMCPY( &tmpfname[ path->bv_len ], "XXXXXX", STRLENOF( "XXXXXX" ) + 1 );
+	if ( op->o_abandon )
+		return SLAPD_ABANDON;
 
-	openres = mkstemp( tmpfname );
-	if ( openres == -1 ) {
+	if ( parentdir != NULL && mkdir( parentdir, 0750 ) < 0 ) {
 		save_errno = errno;
-		rs = LDAP_UNWILLING_TO_PERFORM;
-		Debug( LDAP_DEBUG_ANY, "could not create tmpfile \"%s\": %s\n",
-			tmpfname, STRERROR( save_errno ), 0 );
+		Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n",
+			"cannot create parent directory",
+			parentdir, STRERROR( save_errno ) );
+		*text = "internal error (cannot create parent directory)";
+		return rc;
+	}
 
+	tmpfname = ldif_tempname( path );
+	fd = tmpfname == NULL ? -1 : mkstemp( tmpfname );
+	if ( fd < 0 ) {
+		save_errno = errno;
+		Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s for \"%s\": %s\n",
+			"cannot create file", e->e_dn, STRERROR( save_errno ) );
+		*text = "internal error (cannot create file)";
+
 	} else {
+		ber_len_t dn_len = e->e_name.bv_len;
 		struct berval rdn;
-		int tmp;
 
 		/* Only save the RDN onto disk */
 		dnRdn( &e->e_name, &rdn );
-		if ( rdn.bv_len != e->e_name.bv_len ) {
+		if ( rdn.bv_len != dn_len ) {
 			e->e_name.bv_val[rdn.bv_len] = '\0';
-			tmp = e->e_name.bv_len;
 			e->e_name.bv_len = rdn.bv_len;
-			rdn.bv_len = tmp;
 		}
 
-		spew_res = -2;
-		if ( dolock ) {
-			ldap_pvt_thread_mutex_lock(&entry2str_mutex);
-		}
+		res = -2;
+		ldap_pvt_thread_mutex_lock( &entry2str_mutex );
+		entry_as_string = entry2str( e, &entry_length );
+		if ( entry_as_string != NULL )
+			res = spew_file( fd, entry_as_string, entry_length, &save_errno );
+		ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
 
-		entry_as_string = entry2str(e, &entry_length);
-		if ( entry_as_string != NULL ) {
-			spew_res = spew_file( openres,
-				entry_as_string, entry_length );
-			if ( spew_res == -1 ) {
-				save_errno = errno;
-			}
+		/* Restore full DN */
+		if ( rdn.bv_len != dn_len ) {
+			e->e_name.bv_val[rdn.bv_len] = ',';
+			e->e_name.bv_len = dn_len;
 		}
 
-		if ( dolock ) {
-			ldap_pvt_thread_mutex_unlock(&entry2str_mutex);
+		if ( close( fd ) < 0 && res >= 0 ) {
+			res = -1;
+			save_errno = errno;
 		}
 
-		/* Restore full DN */
-		if ( rdn.bv_len != e->e_name.bv_len ) {
-			e->e_name.bv_val[e->e_name.bv_len] = ',';
-			e->e_name.bv_len = rdn.bv_len;
-		}
-
-		res = close( openres );
-		rs = LDAP_UNWILLING_TO_PERFORM;
-
-		if ( spew_res > -2 ) {
-			if ( res == -1 || spew_res == -1 ) {
-				if ( save_errno == 0 ) {
-					save_errno = errno;
-				}
-				Debug( LDAP_DEBUG_ANY, "write error to tmpfile \"%s\": %s\n",
-					tmpfname, STRERROR( save_errno ), 0 );
-
+		if ( res >= 0 ) {
+			if ( move_file( tmpfname, path->bv_val ) == 0 ) {
+				Debug( LDAP_DEBUG_TRACE, "ldif_write_entry: "
+					"wrote entry \"%s\"\n", e->e_name.bv_val, 0, 0 );
+				rc = LDAP_SUCCESS;
 			} else {
-				res = rename( tmpfname, path->bv_val );
-				if ( res == 0 ) {
-					rs = LDAP_SUCCESS;
-
-				} else {
-					save_errno = errno;
-					switch ( save_errno ) {
-					case ENOENT:
-						rs = LDAP_NO_SUCH_OBJECT;
-						break;
-
-					default:
-						break;
-					}
-				}
+				save_errno = errno;
+				Debug( LDAP_DEBUG_ANY, "ldif_write_entry: "
+					"could not put entry file for \"%s\" in place: %s\n",
+					e->e_name.bv_val, STRERROR( save_errno ), 0 );
+				*text = "internal error (could not put entry file in place)";
 			}
+		} else if ( res == -1 ) {
+			Debug( LDAP_DEBUG_ANY, "ldif_write_entry: %s \"%s\": %s\n",
+				"write error to", tmpfname, STRERROR( save_errno ) );
+			*text = "internal error (write error to entry file)";
 		}
 
-		if ( rs != LDAP_SUCCESS ) {
+		if ( rc != LDAP_SUCCESS ) {
 			unlink( tmpfname );
 		}
 	}
 
-	ch_free( tmpfname );
-
-	if ( rs != LDAP_SUCCESS && save_errnop != NULL ) {
-		*save_errnop = save_errno;
-	}
-
-	return rs;
+	if ( tmpfname )
+		SLAP_FREE( tmpfname );
+	return rc;
 }
 
-static Entry * get_entry_for_fd(int fd,
+/*
+ * Read the entry at path, or if entryp==NULL just see if it exists.
+ * pdn and pndn are the parent's DN and normalized DN, or both NULL.
+ * Return an LDAP result code.
+ */
+static int
+ldif_read_entry(
+	Operation *op,
+	const char *path,
 	struct berval *pdn,
-	struct berval *pndn)
+	struct berval *pndn,
+	Entry **entryp,
+	const char **text )
 {
-	char * entry = (char *) slurp_file(fd);
-	Entry * ldentry = NULL;
-	
-	/* error reading file */
-	if(entry == NULL) {
-		goto return_value;
-	}
+	int rc;
+	Entry *entry;
+	char *entry_as_string;
+	struct berval rdn;
 
-	ldentry = str2entry(entry);
-	if ( ldentry ) {
-		struct berval rdn;
-		rdn = ldentry->e_name;
-		build_new_dn( &ldentry->e_name, pdn, &rdn, NULL );
-		ch_free( rdn.bv_val );
-		rdn = ldentry->e_nname;
-		build_new_dn( &ldentry->e_nname, pndn, &rdn, NULL );
-		ch_free( rdn.bv_val );
-	}
+	/* TODO: Does slapd prevent Abandon of Bind as per rfc4511?
+	 * If so we need not check for LDAP_REQ_BIND here.
+	 */
+	if ( op->o_abandon && op->o_tag != LDAP_REQ_BIND )
+		return SLAPD_ABANDON;
 
- return_value:
-	if(fd != -1) {
-		if(close(fd) != 0) {
-			/* log error */
+	rc = ldif_read_file( path, entryp ? &entry_as_string : NULL );
+
+	switch ( rc ) {
+	case LDAP_SUCCESS:
+		if ( entryp == NULL )
+			break;
+		*entryp = entry = str2entry( entry_as_string );
+		SLAP_FREE( entry_as_string );
+		if ( entry == NULL ) {
+			rc = LDAP_OTHER;
+			if ( text != NULL )
+				*text = "internal error (cannot parse some entry file)";
+			break;
 		}
+		if ( pdn == NULL || BER_BVISEMPTY( pdn ) )
+			break;
+		/* Append parent DN to DN from LDIF file */
+		rdn = entry->e_name;
+		build_new_dn( &entry->e_name, pdn, &rdn, NULL );
+		SLAP_FREE( rdn.bv_val );
+		rdn = entry->e_nname;
+		build_new_dn( &entry->e_nname, pndn, &rdn, NULL );
+		SLAP_FREE( rdn.bv_val );
+		break;
+
+	case LDAP_OTHER:
+		if ( text != NULL )
+			*text = entryp
+				? "internal error (cannot read some entry file)"
+				: "internal error (cannot stat some entry file)";
+		break;
 	}
-	if(entry != NULL)
-		SLAP_FREE(entry);
-	return ldentry;
+
+	return rc;
 }
 
+/*
+ * Read the operation's entry, or if entryp==NULL just see if it exists.
+ * Return an LDAP result code.  May set *text to a message on failure.
+ * If pathp is non-NULL, set it to the entry filename on success.
+ */
 static int
 get_entry(
 	Operation *op,
 	Entry **entryp,
-	struct berval *pathp )
+	struct berval *pathp,
+	const char **text )
 {
 	int rc;
 	struct berval path, pdn, pndn;
-	int fd;
 
-	dnParent(&op->o_req_dn, &pdn);
-	dnParent(&op->o_req_ndn, &pndn);
+	dnParent( &op->o_req_dn, &pdn );
+	dnParent( &op->o_req_ndn, &pndn );
 	dn2path( op->o_bd, &op->o_req_ndn, &path );
-	fd = open(path.bv_val, O_RDONLY);
-	/* error opening file (mebbe should log error) */
-	if ( fd == -1 && ( errno != ENOENT || op->o_tag != LDAP_REQ_ADD ) ) {
-		Debug( LDAP_DEBUG_ANY, "failed to open file \"%s\": %s\n",
-			path.bv_val, STRERROR(errno), 0 );
-	}
-	*entryp = fd < 0 ? NULL : get_entry_for_fd( fd, &pdn, &pndn );
-	rc = *entryp ? LDAP_SUCCESS : LDAP_NO_SUCH_OBJECT;
+	rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, entryp, text );
 
 	if ( rc == LDAP_SUCCESS && pathp != NULL ) {
 		*pathp = path;
 	} else {
-		SLAP_FREE(path.bv_val);
+		SLAP_FREE( path.bv_val );
 	}
 	return rc;
 }
 
-static void fullpath(struct berval *base, struct berval *name, struct berval *res) {
-	char *ptr;
-	res->bv_len = name->bv_len + base->bv_len + 1;
-	res->bv_val = ch_malloc( res->bv_len + 1 );
-	strcpy(res->bv_val, base->bv_val);
-	ptr = res->bv_val + base->bv_len;
-	*ptr++ = LDAP_DIRSEP[0];
-	strcpy(ptr, name->bv_val);
-}
 
+/*
+ * RDN-named directory entry, with special handling of "attr={num}val" RDNs.
+ * For sorting, filename "attr=val.ldif" is truncated to "attr="val\0ldif",
+ * and filename "attr={num}val.ldif" to "attr={\0um}val.ldif".
+ * Does not sort escaped chars correctly, would need to un-escape them.
+ */
 typedef struct bvlist {
 	struct bvlist *next;
-	struct berval bv;
-	struct berval num;
-	int inum;
-	int off;
+	char *trunc;	/* filename was truncated here */
+	int  inum;		/* num from "attr={num}" in filename, or INT_MIN */
+	char savech;	/* original char at *trunc */
+	char fname;		/* variable length array BVL_NAME(bvl) = &fname */
+#	define BVL_NAME(bvl) ((char *) (bvl) + offsetof(bvlist, fname))
+#	define BVL_SIZE(namelen) (sizeof(bvlist) + (namelen))
 } bvlist;
 
-
-static int r_enum_tree(enumCookie *ck, struct berval *path, int base,
-	struct berval *pdn, struct berval *pndn)
+static int
+ldif_send_entry( Operation *op, SlapReply *rs, Entry *e, int scope )
 {
-	Entry *e = NULL;
-	int fd = 0, rc = LDAP_SUCCESS;
+	int rc = LDAP_SUCCESS;
 
-	if ( !base ) {
-		fd = open( path->bv_val, O_RDONLY );
-		if ( fd < 0 ) {
-			Debug( LDAP_DEBUG_TRACE,
-				"=> ldif_enum_tree: failed to open %s: %s\n",
-				path->bv_val, STRERROR(errno), 0 );
-			return LDAP_NO_SUCH_OBJECT;
-		}
+	if ( scope == LDAP_SCOPE_BASE || scope == LDAP_SCOPE_SUBTREE ) {
+		if ( rs == NULL ) {
+			/* Save the entry for tool mode */
+			struct ldif_tool *tl =
+				&((struct ldif_info *) op->o_bd->be_private)->li_tool;
 
-		e = get_entry_for_fd(fd, pdn, pndn);
-		if ( !e ) {
-			Debug( LDAP_DEBUG_ANY,
-				"=> ldif_enum_tree: failed to read entry for %s\n",
-				path->bv_val, 0, 0 );
-			return LDAP_BUSY;
-		}
-
-		if ( ck->op->ors_scope == LDAP_SCOPE_BASE ||
-			ck->op->ors_scope == LDAP_SCOPE_SUBTREE ) {
-			/* Send right away? */
-			if ( ck->rs ) {
-				/*
-				 * if it's a referral, add it to the list of referrals. only do
-				 * this for non-base searches, and don't check the filter
-				 * explicitly here since it's only a candidate anyway.
-				 */
-				if ( !get_manageDSAit( ck->op )
-						&& ck->op->ors_scope != LDAP_SCOPE_BASE
-						&& is_entry_referral( e ) )
-				{
-					BerVarray erefs = get_entry_referrals( ck->op, e );
-					ck->rs->sr_ref = referral_rewrite( erefs,
-							&e->e_name, NULL,
-							ck->op->oq_search.rs_scope == LDAP_SCOPE_ONELEVEL
-								? LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
-	
-					ck->rs->sr_entry = e;
-					rc = send_search_reference( ck->op, ck->rs );
-					ber_bvarray_free( ck->rs->sr_ref );
-					ber_bvarray_free( erefs );
-					ck->rs->sr_ref = NULL;
-					ck->rs->sr_entry = NULL;
-	
-				} else if ( test_filter( ck->op, e, ck->op->ors_filter ) == LDAP_COMPARE_TRUE )
-				{
-					ck->rs->sr_entry = e;
-					ck->rs->sr_attrs = ck->op->ors_attrs;
-					ck->rs->sr_flags = REP_ENTRY_MODIFIABLE;
-					rc = send_search_entry(ck->op, ck->rs);
-					ck->rs->sr_entry = NULL;
-				}
-				fd = 1;
-				if ( rc )
+			if ( tl->ecount >= tl->elen ) {
+				/* Allocate/grow entries */
+				ID elen = tl->elen ? tl->elen * 2 : ENTRY_BUFF_INCREMENT;
+				Entry **entries = (Entry **) SLAP_REALLOC( tl->entries,
+					sizeof(Entry *) * elen );
+				if ( entries == NULL ) {
+					Debug( LDAP_DEBUG_ANY,
+						"ldif_send_entry: out of memory\n", 0, 0, 0 );
+					rc = LDAP_OTHER;
 					goto done;
-			} else {
-			/* Queueing up for tool mode */
-				if(ck->entries == NULL) {
-					ck->entries = (Entry **) ch_malloc(sizeof(Entry *) * ENTRY_BUFF_INCREMENT);
-					ck->elen = ENTRY_BUFF_INCREMENT;
 				}
-				if(ck->eind >= ck->elen) { /* grow entries if necessary */	
-					ck->entries = (Entry **) ch_realloc(ck->entries, sizeof(Entry *) * (ck->elen) * 2);
-					ck->elen *= 2;
-				}
-	
-				ck->entries[ck->eind++] = e;
-				fd = 0;
+				tl->elen = elen;
+				tl->entries = entries;
 			}
-		} else {
-			fd = 1;
+			tl->entries[tl->ecount++] = e;
+			return rc;
 		}
+
+		else if ( !get_manageDSAit( op ) && is_entry_referral( e ) ) {
+			/* Send a continuation reference.
+			 * (ldif_back_referrals() handles baseobject referrals.)
+			 * Don't check the filter since it's only a candidate.
+			 */
+			BerVarray refs = get_entry_referrals( op, e );
+			rs->sr_ref = referral_rewrite( refs, &e->e_name, NULL, scope );
+			rs->sr_entry = e;
+			rc = send_search_reference( op, rs );
+			ber_bvarray_free( rs->sr_ref );
+			ber_bvarray_free( refs );
+			rs->sr_ref = NULL;
+			rs->sr_entry = NULL;
+		}
+
+		else if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
+			rs->sr_entry = e;
+			rs->sr_attrs = op->ors_attrs;
+			rs->sr_flags = REP_ENTRY_MODIFIABLE;
+			rc = send_search_entry( op, rs );
+			rs->sr_entry = NULL;
+		}
 	}
 
-	if ( ck->op->ors_scope != LDAP_SCOPE_BASE ) {
-		DIR * dir_of_path;
-		bvlist *list = NULL, *ptr;
+ done:
+	entry_free( e );
+	return rc;
+}
 
-		path->bv_len -= STRLENOF( LDIF );
-		path->bv_val[path->bv_len] = '\0';
+/* Read LDIF directory <path> into <listp>.  Set *fname_maxlenp. */
+static int
+ldif_readdir(
+	Operation *op,
+	SlapReply *rs,
+	const struct berval *path,
+	bvlist **listp,
+	ber_len_t *fname_maxlenp )
+{
+	int rc = LDAP_SUCCESS;
+	DIR *dir_of_path;
 
-		dir_of_path = opendir(path->bv_val);
-		if(dir_of_path == NULL) { /* can't open directory */
-			if ( errno != ENOENT ) {
-				/* it shouldn't be treated as an error
-				 * only if the directory doesn't exist */
-				rc = LDAP_BUSY;
-				Debug( LDAP_DEBUG_ANY,
-					"=> ldif_enum_tree: failed to opendir %s (%d)\n",
-					path->bv_val, errno, 0 );
-			}
-			goto done;
+	*listp = NULL;
+	*fname_maxlenp = 0;
+
+	dir_of_path = opendir( path->bv_val );
+	if ( dir_of_path == NULL ) {
+		int save_errno = errno;
+		struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
+		int is_rootDSE = (path->bv_len == li->li_base_path.bv_len);
+
+		/* Absent directory is OK (leaf entry), except the database dir */
+		if ( is_rootDSE || save_errno != ENOENT ) {
+			Debug( LDAP_DEBUG_ANY,
+				"=> ldif_search_entry: failed to opendir \"%s\": %s\n",
+				path->bv_val, STRERROR( save_errno ), 0 );
+			rc = LDAP_OTHER;
+			if ( rs != NULL )
+				rs->sr_text =
+					save_errno != ENOENT ? "internal error (bad directory)"
+					: !is_rootDSE ? "internal error (missing directory)"
+					: "internal error (database directory does not exist)";
 		}
-	
-		while(1) {
-			struct berval fname, itmp;
-			struct dirent * dir;
+
+	} else {
+		bvlist *ptr;
+		struct dirent *dir;
+		int save_errno = 0;
+
+		while ( (dir = readdir( dir_of_path )) != NULL ) {
+			size_t fname_len;
 			bvlist *bvl, **prev;
+			char *trunc, *idxp, *endp, *endp2;
 
-			dir = readdir(dir_of_path);
-			if(dir == NULL) break; /* end of the directory */
-			fname.bv_len = strlen( dir->d_name );
-			if ( fname.bv_len <= STRLENOF( LDIF ))
+			fname_len = strlen( dir->d_name );
+			if ( fname_len < STRLENOF( "x=" LDIF )) /* min filename size */
 				continue;
-			if ( strcmp( dir->d_name + (fname.bv_len - STRLENOF(LDIF)), LDIF))
+			if ( strcmp( dir->d_name + fname_len - STRLENOF(LDIF), LDIF ))
 				continue;
-			fname.bv_val = dir->d_name;
 
-			bvl = ch_malloc( sizeof(bvlist) );
-			ber_dupbv( &bvl->bv, &fname );
-			BER_BVZERO( &bvl->num );
-			itmp.bv_val = ber_bvchr( &bvl->bv, IX_FSL );
-			if ( itmp.bv_val ) {
-				char *ptr;
-				itmp.bv_val++;
-				itmp.bv_len = bvl->bv.bv_len
-					- ( itmp.bv_val - bvl->bv.bv_val );
-				ptr = ber_bvchr( &itmp, IX_FSR );
-				if ( ptr ) {
-					itmp.bv_len = ptr - itmp.bv_val;
-					ber_dupbv( &bvl->num, &itmp );
-					bvl->inum = strtol( itmp.bv_val, NULL, 0 );
-					itmp.bv_val[0] = '\0';
-					bvl->off = itmp.bv_val - bvl->bv.bv_val;
+			if ( *fname_maxlenp < fname_len )
+				*fname_maxlenp = fname_len;
+
+			bvl = SLAP_MALLOC( BVL_SIZE( fname_len ) );
+			if ( bvl == NULL ) {
+				rc = LDAP_OTHER;
+				save_errno = errno;
+				break;
+			}
+			strcpy( BVL_NAME( bvl ), dir->d_name );
+
+			/* Make it sortable by ("attr=val" or <preceding {num}, num>) */
+			trunc = BVL_NAME( bvl ) + fname_len - STRLENOF( LDIF );
+			if ( (idxp = strchr( BVL_NAME( bvl ) + 2, IX_FSL )) != NULL &&
+				 (endp = strchr( ++idxp, IX_FSR )) != NULL && endp > idxp &&
+				 (eq_unsafe || idxp[-2] == '=' || endp + 1 == trunc) )
+			{
+				/* attr={n}val or bconfig.c's "pseudo-indexed" attr=val{n} */
+				bvl->inum = strtol( idxp, &endp2, 10 );
+				if ( endp2 == endp ) {
+					trunc = idxp;
+					goto truncate;
 				}
 			}
+			bvl->inum = INT_MIN;
+		truncate:
+			bvl->trunc = trunc;
+			bvl->savech = *trunc;
+			*trunc = '\0';
 
-			for (prev = &list; (ptr = *prev) != NULL; prev = &ptr->next) {
-				int cmp = strcmp( bvl->bv.bv_val, ptr->bv.bv_val );
-				if ( !cmp && bvl->num.bv_val )
-					cmp = bvl->inum - ptr->inum;
-				if ( cmp < 0 )
+			for ( prev = listp; (ptr = *prev) != NULL; prev = &ptr->next ) {
+				int cmp = strcmp( BVL_NAME( bvl ), BVL_NAME( ptr ));
+				if ( cmp < 0 || (cmp == 0 && bvl->inum < ptr->inum) )
 					break;
 			}
 			*prev = bvl;
 			bvl->next = ptr;
-				
 		}
-		closedir(dir_of_path);
 
-		if (ck->op->ors_scope == LDAP_SCOPE_ONELEVEL)
-			ck->op->ors_scope = LDAP_SCOPE_BASE;
-		else if ( ck->op->ors_scope == LDAP_SCOPE_SUBORDINATE)
-			ck->op->ors_scope = LDAP_SCOPE_SUBTREE;
+		if ( closedir( dir_of_path ) < 0 ) {
+			save_errno = errno;
+			rc = LDAP_OTHER;
+			if ( rs != NULL )
+				rs->sr_text = "internal error (bad directory)";
+		}
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "ldif_search_entry: %s \"%s\": %s\n",
+				"error reading directory", path->bv_val,
+				STRERROR( save_errno ) );
+		}
+	}
 
-		while ( ( ptr = list ) ) {
-			struct berval fpath;
+	return rc;
+}
 
-			list = ptr->next;
+/*
+ * Send an entry, recursively search its children, and free or save it.
+ * Return an LDAP result code.  Parameters:
+ *  op, rs  operation and reply.  rs == NULL for slap tools.
+ *  e       entry to search, or NULL for rootDSE.
+ *  scope   scope for the part of the search from this entry.
+ *  path    LDIF filename -- bv_len and non-directory part are overwritten.
+ */
+static int
+ldif_search_entry(
+	Operation *op,
+	SlapReply *rs,
+	Entry *e,
+	int scope,
+	struct berval *path )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval dn = BER_BVC( "" ), ndn = BER_BVC( "" );
 
-			if ( rc == LDAP_SUCCESS ) {
-				if ( ptr->num.bv_val )
-					AC_MEMCPY( ptr->bv.bv_val + ptr->off, ptr->num.bv_val,
-						ptr->num.bv_len );
-				fullpath( path, &ptr->bv, &fpath );
-				rc = r_enum_tree(ck, &fpath, 0,
-					e != NULL ? &e->e_name : pdn,
-					e != NULL ? &e->e_nname : pndn );
-				free(fpath.bv_val);
-			}
-			if ( ptr->num.bv_val )
-				free( ptr->num.bv_val );
-			free(ptr->bv.bv_val);
-			free(ptr);
+	if ( scope != LDAP_SCOPE_BASE && e != NULL ) {
+		/* Copy DN/NDN since we send the entry with REP_ENTRY_MODIFIABLE,
+		 * which bconfig.c seems to need.  (TODO: see config_rename_one.)
+		 */
+		if ( ber_dupbv( &dn,  &e->e_name  ) == NULL ||
+			 ber_dupbv( &ndn, &e->e_nname ) == NULL )
+		{
+			Debug( LDAP_DEBUG_ANY,
+				"ldif_search_entry: out of memory\n", 0, 0, 0 );
+			rc = LDAP_OTHER;
+			goto done;
 		}
 	}
-done:
-	if ( fd ) entry_free( e );
+
+	/* Send the entry if appropriate, and free or save it */
+	if ( e != NULL )
+		rc = ldif_send_entry( op, rs, e, scope );
+
+	/* Search the children */
+	if ( scope != LDAP_SCOPE_BASE && rc == LDAP_SUCCESS ) {
+		bvlist *list, *ptr;
+		struct berval fpath;	/* becomes child pathname */
+		char *dir_end;	/* will point past dirname in fpath */
+
+		ldif2dir_len( *path );
+		ldif2dir_name( *path );
+		rc = ldif_readdir( op, rs, path, &list, &fpath.bv_len );
+
+		if ( list != NULL ) {
+			const char **text = rs == NULL ? NULL : &rs->sr_text;
+
+			if ( scope == LDAP_SCOPE_ONELEVEL )
+				scope = LDAP_SCOPE_BASE;
+			else if ( scope == LDAP_SCOPE_SUBORDINATE )
+				scope = LDAP_SCOPE_SUBTREE;
+
+			/* Allocate fpath and fill in directory part */
+			dir_end = fullpath_alloc( &fpath, path, fpath.bv_len );
+			if ( dir_end == NULL )
+				rc = LDAP_OTHER;
+
+			do {
+				ptr = list;
+
+				if ( rc == LDAP_SUCCESS ) {
+					*ptr->trunc = ptr->savech;
+					FILL_PATH( &fpath, dir_end, BVL_NAME( ptr ));
+
+					rc = ldif_read_entry( op, fpath.bv_val, &dn, &ndn,
+						&e, text );
+					switch ( rc ) {
+					case LDAP_SUCCESS:
+						rc = ldif_search_entry( op, rs, e, scope, &fpath );
+						break;
+					case LDAP_NO_SUCH_OBJECT:
+						/* Only the search baseDN may produce noSuchObject. */
+						rc = LDAP_OTHER;
+						if ( rs != NULL )
+							rs->sr_text = "internal error "
+								"(did someone just remove an entry file?)";
+						Debug( LDAP_DEBUG_ANY, "ldif_search_entry: "
+							"file listed in parent directory does not exist: "
+							"\"%s\"\n", fpath.bv_val, 0, 0 );
+						break;
+					}
+				}
+
+				list = ptr->next;
+				SLAP_FREE( ptr );
+			} while ( list != NULL );
+
+			if ( !BER_BVISNULL( &fpath ) )
+				SLAP_FREE( fpath.bv_val );
+		}
+	}
+
+ done:
+	if ( !BER_BVISEMPTY( &dn ) )
+		ber_memfree( dn.bv_val );
+	if ( !BER_BVISEMPTY( &ndn ) )
+		ber_memfree( ndn.bv_val );
 	return rc;
 }
 
 static int
-enum_tree(
-	enumCookie *ck
-)
+search_tree( Operation *op, SlapReply *rs )
 {
+	int rc = LDAP_SUCCESS;
+	Entry *e = NULL;
 	struct berval path;
 	struct berval pdn, pndn;
-	int rc;
 
-	dnParent( &ck->op->o_req_dn, &pdn );
-	dnParent( &ck->op->o_req_ndn, &pndn );
-	dn2path( ck->op->o_bd, &ck->op->o_req_ndn, &path );
-	rc = r_enum_tree(ck, &path, BER_BVISEMPTY( &ck->op->o_req_ndn ) ? 1 : 0, &pdn, &pndn);
+	dn2path( op->o_bd, &op->o_req_ndn, &path );
+	if ( !BER_BVISEMPTY( &op->o_req_ndn ) ) {
+		/* Read baseObject */
+		dnParent( &op->o_req_dn, &pdn );
+		dnParent( &op->o_req_ndn, &pndn );
+		rc = ldif_read_entry( op, path.bv_val, &pdn, &pndn, &e,
+			rs == NULL ? NULL : &rs->sr_text );
+	}
+	if ( rc == LDAP_SUCCESS )
+		rc = ldif_search_entry( op, rs, e, op->ors_scope, &path );
+
 	ch_free( path.bv_val );
 	return rc;
 }
 
 
-/* Get the parent directory path, plus the LDIF suffix overwritten by a \0 */
-static void
-get_parent_path( struct berval *dnpath, struct berval *res )
+/*
+ * Prepare to create or rename an entry:
+ * Check that the entry does not already exist.
+ * Check that the parent entry exists and can have subordinates,
+ * unless need_dir is NULL or adding the suffix entry.
+ *
+ * Return an LDAP result code.  May set *text to a message on failure.
+ * If success, set *dnpath to LDIF entry path and *need_dir to
+ * (directory must be created ? dirname : NULL).
+ */
+static int
+ldif_prepare_create(
+	Operation *op,
+	Entry *e,
+	struct berval *dnpath,
+	char **need_dir,
+	const char **text )
 {
-	int dnpathlen = dnpath->bv_len;
-	int i;
-	
-	for(i = dnpathlen;i>0;i--) /* find the first path seperator */
-		if(dnpath->bv_val[i] == LDAP_DIRSEP[0])
+	BackendDB *be = op->o_bd;
+	struct ldif_info *li = (struct ldif_info *) be->be_private;
+	struct berval *ndn = &e->e_nname;
+	struct berval ppath = BER_BVNULL;
+	struct stat st;
+	Entry *parent = NULL;
+	int rc = LDAP_SUCCESS;
+
+	if ( op->o_abandon )
+		return SLAPD_ABANDON;
+
+	dn2path( be, ndn, dnpath );
+
+	if ( stat( dnpath->bv_val, &st ) == 0 ) { /* entry .ldif file */
+		rc = LDAP_ALREADY_EXISTS;
+
+	} else if ( errno != ENOENT ) {
+		Debug( LDAP_DEBUG_ANY,
+			"ldif_prepare_create: cannot stat \"%s\": %s\n",
+			dnpath->bv_val, STRERROR( errno ), 0 );
+		rc = LDAP_OTHER;
+		*text = "internal error (cannot check entry file)";
+
+	} else if ( need_dir != NULL ) {
+		*need_dir = NULL;
+		rc = get_parent_path( dnpath, &ppath );
+		/* If parent dir exists, so does parent .ldif:
+		 * The directory gets created after and removed before the .ldif.
+		 * Except with the database directory, which has no matching entry.
+		 */
+		if ( rc == LDAP_SUCCESS && stat( ppath.bv_val, &st ) < 0 ) {
+			rc = errno == ENOENT && ppath.bv_len > li->li_base_path.bv_len
+				? LDAP_NO_SUCH_OBJECT : LDAP_OTHER;
+		}
+		switch ( rc ) {
+		case LDAP_NO_SUCH_OBJECT:
+			/* No parent dir, check parent .ldif */
+			dir2ldif_name( ppath );
+			rc = ldif_read_entry( op, ppath.bv_val, NULL, NULL,
+				(op->o_tag != LDAP_REQ_ADD || get_manageDSAit( op )
+				 ? &parent : NULL),
+				text );
+			switch ( rc ) {
+			case LDAP_SUCCESS:
+				/* Check that parent is not a referral, unless
+				 * ldif_back_referrals() already checked.
+				 */
+				if ( parent != NULL ) {
+					int is_ref = is_entry_referral( parent );
+					entry_free( parent );
+					if ( is_ref ) {
+						rc = LDAP_AFFECTS_MULTIPLE_DSAS;
+						*text = op->o_tag == LDAP_REQ_MODDN
+							? "newSuperior is a referral object"
+							: "parent is a referral object";
+						break;
+					}
+				}
+				/* Must create parent directory. */
+				ldif2dir_name( ppath );
+				*need_dir = ppath.bv_val;
+				break;
+			case LDAP_NO_SUCH_OBJECT:
+				*text = op->o_tag == LDAP_REQ_MODDN
+					? "newSuperior object does not exist"
+					: "parent does not exist";
+				break;
+			}
 			break;
-	res->bv_len = i;
-	res->bv_val = ch_malloc( res->bv_len + 1 + STRLENOF(LDIF) );
-	strncpy(res->bv_val, dnpath->bv_val, i);
-	strcpy(res->bv_val+i, LDIF);
-	res->bv_val[i] = '\0';
+		case LDAP_OTHER:
+			Debug( LDAP_DEBUG_ANY,
+				"ldif_prepare_create: cannot stat \"%s\" parent dir: %s\n",
+				ndn->bv_val, STRERROR( errno ), 0 );
+			*text = "internal error (cannot stat parent dir)";
+			break;
+		}
+		if ( *need_dir == NULL && ppath.bv_val != NULL )
+			SLAP_FREE( ppath.bv_val );
+	}
+
+	if ( rc != LDAP_SUCCESS ) {
+		SLAP_FREE( dnpath->bv_val );
+		BER_BVZERO( dnpath );
+	}
+	return rc;
 }
 
-static int apply_modify_to_entry(Entry * entry,
-				Modifications * modlist,
-				Operation * op,
-				SlapReply * rs)
+static int
+apply_modify_to_entry(
+	Entry *entry,
+	Modifications *modlist,
+	Operation *op,
+	SlapReply *rs )
 {
 	char textbuf[SLAP_TEXT_BUFLEN];
 	int rc = modlist ? LDAP_UNWILLING_TO_PERFORM : LDAP_SUCCESS;
@@ -689,14 +1022,14 @@
 				   &rs->sr_text, textbuf,
 				   sizeof( textbuf ) );
 			break;
-				
+
 		case LDAP_MOD_DELETE:
 			rc = modify_delete_values(entry, mods,
 				get_permissiveModify(op),
 				&rs->sr_text, textbuf,
 				sizeof( textbuf ) );
 			break;
-				
+
 		case LDAP_MOD_REPLACE:
 			rc = modify_replace_values(entry, mods,
 				 get_permissiveModify(op),
@@ -726,146 +1059,90 @@
 		if(rc != LDAP_SUCCESS) break;
 	}
 
-	if(rc == LDAP_SUCCESS) {
+	if ( rc == LDAP_SUCCESS ) {
+		rs->sr_text = NULL; /* Needed at least with SLAP_MOD_SOFTADD */
 		if ( is_oc ) {
 			entry->e_ocflags = 0;
 		}
 		/* check that the entry still obeys the schema */
-		rc = entry_schema_check( op, entry, NULL, 0, 0,
+		rc = entry_schema_check( op, entry, NULL, 0, 0, NULL,
 			  &rs->sr_text, textbuf, sizeof( textbuf ) );
 	}
 
 	return rc;
 }
 
-int
+
+static int
 ldif_back_referrals( Operation *op, SlapReply *rs )
 {
-	struct ldif_info	*li = NULL;
-	Entry			*entry;
-	int			rc = LDAP_SUCCESS;
+	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
+	struct berval path, dn = op->o_req_dn, ndn = op->o_req_ndn;
+	ber_len_t min_dnlen;
+	Entry *entry = NULL, **entryp;
+	BerVarray ref;
+	int rc;
 
-#if 0
-	if ( op->o_tag == LDAP_REQ_SEARCH ) {
-		/* let search take care of itself */
-		return rc;
+	min_dnlen = op->o_bd->be_nsuffix[0].bv_len;
+	if ( min_dnlen == 0 ) {
+		/* Catch root DSE (empty DN), it is not a referral */
+		min_dnlen = 1;
+		if ( BER_BVISEMPTY( &ndn ) )
+			return LDAP_SUCCESS;
 	}
-#endif
 
-	if ( get_manageDSAit( op ) ) {
-		/* let op take care of DSA management */
-		return rc;
-	}
-
-	if ( BER_BVISEMPTY( &op->o_req_ndn ) ) {
-		/* the empty DN cannot be a referral */
-		return rc;
-	}
-
-	li = (struct ldif_info *)op->o_bd->be_private;
+	entryp = get_manageDSAit( op ) ? NULL : &entry;
+	dn2path( op->o_bd, &ndn, &path );
 	ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
-	get_entry( op, &entry, NULL );
 
-	/* no object is found for them */
-	if ( entry == NULL ) {
-		struct berval	odn = op->o_req_dn;
-		struct berval	ondn = op->o_req_ndn;
-		struct berval	pndn = ondn;
-		ber_len_t		min_dnlen = op->o_bd->be_nsuffix[0].bv_len;
+	for (;;) {
+		dnParent( &dn, &dn );
+		dnParent( &ndn, &ndn );
+		rc = ldif_read_entry( op, path.bv_val, &dn, &ndn,
+			entryp, &rs->sr_text );
+		if ( rc != LDAP_NO_SUCH_OBJECT )
+			break;
 
-		if ( min_dnlen == 0 )
-			min_dnlen = 1;	   /* catch empty DN */
+		rc = LDAP_SUCCESS;
+		if ( ndn.bv_len < min_dnlen )
+			break;
+		(void) get_parent_path( &path, NULL );
+		dir2ldif_name( path );
+		entryp = &entry;
+	}
 
-		for ( ; entry == NULL; ) {
-			dnParent( &pndn, &pndn );
-			if ( pndn.bv_len < min_dnlen ) {
-				break;
-			}
+	ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
+	SLAP_FREE( path.bv_val );
 
-			op->o_req_dn = pndn;
-			op->o_req_ndn = pndn;
-
-			get_entry( op, &entry, NULL );
-		}
-
-		ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
-
-		op->o_req_dn = odn;
-		op->o_req_ndn = ondn;
-
-		rc = LDAP_SUCCESS;
-		rs->sr_matched = NULL;
-		if ( entry != NULL ) {
+	if ( entry != NULL ) {
+		if ( is_entry_referral( entry ) ) {
 			Debug( LDAP_DEBUG_TRACE,
 				"ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
-				(unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
+				(unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_dn );
 
-			if ( is_entry_referral( entry ) ) {
+			ref = get_entry_referrals( op, entry );
+			rs->sr_ref = referral_rewrite( ref, &entry->e_name, &op->o_req_dn,
+				op->o_tag == LDAP_REQ_SEARCH ?
+				op->ors_scope : LDAP_SCOPE_DEFAULT );
+			ber_bvarray_free( ref );
+
+			if ( rs->sr_ref != NULL ) {
+				/* send referral */
+				rc = rs->sr_err = LDAP_REFERRAL;
+				rs->sr_matched = entry->e_dn;
+				send_ldap_result( op, rs );
+				ber_bvarray_free( rs->sr_ref );
+				rs->sr_ref = NULL;
+			} else {
 				rc = LDAP_OTHER;
-				rs->sr_ref = get_entry_referrals( op, entry );
-				if ( rs->sr_ref ) {
-					rs->sr_matched = ber_strdup_x(
-					entry->e_name.bv_val, op->o_tmpmemctx );
-				}
+				rs->sr_text = "bad referral object";
 			}
-
-			entry_free(entry);
-
-		} else if ( default_referral != NULL ) {
-			rc = LDAP_OTHER;
-			rs->sr_ref = referral_rewrite( default_referral,
-				NULL, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
-		}
-
-		if ( rs->sr_ref != NULL ) {
-			/* send referrals */
-			rc = rs->sr_err = LDAP_REFERRAL;
-			send_ldap_result( op, rs );
-			ber_bvarray_free( rs->sr_ref );
-			rs->sr_ref = NULL;
-
-		} else if ( rc != LDAP_SUCCESS ) {
-			rs->sr_text = rs->sr_matched ? "bad referral object" : NULL;
-		}
-
-		if ( rs->sr_matched ) {
-			op->o_tmpfree( (char *)rs->sr_matched, op->o_tmpmemctx );
 			rs->sr_matched = NULL;
 		}
 
-		return rc;
+		entry_free( entry );
 	}
 
-	ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
-
-	if ( is_entry_referral( entry ) ) {
-		/* entry is a referral */
-		BerVarray refs = get_entry_referrals( op, entry );
-		rs->sr_ref = referral_rewrite(
-			refs, &entry->e_name, &op->o_req_dn, LDAP_SCOPE_DEFAULT );
-
-		Debug( LDAP_DEBUG_TRACE,
-			"ldif_back_referrals: tag=%lu target=\"%s\" matched=\"%s\"\n",
-			(unsigned long) op->o_tag, op->o_req_dn.bv_val, entry->e_name.bv_val );
-
-		rs->sr_matched = entry->e_name.bv_val;
-		if ( rs->sr_ref != NULL ) {
-			rc = rs->sr_err = LDAP_REFERRAL;
-			send_ldap_result( op, rs );
-			ber_bvarray_free( rs->sr_ref );
-			rs->sr_ref = NULL;
-
-		} else {
-			rc = LDAP_OTHER;
-			rs->sr_text = "bad referral object";
-		}
-
-		rs->sr_matched = NULL;
-		ber_bvarray_free( refs );
-	}
-
-	entry_free( entry );
-
 	return rc;
 }
 
@@ -879,7 +1156,7 @@
 	Attribute *a;
 	AttributeDescription *password = slap_schema.si_ad_userPassword;
 	int return_val;
-	Entry *entry;
+	Entry *entry = NULL;
 
 	switch ( be_rootdn_bind( op, rs ) ) {
 	case SLAP_CB_CONTINUE:
@@ -893,7 +1170,7 @@
 
 	li = (struct ldif_info *) op->o_bd->be_private;
 	ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
-	return_val = get_entry(op, &entry, NULL);
+	return_val = get_entry(op, &entry, NULL, NULL);
 
 	/* no object is found for them */
 	if(return_val != LDAP_SUCCESS) {
@@ -917,150 +1194,115 @@
 	}
 
 	/* let the front-end send success */
-	return_val = 0;
-	goto return_result;
+	return_val = LDAP_SUCCESS;
 
  return_result:
 	ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
-	if(return_val != 0)
+	if(return_val != LDAP_SUCCESS)
 		send_ldap_result( op, rs );
 	if(entry != NULL)
 		entry_free(entry);
 	return return_val;
 }
 
-static int ldif_back_search(Operation *op, SlapReply *rs)
+static int
+ldif_back_search( Operation *op, SlapReply *rs )
 {
 	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
-	enumCookie ck = { NULL, NULL, NULL, 0, 0 };
 
-	ck.op = op;
-	ck.rs = rs;
 	ldap_pvt_thread_rdwr_rlock(&li->li_rdwr);
-	rs->sr_err = enum_tree( &ck );
+	rs->sr_err = search_tree( op, rs );
 	ldap_pvt_thread_rdwr_runlock(&li->li_rdwr);
 	send_ldap_result(op, rs);
 
 	return rs->sr_err;
 }
 
-static int ldif_back_add(Operation *op, SlapReply *rs) {
+static int
+ldif_back_add( Operation *op, SlapReply *rs )
+{
 	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
 	Entry * e = op->ora_e;
-	struct berval dn = e->e_nname;
-	struct berval leaf_path = BER_BVNULL;
-	struct stat stats;
-	int statres;
+	struct berval path;
+	char *parentdir;
 	char textbuf[SLAP_TEXT_BUFLEN];
+	int rc;
 
-	Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", dn.bv_val, 0, 0);
+	Debug( LDAP_DEBUG_TRACE, "ldif_back_add: \"%s\"\n", e->e_dn, 0, 0 );
 
-	rs->sr_err = entry_schema_check(op, e, NULL, 0, 1,
+	rc = entry_schema_check( op, e, NULL, 0, 1, NULL,
 		&rs->sr_text, textbuf, sizeof( textbuf ) );
-	if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
+	if ( rc != LDAP_SUCCESS )
+		goto send_res;
 
-	rs->sr_err = slap_add_opattrs( op,
-		&rs->sr_text, textbuf, sizeof( textbuf ), 1 );
-	if ( rs->sr_err != LDAP_SUCCESS ) goto send_res;
+	rc = slap_add_opattrs( op, &rs->sr_text, textbuf, sizeof( textbuf ), 1 );
+	if ( rc != LDAP_SUCCESS )
+		goto send_res;
 
-	ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
+	ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
 
-	dn2path( op->o_bd, &dn, &leaf_path );
+	rc = ldif_prepare_create( op, e, &path, &parentdir, &rs->sr_text );
+	if ( rc == LDAP_SUCCESS ) {
+		ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+		rc = ldif_write_entry( op, e, &path, parentdir, &rs->sr_text );
+		ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
 
-	if(leaf_path.bv_val != NULL) {
-		struct berval base = BER_BVNULL;
-		/* build path to container and ldif of container */
-		get_parent_path(&leaf_path, &base);
-
-		statres = stat(base.bv_val, &stats); /* check if container exists */
-		if(statres == -1 && errno == ENOENT) { /* container missing */
-			base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
-			statres = stat(base.bv_val, &stats); /* check for leaf node */
-			base.bv_val[base.bv_len] = '\0';
-			if(statres == -1 && errno == ENOENT) {
-				rs->sr_err = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
-				rs->sr_text = "Parent does not exist";
-			}
-			else if(statres != -1) { /* create parent */
-				int mkdirres = mkdir(base.bv_val, 0750);
-				if(mkdirres == -1) {
-					rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-					rs->sr_text = "Could not create parent folder";
-					Debug( LDAP_DEBUG_ANY, "could not create folder \"%s\": %s\n",
-						base.bv_val, STRERROR( errno ), 0 );
-				}
-			}
-			else
-				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-		}/* container was possibly created, move on to add the entry */
-		if(rs->sr_err == LDAP_SUCCESS) {
-			statres = stat(leaf_path.bv_val, &stats);
-			if(statres == -1 && errno == ENOENT) {
-				rs->sr_err = spew_entry(e, &leaf_path, 1, NULL);
-			}
-			else if ( statres == -1 ) {
-				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-				Debug( LDAP_DEBUG_ANY, "could not stat file \"%s\": %s\n",
-					leaf_path.bv_val, STRERROR( errno ), 0 );
-			}
-			else /* it already exists */
-				rs->sr_err = LDAP_ALREADY_EXISTS;
-		}
-		SLAP_FREE(base.bv_val);
-		SLAP_FREE(leaf_path.bv_val);
+		SLAP_FREE( path.bv_val );
+		if ( parentdir != NULL )
+			SLAP_FREE( parentdir );
 	}
 
-	ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
+	ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
 
-send_res:
-	Debug( LDAP_DEBUG_TRACE, 
-			"ldif_back_add: err: %d text: %s\n", rs->sr_err, rs->sr_text ?
-				rs->sr_text : "", 0);
-	send_ldap_result(op, rs);
+ send_res:
+	rs->sr_err = rc;
+	Debug( LDAP_DEBUG_TRACE, "ldif_back_add: err: %d text: %s\n",
+		rc, rs->sr_text ? rs->sr_text : "", 0 );
+	send_ldap_result( op, rs );
 	slap_graduate_commit_csn( op );
 	return rs->sr_err;
 }
 
-static int ldif_back_modify(Operation *op, SlapReply *rs) {
+static int
+ldif_back_modify( Operation *op, SlapReply *rs )
+{
 	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
 	Modifications * modlst = op->orm_modlist;
 	struct berval path;
 	Entry *entry;
-	int spew_res;
+	int rc;
 
 	slap_mods_opattrs( op, &op->orm_modlist, 1 );
 
-	ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
+	ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
 
-	rs->sr_err = get_entry( op, &entry, &path );
-	if(entry != NULL) {
-		rs->sr_err = apply_modify_to_entry(entry, modlst, op, rs);
-		if(rs->sr_err == LDAP_SUCCESS) {
-			int save_errno;
-			spew_res = spew_entry(entry, &path, 1, &save_errno);
-			if(spew_res == -1) {
-				Debug( LDAP_DEBUG_ANY,
-					"%s ldif_back_modify: could not output entry \"%s\": %s\n",
-					op->o_log_prefix, entry->e_name.bv_val, STRERROR( save_errno ) );
-				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-			}
+	rc = get_entry( op, &entry, &path, &rs->sr_text );
+	if ( rc == LDAP_SUCCESS ) {
+		rc = apply_modify_to_entry( entry, modlst, op, rs );
+		if ( rc == LDAP_SUCCESS ) {
+			ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+			rc = ldif_write_entry( op, entry, &path, NULL, &rs->sr_text );
+			ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
 		}
 
 		entry_free( entry );
 		SLAP_FREE( path.bv_val );
 	}
 
-	rs->sr_text = NULL;
-	ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
-	send_ldap_result(op, rs);
+	ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
+
+	rs->sr_err = rc;
+	send_ldap_result( op, rs );
 	slap_graduate_commit_csn( op );
 	return rs->sr_err;
 }
 
-static int ldif_back_delete(Operation *op, SlapReply *rs) {
+static int
+ldif_back_delete( Operation *op, SlapReply *rs )
+{
 	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
 	struct berval path;
-	int res = 0;
+	int rc = LDAP_SUCCESS;
 
 	if ( BER_BVISEMPTY( &op->o_csn )) {
 		struct berval csn;
@@ -1071,48 +1313,53 @@
 		slap_get_csn( op, &csn, 1 );
 	}
 
-	ldap_pvt_thread_rdwr_wlock(&li->li_rdwr);
+	ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
+	ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+	if ( op->o_abandon ) {
+		rc = SLAPD_ABANDON;
+		goto done;
+	}
 
 	dn2path( op->o_bd, &op->o_req_ndn, &path );
-	path.bv_val[path.bv_len - STRLENOF(LDIF)] = '\0';
-	res = rmdir(path.bv_val);
-	path.bv_val[path.bv_len - STRLENOF(LDIF)] = LDIF_FILETYPE_SEP;
-	rs->sr_err = LDAP_SUCCESS;
-	if ( res ) {
+	ldif2dir_len( path );
+	ldif2dir_name( path );
+	if ( rmdir( path.bv_val ) < 0 ) {
 		switch ( errno ) {
 		case ENOTEMPTY:
-			rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+			rc = LDAP_NOT_ALLOWED_ON_NONLEAF;
 			break;
-
 		case ENOENT:
 			/* is leaf, go on */
-			res = 0;
 			break;
-
 		default:
-			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+			rc = LDAP_OTHER;
+			rs->sr_text = "internal error (cannot delete subtree directory)";
 			break;
 		}
 	}
 
-	if ( !res ) {
-		res = unlink(path.bv_val);
-		if ( res == -1 ) {
-			switch ( errno ) {
-			case ENOENT:
-				rs->sr_err = LDAP_NO_SUCH_OBJECT;
-				break;
-
-			default:
-				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
-				break;
+	if ( rc == LDAP_SUCCESS ) {
+		dir2ldif_name( path );
+		if ( unlink( path.bv_val ) < 0 ) {
+			rc = LDAP_NO_SUCH_OBJECT;
+			if ( errno != ENOENT ) {
+				rc = LDAP_OTHER;
+				rs->sr_text = "internal error (cannot delete entry file)";
 			}
 		}
 	}
 
-	SLAP_FREE(path.bv_val);
-	ldap_pvt_thread_rdwr_wunlock(&li->li_rdwr);
-	send_ldap_result(op, rs);
+	if ( rc == LDAP_OTHER ) {
+		Debug( LDAP_DEBUG_ANY, "ldif_back_delete: %s \"%s\": %s\n",
+			"cannot delete", path.bv_val, STRERROR( errno ) );
+	}
+
+	SLAP_FREE( path.bv_val );
+ done:
+	ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
+	ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
+	rs->sr_err = rc;
+	send_ldap_result( op, rs );
 	slap_graduate_commit_csn( op );
 	return rs->sr_err;
 }
@@ -1122,94 +1369,109 @@
 ldif_move_entry(
 	Operation *op,
 	Entry *entry,
-	struct berval *oldpath )
+	int same_ndn,
+	struct berval *oldpath,
+	const char **text )
 {
-	int res;
-	int exists_res;
+	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
 	struct berval newpath;
+	char *parentdir = NULL, *trash;
+	int rc, rename_res;
 
-	dn2path( op->o_bd, &entry->e_nname, &newpath );
+	if ( same_ndn ) {
+		rc = LDAP_SUCCESS;
+		newpath = *oldpath;
+	} else {
+		rc = ldif_prepare_create( op, entry, &newpath,
+			op->orr_newSup ? &parentdir : NULL, text );
+	}
 
-	if((entry == NULL || oldpath->bv_val == NULL) || newpath.bv_val == NULL) {
-		/* some object doesn't exist */
-		res = LDAP_NO_SUCH_OBJECT;
-	}
-	else { /* do the modrdn */
-		exists_res = open(newpath.bv_val, O_RDONLY);
-		if(exists_res == -1 && errno == ENOENT) {
-			ldap_pvt_thread_mutex_lock( &entry2str_mutex );
-			res = spew_entry(entry, &newpath, 0, NULL);
-			if(res != -1) {
-				/* if this fails we should log something bad */
-				res = unlink( oldpath->bv_val );
-				oldpath->bv_val[oldpath->bv_len - STRLENOF(".ldif")] = '\0';
-				newpath.bv_val[newpath.bv_len - STRLENOF(".ldif")] = '\0';
-				res = rename( oldpath->bv_val, newpath.bv_val );
-				res = LDAP_SUCCESS;
+	if ( rc == LDAP_SUCCESS ) {
+		ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+
+		rc = ldif_write_entry( op, entry, &newpath, parentdir, text );
+		if ( rc == LDAP_SUCCESS && !same_ndn ) {
+			trash = oldpath->bv_val; /* will be .ldif file to delete */
+			ldif2dir_len( newpath );
+			ldif2dir_len( *oldpath );
+			/* Move subdir before deleting old entry,
+			 * so .ldif always exists if subdir does.
+			 */
+			ldif2dir_name( newpath );
+			ldif2dir_name( *oldpath );
+			rename_res = move_dir( oldpath->bv_val, newpath.bv_val );
+			if ( rename_res != 0 && errno != ENOENT ) {
+				rc = LDAP_OTHER;
+				*text = "internal error (cannot move this subtree)";
+				trash = newpath.bv_val;
 			}
-			else {
-				if(errno == ENOENT)
-					res = LDAP_NO_SUCH_OBJECT;
-				else
-					res = LDAP_UNWILLING_TO_PERFORM;
-				unlink(newpath.bv_val); /* in case file was created */
+
+			/* Delete old entry, or if error undo change */
+			for (;;) {
+				dir2ldif_name( newpath );
+				dir2ldif_name( *oldpath );
+				if ( unlink( trash ) == 0 )
+					break;
+				if ( rc == LDAP_SUCCESS ) {
+					/* Prepare to undo change and return failure */
+					rc = LDAP_OTHER;
+					*text = "internal error (cannot move this entry)";
+					trash = newpath.bv_val;
+					if ( rename_res != 0 )
+						continue;
+					/* First move subdirectory back */
+					ldif2dir_name( newpath );
+					ldif2dir_name( *oldpath );
+					if ( move_dir( newpath.bv_val, oldpath->bv_val ) == 0 )
+						continue;
+				}
+				*text = "added new but couldn't delete old entry!";
+				break;
 			}
-			ldap_pvt_thread_mutex_unlock( &entry2str_mutex );
-		}
-		else if(exists_res) {
-			int close_res = close(exists_res);
-			res = LDAP_ALREADY_EXISTS;
-			if(close_res == -1) {
-			/* log heinous error */
+
+			if ( rc != LDAP_SUCCESS ) {
+				char s[128];
+				snprintf( s, sizeof s, "%s (%s)", *text, STRERROR( errno ));
+				Debug( LDAP_DEBUG_ANY,
+					"ldif_move_entry: %s: \"%s\" -> \"%s\"\n",
+					s, op->o_req_dn.bv_val, entry->e_dn );
 			}
 		}
-		else {
-			res = LDAP_UNWILLING_TO_PERFORM;
-		}
+
+		ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
+		if ( !same_ndn )
+			SLAP_FREE( newpath.bv_val );
+		if ( parentdir != NULL )
+			SLAP_FREE( parentdir );
 	}
 
-	if(newpath.bv_val != NULL)
-		SLAP_FREE(newpath.bv_val);
-	return res;
+	return rc;
 }
 
 static int
-ldif_back_modrdn(Operation *op, SlapReply *rs)
+ldif_back_modrdn( Operation *op, SlapReply *rs )
 {
 	struct ldif_info *li = (struct ldif_info *) op->o_bd->be_private;
 	struct berval new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
 	struct berval p_dn, old_path;
 	Entry *entry;
-	int rc;
+	int rc, same_ndn;
 
 	slap_mods_opattrs( op, &op->orr_modlist, 1 );
 
-	ldap_pvt_thread_rdwr_wlock( &li->li_rdwr );
+	ldap_pvt_thread_mutex_lock( &li->li_modop_mutex );
 
-	rc = get_entry( op, &entry, &old_path );
+	rc = get_entry( op, &entry, &old_path, &rs->sr_text );
 	if ( rc == LDAP_SUCCESS ) {
 		/* build new dn, and new ndn for the entry */
 		if ( op->oq_modrdn.rs_newSup != NULL ) {
-			struct berval	op_dn = op->o_req_dn,
-					op_ndn = op->o_req_ndn;
-			Entry		*np;
-
-			/* new superior */
 			p_dn = *op->oq_modrdn.rs_newSup;
-			op->o_req_dn = *op->oq_modrdn.rs_newSup;
-			op->o_req_ndn = *op->oq_modrdn.rs_nnewSup;
-			rc = get_entry( op, &np, NULL );
-			op->o_req_dn = op_dn;
-			op->o_req_ndn = op_ndn;
-			if ( rc != LDAP_SUCCESS ) {
-				goto no_such_object;
-			}
-			entry_free( np );
 		} else {
 			dnParent( &entry->e_name, &p_dn );
 		}
-		build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL ); 
+		build_new_dn( &new_dn, &p_dn, &op->oq_modrdn.rs_newrdn, NULL );
 		dnNormalize( 0, NULL, NULL, &new_dn, &new_ndn, NULL );
+		same_ndn = !ber_bvcmp( &entry->e_nname, &new_ndn );
 		ber_memfree_x( entry->e_name.bv_val, NULL );
 		ber_memfree_x( entry->e_nname.bv_val, NULL );
 		entry->e_name = new_dn;
@@ -1218,15 +1480,14 @@
 		/* perform the modifications */
 		rc = apply_modify_to_entry( entry, op->orr_modlist, op, rs );
 		if ( rc == LDAP_SUCCESS )
-			rc = ldif_move_entry( op, entry, &old_path );
+			rc = ldif_move_entry( op, entry, same_ndn, &old_path,
+				&rs->sr_text );
 
-no_such_object:;
 		entry_free( entry );
 		SLAP_FREE( old_path.bv_val );
 	}
 
-	rs->sr_text = "";
-	ldap_pvt_thread_rdwr_wunlock( &li->li_rdwr );
+	ldap_pvt_thread_mutex_unlock( &li->li_modop_mutex );
 	rs->sr_err = rc;
 	send_ldap_result( op, rs );
 	slap_graduate_commit_csn( op );
@@ -1254,7 +1515,7 @@
 	ldap_pvt_thread_rdwr_rlock( &li->li_rdwr );
 	op->o_req_dn = *ndn;
 	op->o_req_ndn = *ndn;
-	rc = get_entry( op, e, NULL );
+	rc = get_entry( op, e, NULL, NULL );
 	op->o_req_dn = op_dn;
 	op->o_req_ndn = op_ndn;
 	ldap_pvt_thread_rdwr_runlock( &li->li_rdwr );
@@ -1271,107 +1532,102 @@
 
 /* Slap tools */
 
-static int ldif_tool_entry_open(BackendDB *be, int mode) {
-	struct ldif_info *li = (struct ldif_info *) be->be_private;
-	li->li_tool_current = 0;
+static int
+ldif_tool_entry_open( BackendDB *be, int mode )
+{
+	struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
+
+	tl->ecurrent = 0;
 	return 0;
-}					
+}
 
-static int ldif_tool_entry_close(BackendDB * be) {
-	struct ldif_info *li = (struct ldif_info *) be->be_private;
+static int
+ldif_tool_entry_close( BackendDB *be )
+{
+	struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
+	Entry **entries = tl->entries;
+	ID i;
 
-	SLAP_FREE(li->li_tool_cookie.entries);
+	for ( i = tl->ecount; i--; )
+		if ( entries[i] )
+			entry_free( entries[i] );
+	SLAP_FREE( entries );
+	tl->entries = NULL;
+	tl->ecount = tl->elen = 0;
 	return 0;
 }
 
-static ID ldif_tool_entry_next(BackendDB *be)
+static ID
+ldif_tool_entry_next( BackendDB *be )
 {
-	struct ldif_info *li = (struct ldif_info *) be->be_private;
-	if(li->li_tool_current >= li->li_tool_cookie.eind)
+	struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
+
+	if ( tl->ecurrent >= tl->ecount )
 		return NOID;
 	else
-		return ++li->li_tool_current;
+		return ++tl->ecurrent;
 }
 
 static ID
-ldif_tool_entry_first(BackendDB *be)
+ldif_tool_entry_first( BackendDB *be )
 {
-	struct ldif_info *li = (struct ldif_info *) be->be_private;
+	struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
 
-	if(li->li_tool_cookie.entries == NULL) {
+	if ( tl->entries == NULL ) {
 		Operation op = {0};
 
 		op.o_bd = be;
 		op.o_req_dn = *be->be_suffix;
 		op.o_req_ndn = *be->be_nsuffix;
 		op.ors_scope = LDAP_SCOPE_SUBTREE;
-		li->li_tool_cookie.op = &op;
-		(void)enum_tree( &li->li_tool_cookie );
-		li->li_tool_cookie.op = NULL;
+		if ( search_tree( &op, NULL ) != LDAP_SUCCESS ) {
+			tl->ecurrent = tl->ecount; /* fail ldif_tool_entry_next() */
+			return 0; /* fail ldif_tool_entry_get() */
+		}
 	}
 	return ldif_tool_entry_next( be );
 }
 
-static Entry * ldif_tool_entry_get(BackendDB * be, ID id) {
-	struct ldif_info *li = (struct ldif_info *) be->be_private;
-	Entry * e;
+static Entry *
+ldif_tool_entry_get( BackendDB *be, ID id )
+{
+	struct ldif_tool *tl = &((struct ldif_info *) be->be_private)->li_tool;
+	Entry *e = NULL;
 
-	if(id > li->li_tool_cookie.eind || id < 1)
-		return NULL;
-	else {
-		e = li->li_tool_cookie.entries[id - 1];
-		li->li_tool_cookie.entries[id - 1] = NULL;
-		return e;
+	--id;
+	if ( id < tl->ecount ) {
+		e = tl->entries[id];
+		tl->entries[id] = NULL;
 	}
+	return e;
 }
 
-static ID ldif_tool_entry_put(BackendDB * be, Entry * e, struct berval *text) {
-	struct berval leaf_path = BER_BVNULL;
-	struct stat stats;
-	int statres;
-	int res = LDAP_SUCCESS;
+static ID
+ldif_tool_entry_put( BackendDB *be, Entry *e, struct berval *text )
+{
+	int rc;
+	const char *errmsg = NULL;
+	struct berval path;
+	char *parentdir;
+	Operation op = {0};
 
-	dn2path( be, &e->e_nname, &leaf_path );
+	op.o_bd = be;
+	rc = ldif_prepare_create( &op, e, &path, &parentdir, &errmsg );
+	if ( rc == LDAP_SUCCESS ) {
+		rc = ldif_write_entry( &op, e, &path, parentdir, &errmsg );
 
-	if(leaf_path.bv_val != NULL) {
-		struct berval base = BER_BVNULL;
-		/* build path to container, and path to ldif of container */
-		get_parent_path(&leaf_path, &base);
-
-		statres = stat(base.bv_val, &stats); /* check if container exists */
-		if(statres == -1 && errno == ENOENT) { /* container missing */
-			base.bv_val[base.bv_len] = LDIF_FILETYPE_SEP;
-			statres = stat(base.bv_val, &stats); /* check for leaf node */
-			base.bv_val[base.bv_len] = '\0';
-			if(statres == -1 && errno == ENOENT) {
-				res = LDAP_NO_SUCH_OBJECT; /* parent doesn't exist */
-			}
-			else if(statres != -1) { /* create parent */
-				int mkdirres = mkdir(base.bv_val, 0750);
-				if(mkdirres == -1) {
-					res = LDAP_UNWILLING_TO_PERFORM;
-				}
-			}
-			else
-				res = LDAP_UNWILLING_TO_PERFORM;
-		}/* container was possibly created, move on to add the entry */
-		if(res == LDAP_SUCCESS) {
-			statres = stat(leaf_path.bv_val, &stats);
-			if(statres == -1 && errno == ENOENT) {
-				res = spew_entry(e, &leaf_path, 0, NULL);
-			}
-			else /* it already exists */
-				res = LDAP_ALREADY_EXISTS;
-		}
-		SLAP_FREE(base.bv_val);
-		SLAP_FREE(leaf_path.bv_val);
+		SLAP_FREE( path.bv_val );
+		if ( parentdir != NULL )
+			SLAP_FREE( parentdir );
+		if ( rc == LDAP_SUCCESS )
+			return 1;
 	}
 
-	if(res == LDAP_SUCCESS) {
-		return 1;
-	}
-	else
-		return NOID;
+	if ( errmsg == NULL && rc != LDAP_OTHER )
+		errmsg = ldap_err2string( rc );
+	if ( errmsg != NULL )
+		snprintf( text->bv_val, text->bv_len, "%s", errmsg );
+	return NOID;
 }
 
 
@@ -1385,7 +1641,8 @@
 	li = ch_calloc( 1, sizeof(struct ldif_info) );
 	be->be_private = li;
 	be->be_cf_ocs = ldifocs;
-	ldap_pvt_thread_rdwr_init(&li->li_rdwr);
+	ldap_pvt_thread_mutex_init( &li->li_modop_mutex );
+	ldap_pvt_thread_rdwr_init( &li->li_rdwr );
 	SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_ONE_SUFFIX;
 	return 0;
 }
@@ -1395,14 +1652,15 @@
 {
 	struct ldif_info *li = be->be_private;
 
-	ch_free(li->li_base_path.bv_val);
-	ldap_pvt_thread_rdwr_destroy(&li->li_rdwr);
+	ch_free( li->li_base_path.bv_val );
+	ldap_pvt_thread_rdwr_destroy( &li->li_rdwr );
+	ldap_pvt_thread_mutex_destroy( &li->li_modop_mutex );
 	free( be->be_private );
 	return 0;
 }
 
 static int
-ldif_back_db_open( Backend *be, ConfigReply *cr)
+ldif_back_db_open( Backend *be, ConfigReply *cr )
 {
 	struct ldif_info *li = (struct ldif_info *) be->be_private;
 	if( BER_BVISEMPTY(&li->li_base_path)) {/* missing base path */
@@ -1413,9 +1671,7 @@
 }
 
 int
-ldif_back_initialize(
-			   BackendInfo	*bi
-			   )
+ldif_back_initialize( BackendInfo *bi )
 {
 	static char *controls[] = {
 		LDAP_CONTROL_MANAGEDSAIT,
@@ -1471,7 +1727,7 @@
 	bi->bi_tool_entry_put = ldif_tool_entry_put;
 	bi->bi_tool_entry_reindex = 0;
 	bi->bi_tool_sync = 0;
-	
+
 	bi->bi_tool_dn2id_get = 0;
 	bi->bi_tool_entry_modify = 0;
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-meta
-# $OpenLDAP: pkg/ldap/servers/slapd/back-meta/Makefile.in,v 1.16.2.3 2008/02/11 23:26:46 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-meta/Makefile.in,v 1.16.2.4 2009/01/22 00:01:07 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/add.c,v 1.51.2.7 2008/02/12 00:25:47 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/add.c,v 1.51.2.9 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -45,7 +45,7 @@
 	struct berval	mdn = BER_BVNULL, mapped;
 	dncookie	dc;
 	int		msgid;
-	int		do_retry = 1;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
 	LDAPControl	**ctrls = NULL;
 
 	Debug(LDAP_DEBUG_ARGS, "==> meta_back_add: %s\n",
@@ -178,9 +178,9 @@
 	rs->sr_err = ldap_add_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
 			      attrs, ctrls, NULL, &msgid );
 	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
-		mt->mt_timeout[ SLAP_OP_ADD ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		mt->mt_timeout[ SLAP_OP_ADD ], ( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/back-meta.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/back-meta.h,v 1.64.2.10 2008/07/10 00:28:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/back-meta.h,v 1.64.2.12 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -316,6 +316,7 @@
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
 
 #define	META_BACK_TGT_NOREFS(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOREFS )
+#define	META_BACK_TGT_NOUNDEFFILTER(mt)		META_BACK_TGT_ISSET( (mt), LDAP_BACK_F_NOUNDEFFILTER )
 
 	int			mt_version;
 	time_t			mt_network_timeout;
@@ -374,13 +375,13 @@
 	unsigned		mi_flags;
 #define	li_flags		mi_flags
 /* uses flags as defined in <back-ldap/back-ldap.h> */
-#define	META_BACK_F_ONERR_STOP		(0x00100000U)
-#define	META_BACK_F_ONERR_REPORT	(0x00200000U)
+#define	META_BACK_F_ONERR_STOP		(0x01000000U)
+#define	META_BACK_F_ONERR_REPORT	(0x02000000U)
 #define	META_BACK_F_ONERR_MASK		(META_BACK_F_ONERR_STOP|META_BACK_F_ONERR_REPORT)
-#define	META_BACK_F_DEFER_ROOTDN_BIND	(0x00400000U)
-#define	META_BACK_F_PROXYAUTHZ_ALWAYS	(0x00800000U)	/* users always proxyauthz */
-#define	META_BACK_F_PROXYAUTHZ_ANON	(0x01000000U)	/* anonymous always proxyauthz */
-#define	META_BACK_F_PROXYAUTHZ_NOANON	(0x02000000U)	/* anonymous remains anonymous */
+#define	META_BACK_F_DEFER_ROOTDN_BIND	(0x04000000U)
+#define	META_BACK_F_PROXYAUTHZ_ALWAYS	(0x08000000U)	/* users always proxyauthz */
+#define	META_BACK_F_PROXYAUTHZ_ANON	(0x10000000U)	/* anonymous always proxyauthz */
+#define	META_BACK_F_PROXYAUTHZ_NOANON	(0x20000000U)	/* anonymous remains anonymous */
 
 #define	META_BACK_ONERR_STOP(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_STOP )
 #define	META_BACK_ONERR_REPORT(mi)	LDAP_BACK_ISSET( (mi), META_BACK_F_ONERR_REPORT )

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.95.2.15 2008/04/14 21:24:34 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/bind.c,v 1.95.2.18 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -953,9 +953,7 @@
 		metatarget_t		*mt = mi->mi_targets[ candidate ];
 		metasingleconn_t	*msc = &mc->mc_conns[ candidate ];
 
-#define	ERR_OK(err) ((err) == LDAP_SUCCESS || (err) == LDAP_COMPARE_FALSE || (err) == LDAP_COMPARE_TRUE)
-
-		if ( ERR_OK( rs->sr_err ) ) {
+		if ( LDAP_ERR_OK( rs->sr_err ) ) {
 			int		rc;
 			struct timeval	tv;
 			LDAPMessage	*res = NULL;
@@ -1087,7 +1085,7 @@
 		/* if the error in the reply structure is not
 		 * LDAP_SUCCESS, try to map it from client 
 		 * to server error */
-		if ( !ERR_OK( rs->sr_err ) ) {
+		if ( !LDAP_ERR_OK( rs->sr_err ) ) {
 			rs->sr_err = slap_map_api2result( rs );
 
 			/* internal ops ( op->o_conn == NULL ) 
@@ -1206,9 +1204,17 @@
 		rs->sr_matched = matched;
 	}
 
-	if ( op->o_conn &&
-		( ( sendok & LDAP_BACK_SENDOK ) 
-			|| ( ( sendok & LDAP_BACK_SENDERR ) && rs->sr_err != LDAP_SUCCESS ) ) )
+	if ( rs->sr_err == LDAP_UNAVAILABLE ) {
+		if ( !( sendok & LDAP_BACK_RETRYING ) ) {
+			if ( op->o_conn && ( sendok & LDAP_BACK_SENDERR ) ) {
+				if ( rs->sr_text == NULL ) rs->sr_text = "Proxy operation retry failed";
+				send_ldap_result( op, rs );
+			}
+		}
+
+	} else if ( op->o_conn &&
+		( ( ( sendok & LDAP_BACK_SENDOK ) && LDAP_ERR_OK( rs->sr_err ) )
+			|| ( ( sendok & LDAP_BACK_SENDERR ) && !LDAP_ERR_OK( rs->sr_err ) ) ) )
 	{
 		send_ldap_result( op, rs );
 	}
@@ -1235,7 +1241,7 @@
 	rs->sr_ref = save_ref;
 	rs->sr_ctrls = save_ctrls;
 
-	return( ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
+	return( LDAP_ERR_OK( rs->sr_err ) ? LDAP_SUCCESS : rs->sr_err );
 }
 
 /*
@@ -1575,7 +1581,7 @@
 
 	LDAPControl		**ctrls = NULL;
 	/* set to the maximum number of controls this backend can add */
-	LDAPControl		c[ 2 ] = { 0 };
+	LDAPControl		c[ 2 ] = {{ 0 }};
 	int			n = 0, i, j1 = 0, j2 = 0;
 
 	*pctrls = NULL;
@@ -1642,7 +1648,7 @@
 		goto done;
 	}
 
-	assert( j1 + j1 <= sizeof( c )/sizeof(LDAPControl) );
+	assert( j1 + j2 <= (int) (sizeof( c )/sizeof( c[0] )) );
 
 	if ( op->o_ctrls ) {
 		for ( n = 0; op->o_ctrls[ n ]; n++ )

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/candidates.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/candidates.c,v 1.28.2.5 2008/02/11 23:26:46 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/candidates.c,v 1.28.2.6 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/compare.c,v 1.50.2.7 2008/02/12 00:25:47 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/compare.c,v 1.50.2.9 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -44,7 +44,7 @@
 	struct berval	mapped_attr = op->orc_ava->aa_desc->ad_cname;
 	struct berval	mapped_value = op->orc_ava->aa_value;
 	int		msgid;
-	int		do_retry = 1;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
 	LDAPControl	**ctrls = NULL;
 
 	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
@@ -124,9 +124,9 @@
 			ctrls, NULL, &msgid );
 
 	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
-		mt->mt_timeout[ SLAP_OP_COMPARE ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		mt->mt_timeout[ SLAP_OP_COMPARE ], ( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.74.2.13 2008/07/10 00:28:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/config.c,v 1.74.2.17 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -1082,7 +1082,9 @@
 				return 1;
 			}
 
-			if ( snprintf( binddn, sizeof( binddn ), "binddn=%s", argv[ 1 ] ) >= sizeof( binddn ) ) {
+			if ( sizeof( binddn ) <= (unsigned) snprintf( binddn,
+					sizeof( binddn ), "binddn=%s", argv[ 1 ] ))
+			{
 				Debug( LDAP_DEBUG_ANY, "%s: line %d: \"pseudorootdn\" too long.\n",
 					fname, lineno, 0 );
 				return 1;
@@ -1483,6 +1485,36 @@
 			return( 1 );
 		}
 
+	/* do not propagate undefined search filters */
+	} else if ( strcasecmp( argv[ 0 ], "noundeffilter" ) == 0 ) {
+		unsigned	*flagsp = mi->mi_ntargets ?
+				&mi->mi_targets[ mi->mi_ntargets - 1 ]->mt_flags
+				: &mi->mi_flags;
+
+		if ( argc != 2 ) {
+			Debug( LDAP_DEBUG_ANY,
+	"%s: line %d: \"noundeffilter {TRUE|false}\" needs 1 argument.\n",
+				fname, lineno, 0 );
+			return( 1 );
+		}
+
+		/* this is the default; we add it because the default might change... */
+		switch ( check_true_false( argv[ 1 ] ) ) {
+		case 1:
+			*flagsp |= LDAP_BACK_F_NOUNDEFFILTER;
+			break;
+
+		case 0:
+			*flagsp &= ~LDAP_BACK_F_NOUNDEFFILTER;
+			break;
+
+		default:
+			Debug( LDAP_DEBUG_ANY,
+		"%s: line %d: \"noundeffilter {TRUE|false}\": unknown argument \"%s\".\n",
+				fname, lineno, argv[ 1 ] );
+			return( 1 );
+		}
+
 	/* anything else */
 	} else {
 		return SLAP_CONF_UNKNOWN;
@@ -1526,6 +1558,11 @@
 		return 1;
 	}
 
+	if ( !is_oc && map->map == NULL ) {
+		/* only init if required */
+		ldap_back_map_init( map, &mapping );
+	}
+
 	if ( strcmp( argv[ 2 ], "*" ) == 0 ) {
 		if ( argc < 4 || strcmp( argv[ 3 ], "*" ) == 0 ) {
 			map->drop_missing = ( argc < 4 );
@@ -1672,11 +1709,6 @@
 				mapping_cmp, mapping_dup );
 
 success_return:;
-	if ( !is_oc && map->map == NULL ) {
-		/* only init if required */
-		ldap_back_map_init( map, &mapping );
-	}
-
 	return 0;
 
 error_return:;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/conn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.86.2.15 2008/04/14 21:19:57 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/conn.c,v 1.86.2.17 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -289,11 +289,12 @@
 	 * don't return the connection */
 	if ( mt->mt_isquarantined ) {
 		slap_retry_info_t	*ri = &mt->mt_quarantine;
-		int			dont_retry = 1;
+		int			dont_retry = 0;
 
 		if ( mt->mt_quarantine.ri_interval ) {
 			ldap_pvt_thread_mutex_lock( &mt->mt_quarantine_mutex );
-			if ( mt->mt_isquarantined == LDAP_BACK_FQ_YES ) {
+			dont_retry = ( mt->mt_isquarantined > LDAP_BACK_FQ_NO );
+			if ( dont_retry ) {
 				dont_retry = ( ri->ri_num[ ri->ri_idx ] == SLAP_RETRYNUM_TAIL
 					|| slap_get_time() < ri->ri_last + ri->ri_interval[ ri->ri_idx ] );
 				if ( !dont_retry ) {
@@ -307,9 +308,10 @@
 						Debug( LDAP_DEBUG_ANY, "%s %s.\n",
 							op->o_log_prefix, buf, 0 );
 					}
+
+					mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
 				}
 
-				mt->mt_isquarantined = LDAP_BACK_FQ_RETRYING;
 			}
 			ldap_pvt_thread_mutex_unlock( &mt->mt_quarantine_mutex );
 		}

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/delete.c,v 1.37.2.7 2008/02/12 00:25:47 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/delete.c,v 1.37.2.9 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -41,7 +41,7 @@
 	struct berval	mdn = BER_BVNULL;
 	dncookie	dc;
 	int		msgid;
-	int		do_retry = 1;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
 	LDAPControl	**ctrls = NULL;
 
 	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
@@ -76,9 +76,9 @@
 	rs->sr_err = ldap_delete_ext( mc->mc_conns[ candidate ].msc_ld,
 			mdn.bv_val, ctrls, NULL, &msgid );
 	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
-		mt->mt_timeout[ SLAP_OP_DELETE ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		mt->mt_timeout[ SLAP_OP_DELETE ], ( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/dncache.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/dncache.c,v 1.16.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/dncache.c,v 1.16.2.4 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/init.c,v 1.58.2.10 2008/07/09 23:48:40 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/init.c,v 1.58.2.12 2009/01/30 19:07:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -53,8 +53,11 @@
 		SLAP_BFLAG_DYNAMIC |
 #endif /* LDAP_DYNAMIC_OBJECTS */
 #endif
-		0;
 
+		/* back-meta recognizes RFC4525 increment;
+		 * let the remote server complain, if needed (ITS#5912) */
+		SLAP_BFLAG_INCREMENT;
+
 	bi->bi_open = meta_back_open;
 	bi->bi_config = 0;
 	bi->bi_close = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/map.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/map.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/map.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* map.c - ldap backend mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.15.2.7 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/map.c,v 1.15.2.11 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -323,7 +323,7 @@
 		return LDAP_OTHER;
 	}
 
-	switch ( f->f_choice ) {
+	switch ( ( f->f_choice & SLAPD_FILTER_MASK ) ) {
 	case LDAP_FILTER_EQUALITY:
 		if ( map_attr_value( dc, f->f_av_desc, &atmp,
 					&f->f_av_value, &vtmp, remap ) )
@@ -333,7 +333,7 @@
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
 			+ ( sizeof("(=)") - 1 );
-		fstr->bv_val = malloc( fstr->bv_len + 1 );
+		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
 			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -350,7 +350,7 @@
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
 			+ ( sizeof("(>=)") - 1 );
-		fstr->bv_val = malloc( fstr->bv_len + 1 );
+		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
 			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -367,7 +367,7 @@
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
 			+ ( sizeof("(<=)") - 1 );
-		fstr->bv_val = malloc( fstr->bv_len + 1 );
+		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
 			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -384,7 +384,7 @@
 
 		fstr->bv_len = atmp.bv_len + vtmp.bv_len
 			+ ( sizeof("(~=)") - 1 );
-		fstr->bv_val = malloc( fstr->bv_len + 1 );
+		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
 			atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -402,7 +402,7 @@
 		/* cannot be a DN ... */
 
 		fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
-		fstr->bv_val = malloc( fstr->bv_len + 128 ); /* FIXME: why 128 ? */
+		fstr->bv_val = ch_malloc( fstr->bv_len + 128 ); /* FIXME: why 128 ? */
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
 			atmp.bv_val );
@@ -462,7 +462,7 @@
 		}
 
 		fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
-		fstr->bv_val = malloc( fstr->bv_len + 1 );
+		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
 			atmp.bv_val );
@@ -472,7 +472,7 @@
 	case LDAP_FILTER_OR:
 	case LDAP_FILTER_NOT:
 		fstr->bv_len = STRLENOF( "(%)" );
-		fstr->bv_val = malloc( fstr->bv_len + 128 );	/* FIXME: why 128? */
+		fstr->bv_val = ch_malloc( fstr->bv_len + 128 );	/* FIXME: why 128? */
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%c)",
 			f->f_choice == LDAP_FILTER_AND ? '&' :
@@ -517,7 +517,7 @@
 			( f->f_mr_dnattrs ? STRLENOF( ":dn" ) : 0 ) +
 			( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
 			vtmp.bv_len + ( STRLENOF( "(:=)" ) );
-		fstr->bv_val = malloc( fstr->bv_len + 1 );
+		fstr->bv_val = ch_malloc( fstr->bv_len + 1 );
 
 		snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
 			atmp.bv_val,
@@ -530,10 +530,15 @@
 
 	case SLAPD_FILTER_COMPUTED:
 		switch ( f->f_result ) {
-		case LDAP_COMPARE_FALSE:
 		/* FIXME: treat UNDEFINED as FALSE */
 		case SLAPD_COMPARE_UNDEFINED:
 computed:;
+			if ( META_BACK_TGT_NOUNDEFFILTER( dc->target ) ) {
+				return LDAP_COMPARE_FALSE;
+			}
+			/* fallthru */
+
+		case LDAP_COMPARE_FALSE:
 			if ( META_BACK_TGT_T_F( dc->target ) ) {
 				tmp = &ber_bvtf_false;
 				break;

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modify.c,v 1.52.2.7 2008/02/12 00:25:47 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modify.c,v 1.52.2.9 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -47,7 +47,7 @@
 	struct berval	mapped;
 	dncookie	dc;
 	int		msgid;
-	int		do_retry = 1;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
 	LDAPControl	**ctrls = NULL;
 
 	mc = meta_back_getconn( op, rs, &candidate, LDAP_BACK_SENDERR );
@@ -187,9 +187,9 @@
 	rs->sr_err = ldap_modify_ext( mc->mc_conns[ candidate ].msc_ld, mdn.bv_val,
 			modv, ctrls, NULL, &msgid );
 	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
-		mt->mt_timeout[ SLAP_OP_MODIFY ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		mt->mt_timeout[ SLAP_OP_MODIFY ], ( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modrdn.c,v 1.39.2.9 2008/04/14 18:57:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/modrdn.c,v 1.39.2.11 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -42,7 +42,7 @@
 			mnewSuperior = BER_BVNULL;
 	dncookie	dc;
 	int		msgid;
-	int		do_retry = 1;
+	ldap_back_send_t	retrying = LDAP_BACK_RETRYING;
 	LDAPControl	**ctrls = NULL;
 	struct berval	newrdn = BER_BVNULL;
 
@@ -139,9 +139,9 @@
 			mnewSuperior.bv_val, op->orr_deleteoldrdn,
 			ctrls, NULL, &msgid );
 	rs->sr_err = meta_back_op_result( mc, op, rs, candidate, msgid,
-		mt->mt_timeout[ SLAP_OP_MODRDN ], LDAP_BACK_SENDRESULT );
-	if ( rs->sr_err == LDAP_UNAVAILABLE && do_retry ) {
-		do_retry = 0;
+		mt->mt_timeout[ SLAP_OP_MODRDN ], ( LDAP_BACK_SENDRESULT | retrying ) );
+	if ( rs->sr_err == LDAP_UNAVAILABLE && retrying ) {
+		retrying &= ~LDAP_BACK_RETRYING;
 		if ( meta_back_retry( op, rs, &mc, candidate, LDAP_BACK_SENDERR ) ) {
 			/* if the identity changed, there might be need to re-authz */
 			(void)mi->mi_ldap_extra->controls_free( op, rs, &ctrls );

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/proto-meta.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/proto-meta.h,v 1.5.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/proto-meta.h,v 1.5.2.4 2009/01/22 00:01:07 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.146.2.12 2008/07/10 00:28:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/search.c,v 1.146.2.18 2009/02/11 00:20:01 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.
@@ -583,13 +583,6 @@
 		goto done;
 	}
 
-	/* should we check return values? */
-	if ( op->ors_deref != -1 ) {
-		assert( msc->msc_ld != NULL );
-		(void)ldap_set_option( msc->msc_ld, LDAP_OPT_DEREF,
-				( void * )&op->ors_deref );
-	}
-
 	if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
 		tv.tv_sec = op->ors_tlimit > 0 ? op->ors_tlimit : 1;
 		tv.tv_usec = 0;
@@ -610,10 +603,10 @@
 	 * Starts the search
 	 */
 	assert( msc->msc_ld != NULL );
-	rc = ldap_search_ext( msc->msc_ld,
+	rc = ldap_pvt_search( msc->msc_ld,
 			mbase.bv_val, realscope, mfilter.bv_val,
 			mapped_attrs, op->ors_attrsonly,
-			ctrls, NULL, tvp, op->ors_slimit,
+			ctrls, NULL, tvp, op->ors_slimit, op->ors_deref,
 			&candidates[ candidate ].sr_msgid ); 
 	switch ( rc ) {
 	case LDAP_SUCCESS:
@@ -1219,6 +1212,44 @@
 						rs->sr_ctrls = NULL;
 					}
 
+				} else if ( rc == LDAP_RES_INTERMEDIATE ) {
+					if ( candidates[ i ].sr_type == REP_INTERMEDIATE ) {
+						/* don't retry any more... */
+						candidates[ i ].sr_type = REP_RESULT;
+					}
+	
+					/* FIXME: response controls
+					 * are passed without checks */
+					rs->sr_err = ldap_parse_intermediate( msc->msc_ld,
+						msg,
+						&rs->sr_rspoid,
+						&rs->sr_rspdata,
+						&rs->sr_ctrls,
+						0 );
+					if ( rs->sr_err != LDAP_SUCCESS ) {
+						candidates[ i ].sr_type = REP_RESULT;
+						ldap_msgfree( res );
+						res = NULL;
+						goto really_bad;
+					}
+
+					slap_send_ldap_intermediate( op, rs );
+
+					if ( rs->sr_rspoid != NULL ) {
+						ber_memfree( rs->sr_rspoid );
+						rs->sr_rspoid = NULL;
+					}
+
+					if ( rs->sr_rspdata != NULL ) {
+						ber_bvfree( rs->sr_rspdata );
+						rs->sr_rspdata = NULL;
+					}
+
+					if ( rs->sr_ctrls != NULL ) {
+						ldap_controls_free( rs->sr_ctrls );
+						rs->sr_ctrls = NULL;
+					}
+
 				} else if ( rc == LDAP_RES_SEARCH_RESULT ) {
 					char		buf[ SLAP_TEXT_BUFLEN ];
 					char		**references = NULL;
@@ -1418,7 +1449,7 @@
 					 */
 					assert( ncandidates > 0 );
 					--ncandidates;
-	
+
 				} else if ( rc == LDAP_RES_BIND ) {
 					meta_search_candidate_t	retcode;
 	
@@ -1457,7 +1488,12 @@
 					}
 	
 				} else {
-					assert( 0 );
+					Debug( LDAP_DEBUG_ANY,
+						"%s meta_back_search[%ld]: "
+						"unrecognized response message tag=%d\n",
+						op->o_log_prefix,
+						i, rc );
+				
 					ldap_msgfree( res );
 					res = NULL;
 					goto really_bad;
@@ -1772,12 +1808,22 @@
 				dn = BER_BVNULL;
 	const char 		*text;
 	dncookie		dc;
+	ber_len_t		len;
+	ber_tag_t		tag;
 	int			rc;
 
-	if ( ber_scanf( &ber, "{m{", &bdn ) == LBER_ERROR ) {
+	if ( ber_scanf( &ber, "l{", &len ) == LBER_ERROR ) {
 		return LDAP_DECODING_ERROR;
 	}
 
+	if ( ber_set_option( &ber, LBER_OPT_REMAINING_BYTES, &len ) != LBER_OPT_SUCCESS ) {
+		return LDAP_OTHER;
+	}
+
+	if ( ber_scanf( &ber, "m{", &bdn ) == LBER_ERROR ) {
+		return LDAP_DECODING_ERROR;
+	}
+
 	/*
 	 * Rewrite the dn of the result, if needed
 	 */
@@ -1806,7 +1852,12 @@
 	BER_BVZERO( &dn );
 
 	if ( rc != LDAP_SUCCESS ) {
-		return LDAP_INVALID_DN_SYNTAX;
+		Debug( LDAP_DEBUG_ANY,
+			"%s meta_send_entry(\"%s\"): "
+			"invalid DN syntax\n",
+			op->o_log_prefix, ent.e_name.bv_val, 0 );
+		rc = LDAP_INVALID_DN_SYNTAX;
+		goto done;
 	}
 
 	/*
@@ -1825,6 +1876,20 @@
 		slap_syntax_validate_func	*validate;
 		slap_syntax_transform_func	*pretty;
 
+		if ( ber_pvt_ber_remaining( &ber ) < 0 ) {
+			Debug( LDAP_DEBUG_ANY,
+				"%s meta_send_entry(\"%s\"): "
+				"unable to parse attr \"%s\".\n",
+				op->o_log_prefix, ent.e_name.bv_val, a.bv_val );
+				
+			rc = LDAP_OTHER;
+			goto done;
+		}
+
+		if ( ber_pvt_ber_remaining( &ber ) == 0 ) {
+			break;
+		}
+
 		ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_at, 
 				&a, &mapped, BACKLDAP_REMAP );
 		if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0' ) {
@@ -1837,7 +1902,8 @@
 		}
 		attr = attr_alloc( NULL );
 		if ( attr == NULL ) {
-			continue;
+			rc = LDAP_OTHER;
+			goto done;
 		}
 		if ( slap_bv2ad( &mapped, &attr->a_desc, &text )
 				!= LDAP_SUCCESS) {
@@ -1853,6 +1919,7 @@
 					mapped.bv_val, text );
 
 				Debug( LDAP_DEBUG_ANY, "%s", buf, 0, 0 );
+				( void )ber_scanf( &ber, "x" /* [W] */ );
 				attr_free( attr );
 				continue;
 			}
@@ -1875,7 +1942,6 @@
 			 * present...
 			 */
 			( void )ber_scanf( &ber, "x" /* [W] */ );
-
 			attr_free(attr);
 			continue;
 		}
@@ -1905,6 +1971,8 @@
 			struct berval 	*bv;
 
 			for ( bv = attr->a_vals; !BER_BVISNULL( bv ); bv++ ) {
+				ObjectClass *oc;
+
 				ldap_back_map( &mi->mi_targets[ target ]->mt_rwmap.rwm_oc,
 						bv, &mapped, BACKLDAP_REMAP );
 				if ( BER_BVISNULL( &mapped ) || mapped.bv_val[0] == '\0') {
@@ -1936,6 +2004,12 @@
 					}
 
 					ber_bvreplace( bv, &mapped );
+
+				} else if ( ( oc = oc_bvfind_undef( bv ) ) == NULL ) {
+					goto remove_oc;
+
+				} else {
+					ber_bvreplace( bv, &oc->soc_cname );
 				}
 			}
 		/*
@@ -2081,6 +2155,8 @@
 		rc = LDAP_OTHER;
 		break;
 	}
+
+done:;
 	rs->sr_entry = NULL;
 	rs->sr_attrs = NULL;
 	if ( rs->sr_ctrls != NULL ) {

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/suffixmassage.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* suffixmassage.c - massages ldap backend dns */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/suffixmassage.c,v 1.7.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/suffixmassage.c,v 1.7.2.4 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-meta/unbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/unbind.c,v 1.30.2.5 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-meta/unbind.c,v 1.30.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * Portions Copyright 1999-2003 Howard Chu.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-monitor
-# $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/Makefile.in,v 1.20.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/Makefile.in,v 1.20.2.4 2009/01/22 00:01:08 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/back-monitor.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* back-monitor.h - ldap monitor back-end header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/back-monitor.h,v 1.52.2.5 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/back-monitor.h,v 1.52.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/backend.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* backend.c - deals with backend subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/backend.c,v 1.41.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/backend.c,v 1.41.2.4 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - monitor backend bind routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/bind.c,v 1.17.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/bind.c,v 1.17.2.4 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/cache.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* cache.c - routines to maintain an in-core cache of entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/cache.c,v 1.27.2.5 2008/05/01 21:25:42 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/cache.c,v 1.27.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* compare.c - monitor backend compare routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.24.2.5 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/compare.c,v 1.24.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/conn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* conn.c - deal with connection subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.72.2.7 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/conn.c,v 1.72.2.8 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/database.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* database.c - deals with database subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.80.2.10 2008/05/26 18:57:01 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/database.c,v 1.80.2.12 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -160,12 +160,12 @@
 				"monitor_subsys_database_init: "
 				"missing suffix for %s\n",
 				rdnval, 0, 0 );
-			return -1;
-		}
-		attr_merge( e, slap_schema.si_ad_namingContexts,
+		} else {
+			attr_merge( e, slap_schema.si_ad_namingContexts,
 				be->be_suffix, be->be_nsuffix );
-		attr_merge( e_database, slap_schema.si_ad_namingContexts,
+			attr_merge( e_database, slap_schema.si_ad_namingContexts,
 				be->be_suffix, be->be_nsuffix );
+		}
 	}
 
 	(void)init_readOnly( mi, e, be->be_restrictops );

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/entry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* entry.c - monitor backend entry handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/entry.c,v 1.21.2.5 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/entry.c,v 1.21.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize monitor backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/init.c,v 1.125.2.6 2008/04/24 08:13:39 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/init.c,v 1.125.2.8 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -868,7 +868,7 @@
 
 cleanup:;
 	if ( op->ors_filter != NULL ) {
-		filter_free_x( op, op->ors_filter );
+		filter_free_x( op, op->ors_filter, 1 );
 	}
 	if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
 		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/listener.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* listener.c - deals with listener subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/listener.c,v 1.31.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/listener.c,v 1.31.2.4 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/log.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* log.c - deal with log subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/log.c,v 1.56.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/log.c,v 1.56.2.6 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -181,7 +181,7 @@
 		}
 
 		/* check that the entry still obeys the schema */
-		rc = entry_schema_check( op, e, save_attrs, 0, 0,
+		rc = entry_schema_check( op, e, save_attrs, 0, 0, NULL,
 			&text, textbuf, sizeof( textbuf ) );
 		if ( rc != LDAP_SUCCESS ) {
 			rs->sr_err = rc;

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modify.c - monitor backend modify routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/modify.c,v 1.24.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/modify.c,v 1.24.2.5 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/operation.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* operation.c - deal with operation subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.46.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operation.c,v 1.46.2.5 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/operational.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* operational.c - monitor backend operational attributes function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operational.c,v 1.17.2.4 2008/02/12 00:58:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/operational.c,v 1.17.2.5 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/overlay.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 /* overlay.c - deals with overlay subsystem */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/proto-back-monitor.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/proto-back-monitor.h,v 1.33.2.5 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/proto-back-monitor.h,v 1.33.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/rww.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* readw.c - deal with read waiters subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.36.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/rww.c,v 1.36.2.5 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - monitor backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/search.c,v 1.39.2.5 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/search.c,v 1.39.2.6 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/sent.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* sent.c - deal with data sent subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.42.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/sent.c,v 1.42.2.5 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/thread.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* thread.c - deal with thread subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/thread.c,v 1.38.2.7 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/thread.c,v 1.38.2.8 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-monitor/time.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* time.c - deal with time subsystem */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/time.c,v 1.37.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-monitor/time.c,v 1.37.2.4 2009/01/22 00:01:08 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * Portions Copyright 2001-2003 Pierangelo Masarati.
  * All rights reserved.
  *

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/Makefile.in	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,59 @@
+# Makefile.in for back-ndb
+# $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/Makefile.in,v 1.3.2.2 2009/01/22 00:01:08 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2008-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This work was initially developed by Howard Chu for inclusion
+## in OpenLDAP Software. This work was sponsored by MySQL.
+
+SRCS = init.cpp tools.cpp config.cpp ndbio.cpp \
+	add.cpp bind.cpp compare.cpp delete.cpp modify.cpp modrdn.cpp search.cpp
+
+OBJS = init.lo tools.lo config.lo ndbio.lo \
+	add.lo bind.lo compare.lo delete.lo modify.lo modrdn.lo search.lo
+
+LDAP_INCDIR= ../../../include       
+LDAP_LIBDIR= ../../../libraries
+
+BUILD_OPT = "--enable-ndb"
+BUILD_MOD = @BUILD_NDB@
+
+mod_DEFS = -DSLAPD_IMPORT
+MOD_DEFS = $(@BUILD_NDB at _DEFS)
+MOD_LIBS = $(SLAPD_NDB_LIBS)
+
+shared_LDAP_LIBS = $(LDAP_LIBLDAP_R_LA) $(LDAP_LIBLBER_LA)
+NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC at _LDAP_LIBS)
+
+LIBBASE = back_ndb
+
+XINCPATH = -I.. -I$(srcdir)/.. @SLAPD_NDB_INCS@
+XDEFS = $(MODULES_CPPFLAGS)
+
+AC_CXX = g++
+CXX = $(AC_CXX)
+LTCXX_MOD = $(LIBTOOL) $(LTONLY_MOD) --mode=compile \
+	$(CXX) $(LT_CFLAGS) $(LT_CPPFLAGS) $(MOD_DEFS) -c
+
+all-local-lib:	../.backend
+
+.SUFFIXES: .c .o .lo .cpp
+
+.cpp.lo:
+	$(LTCXX_MOD) $<
+
+../.backend: lib$(LIBBASE).a
+	@touch $@
+

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/TODO
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/TODO	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/TODO	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,6 @@
+LDAP features not currently supported:
+
+tagged attributes
+aliases
+substring indexing
+subtree rename

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/add.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/add.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/add.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,346 @@
+/* add.cpp - ldap NDB back-end add routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/add.cpp,v 1.3.2.4 2009/02/05 19:35:54 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-ndb.h"
+
+extern "C" int
+ndb_back_add(Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	Entry		p = {0};
+	Attribute	poc;
+	char textbuf[SLAP_TEXT_BUFLEN];
+	size_t textlen = sizeof textbuf;
+	AttributeDescription *children = slap_schema.si_ad_children;
+	AttributeDescription *entry = slap_schema.si_ad_entry;
+	NdbArgs NA;
+	NdbRdns rdns;
+	struct berval matched;
+	struct berval pdn, pndn;
+
+	int		num_retries = 0;
+	int		success;
+
+	LDAPControl **postread_ctrl = NULL;
+	LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+	int num_ctrls = 0;
+
+	Debug(LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(ndb_back_add) ": %s\n",
+		op->oq_add.rs_e->e_name.bv_val, 0, 0);
+
+	ctrls[num_ctrls] = 0;
+
+	/* check entry's schema */
+	rs->sr_err = entry_schema_check( op, op->oq_add.rs_e, NULL,
+		get_relax(op), 1, NULL, &rs->sr_text, textbuf, textlen );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": entry failed schema check: "
+			"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
+		goto return_results;
+	}
+
+	/* add opattrs to shadow as well, only missing attrs will actually
+	 * be added; helps compatibility with older OL versions */
+	rs->sr_err = slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": entry failed op attrs add: "
+			"%s (%d)\n", rs->sr_text, rs->sr_err, 0 );
+		goto return_results;
+	}
+
+	/* Get our NDB handle */
+	rs->sr_err = ndb_thread_handle( op, &NA.ndb );
+
+	/*
+	 * Get the parent dn and see if the corresponding entry exists.
+	 */
+	if ( be_issuffix( op->o_bd, &op->oq_add.rs_e->e_nname ) ) {
+		pdn = slap_empty_bv;
+		pndn = slap_empty_bv;
+	} else {
+		dnParent( &op->ora_e->e_name, &pdn );
+		dnParent( &op->ora_e->e_nname, &pndn );
+	}
+	p.e_name = op->ora_e->e_name;
+	p.e_nname = op->ora_e->e_nname;
+
+	op->ora_e->e_id = NOID;
+	rdns.nr_num = 0;
+	NA.rdns = &rdns;
+
+	if( 0 ) {
+retry:	/* transaction retry */
+		NA.txn->close();
+		NA.txn = NULL;
+		if ( op->o_abandon ) {
+			rs->sr_err = SLAPD_ABANDON;
+			goto return_results;
+		}
+		ndb_trans_backoff( ++num_retries );
+	}
+
+	NA.txn = NA.ndb->startTransaction();
+	rs->sr_text = NULL;
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* get entry or parent */
+	NA.e = &p;
+	NA.ocs = NULL;
+	rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
+	switch( rs->sr_err ) {
+	case 0:
+		rs->sr_err = LDAP_ALREADY_EXISTS;
+		goto return_results;
+	case LDAP_NO_SUCH_OBJECT:
+		break;
+#if 0
+	case DB_LOCK_DEADLOCK:
+	case DB_LOCK_NOTGRANTED:
+		goto retry;
+#endif
+	case LDAP_BUSY:
+		rs->sr_text = "ldap server busy";
+		goto return_results;
+	default:
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	if ( NA.ocs ) {
+		int i;
+		for ( i=0; !BER_BVISNULL( &NA.ocs[i] ); i++ );
+		poc.a_numvals = i;
+		poc.a_desc = slap_schema.si_ad_objectClass;
+		poc.a_vals = NA.ocs;
+		poc.a_nvals = poc.a_vals;
+		poc.a_next = NULL;
+		p.e_attrs = &poc;
+	}
+
+	if ( ber_bvstrcasecmp( &pndn, &matched ) ) {
+		rs->sr_matched = matched.bv_val;
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": parent "
+			"does not exist\n", 0, 0, 0 );
+
+		rs->sr_text = "parent does not exist";
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		if ( p.e_attrs && is_entry_referral( &p )) {
+is_ref:			p.e_attrs = NULL;
+			ndb_entry_get_data( op, &NA, 0 );
+			rs->sr_ref = get_entry_referrals( op, &p );
+			rs->sr_err = LDAP_REFERRAL;
+			rs->sr_flags = REP_REF_MUSTBEFREED;
+			attrs_free( p.e_attrs );
+			p.e_attrs = NULL;
+		}
+		goto return_results;
+	}
+
+	p.e_name = pdn;
+	p.e_nname = pndn;
+	rs->sr_err = access_allowed( op, &p,
+		children, NULL, ACL_WADD, NULL );
+
+	if ( ! rs->sr_err ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": no write access to parent\n",
+			0, 0, 0 );
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to parent";
+		goto return_results;
+	}
+
+	if ( NA.ocs ) {
+		if ( is_entry_subentry( &p )) {
+			/* parent is a subentry, don't allow add */
+			Debug( LDAP_DEBUG_TRACE,
+				LDAP_XSTRING(ndb_back_add) ": parent is subentry\n",
+				0, 0, 0 );
+			rs->sr_err = LDAP_OBJECT_CLASS_VIOLATION;
+			rs->sr_text = "parent is a subentry";
+			goto return_results;
+		}
+
+		if ( is_entry_alias( &p ) ) {
+			/* parent is an alias, don't allow add */
+			Debug( LDAP_DEBUG_TRACE,
+				LDAP_XSTRING(ndb_back_add) ": parent is alias\n",
+				0, 0, 0 );
+			rs->sr_err = LDAP_ALIAS_PROBLEM;
+			rs->sr_text = "parent is an alias";
+			goto return_results;
+		}
+
+		if ( is_entry_referral( &p ) ) {
+			/* parent is a referral, don't allow add */
+			rs->sr_matched = p.e_name.bv_val;
+			goto is_ref;
+		}
+	}
+
+	rs->sr_err = access_allowed( op, op->ora_e,
+		entry, NULL, ACL_WADD, NULL );
+
+	if ( ! rs->sr_err ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": no write access to entry\n",
+			0, 0, 0 );
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to entry";
+		goto return_results;;
+	}
+
+	/* 
+	 * Check ACL for attribute write access
+	 */
+	if (!acl_check_modlist(op, op->ora_e, op->ora_modlist)) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(bdb_add) ": no write access to attribute\n",
+			0, 0, 0 );
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to attribute";
+		goto return_results;;
+	}
+
+
+	/* acquire entry ID */
+	if ( op->ora_e->e_id == NOID ) {
+		rs->sr_err = ndb_next_id( op->o_bd, NA.ndb, &op->ora_e->e_id );
+		if( rs->sr_err != 0 ) {
+			Debug( LDAP_DEBUG_TRACE,
+				LDAP_XSTRING(ndb_back_add) ": next_id failed (%d)\n",
+				rs->sr_err, 0, 0 );
+			rs->sr_err = LDAP_OTHER;
+			rs->sr_text = "internal error";
+			goto return_results;
+		}
+	}
+
+	if ( matched.bv_val )
+		rdns.nr_num++;
+	NA.e = op->ora_e;
+	/* dn2id index */
+	rs->sr_err = ndb_entry_put_info( op->o_bd, &NA, 0 );
+	if ( rs->sr_err ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": ndb_entry_put_info failed (%d)\n",
+			rs->sr_err, 0, 0 );
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* id2entry index */
+	rs->sr_err = ndb_entry_put_data( op->o_bd, &NA );
+	if ( rs->sr_err ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": ndb_entry_put_data failed (%d) %s(%d)\n",
+			rs->sr_err, NA.txn->getNdbError().message, NA.txn->getNdbError().code );
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* post-read */
+	if( op->o_postread ) {
+		if( postread_ctrl == NULL ) {
+			postread_ctrl = &ctrls[num_ctrls++];
+			ctrls[num_ctrls] = NULL;
+		}
+		if ( slap_read_controls( op, rs, op->oq_add.rs_e,
+			&slap_post_read_bv, postread_ctrl ) )
+		{
+			Debug( LDAP_DEBUG_TRACE,
+				"<=- " LDAP_XSTRING(ndb_back_add) ": post-read "
+				"failed!\n", 0, 0, 0 );
+			if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
+				/* FIXME: is it correct to abort
+				 * operation if control fails? */
+				goto return_results;
+			}
+		}
+	}
+
+	if ( op->o_noop ) {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn (no-op) failed";
+		} else {
+			rs->sr_err = LDAP_X_NO_OPERATION;
+		}
+
+	} else {
+		if(( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn_commit failed";
+		} else {
+			rs->sr_err = LDAP_SUCCESS;
+		}
+	}
+
+	if ( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_add) ": %s : %s (%d)\n",
+			rs->sr_text, NA.txn->getNdbError().message, NA.txn->getNdbError().code );
+		rs->sr_err = LDAP_OTHER;
+		goto return_results;
+	}
+	NA.txn->close();
+	NA.txn = NULL;
+
+	Debug(LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_back_add) ": added%s id=%08lx dn=\"%s\"\n",
+		op->o_noop ? " (no-op)" : "",
+		op->oq_add.rs_e->e_id, op->oq_add.rs_e->e_dn );
+
+	rs->sr_text = NULL;
+	if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+	success = rs->sr_err;
+	send_ldap_result( op, rs );
+	slap_graduate_commit_csn( op );
+
+	if( NA.txn != NULL ) {
+		NA.txn->execute( Rollback );
+		NA.txn->close();
+	}
+
+	if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+		slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+	}
+
+	return rs->sr_err;
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/attrsets.conf
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/attrsets.conf	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/attrsets.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,36 @@
+# Definition of useful attribute sets
+# from X.521 section 5
+#
+# TelecommunicationAttributeSet	ATTRIBUTE ::= {
+#	facsimileTelephoneNumber |
+#	internationalISDNNumber |
+#	telephoneNumber |
+#	teletexTerminalIdentifier |
+#	telexNumber |
+#	preferredDeliveryMethod |
+#	destinationIndicator |
+#	registeredAddress |
+#	x121Address }
+#
+# PostalAttributeSet	ATTRIBUTE ::= {
+#	physicalDeliveryOfficeName |
+#	postalAddress |
+#	postalCode |
+#	postOfficeBox |
+#	streetAddress }
+#
+# LocaleAttributeSet	ATTRIBUTE ::= {
+#	localityName |
+#	stateOrProvinceName |
+#	streetAddress }
+#
+# OrganizationalAttributeSet	ATTRIBUTE ::= {
+#	description |
+#	LocaleAttributeSet |
+#	PostalAttributeSet |
+#	TelecommunicationAttributeSet |
+#	businessCategory |
+#	seeAlso |
+#	searchGuide |
+#	userPassword }
+

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/back-ndb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/back-ndb.h	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/back-ndb.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,168 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/back-ndb.h,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#ifndef SLAPD_NDB_H
+#define SLAPD_NDB_H
+
+#include "slap.h"
+
+#include <mysql.h>
+#include <NdbApi.hpp>
+
+LDAP_BEGIN_DECL
+
+/* The general design is to use one relational table per objectclass. This is
+ * complicated by objectclass inheritance and auxiliary classes though.
+ *
+ * Attributes must only occur in a single table. For objectclasses that inherit
+ * from other classes, attributes defined in the superior class are only stored
+ * in the superior class' table. When multiple unrelated classes define the same
+ * attributes, an attributeSet should be defined instead, containing all of the
+ * common attributes.
+ *
+ * The no_set table lists which other attributeSets apply to the current
+ * objectClass. The no_attrs table lists all of the non-inherited attributes of
+ * the class, including those residing in an attributeSet.
+ *
+ * Usually the table is named identically to the objectClass, but it can also
+ * be explicitly named something else if needed.
+ */
+#define NDB_MAX_OCSETS	8
+
+struct ndb_attrinfo;
+
+typedef struct ndb_ocinfo {
+	struct berval no_name;	/* objectclass cname */
+	struct berval no_table;
+	ObjectClass *no_oc;
+	struct ndb_ocinfo *no_sets[NDB_MAX_OCSETS];
+	struct ndb_attrinfo **no_attrs;
+	int no_flag;
+	int no_nsets;
+	int no_nattrs;
+} NdbOcInfo;
+
+#define	NDB_INFO_ATLEN	0x01
+#define	NDB_INFO_ATSET	0x02
+#define	NDB_INFO_INDEX	0x04
+#define	NDB_INFO_ATBLOB	0x08
+
+typedef struct ndb_attrinfo {
+	struct berval na_name;	/* attribute cname */
+	AttributeDescription *na_desc;
+	AttributeType *na_attr;
+	NdbOcInfo *na_oi;
+	int na_flag;
+	int na_len;
+	int na_column;
+	int na_ixcol;
+} NdbAttrInfo;
+
+typedef struct ListNode {
+	struct ListNode *ln_next;
+	void *ln_data;
+} ListNode;
+
+#define	NDB_IS_OPEN(ni)	(ni->ni_cluster != NULL)
+
+struct ndb_info {
+	/* NDB connection */
+	char *ni_connectstr;
+	char *ni_dbname;
+	Ndb_cluster_connection **ni_cluster;
+
+	/* MySQL connection parameters */
+	MYSQL ni_sql;
+	char *ni_hostname;
+	char *ni_username;
+	char *ni_password;
+	char *ni_socket;
+	unsigned long ni_clflag;
+	unsigned int ni_port;
+
+	/* Search filter processing */
+	int ni_search_stack_depth;
+	void *ni_search_stack;
+
+#define	DEFAULT_SEARCH_STACK_DEPTH	16
+#define	MINIMUM_SEARCH_STACK_DEPTH	8
+
+	/* Schema config */
+	NdbOcInfo *ni_opattrs;
+	ListNode *ni_attridxs;
+	ListNode *ni_attrlens;
+	ListNode *ni_attrsets;
+	ListNode *ni_attrblobs;
+	ldap_pvt_thread_rdwr_t ni_ai_rwlock;
+	Avlnode *ni_ai_tree;
+	ldap_pvt_thread_rdwr_t ni_oc_rwlock;
+	Avlnode *ni_oc_tree;
+	int ni_nconns;	/* number of connections to open */
+	int ni_nextconn;	/* next conn to use */
+	ldap_pvt_thread_mutex_t ni_conn_mutex;
+};
+
+#define	NDB_MAX_RDNS	16
+#define	NDB_RDN_LEN	128
+#define	NDB_MAX_OCS	64
+
+#define	DN2ID_TABLE	"OL_dn2id"
+#define	EID_COLUMN	0U
+#define	VID_COLUMN	1U
+#define	OCS_COLUMN	1U
+#define	RDN_COLUMN	2U
+#define	IDX_COLUMN	(2U+NDB_MAX_RDNS)
+
+#define	NEXTID_TABLE	"OL_nextid"
+
+#define	NDB_OC_BUFLEN	1026	/* 1024 data plus 2 len bytes */
+
+#define	INDEX_NAME	"OL_index"
+
+typedef struct NdbRdns {
+	short nr_num;
+	char nr_buf[NDB_MAX_RDNS][NDB_RDN_LEN+1];
+} NdbRdns;
+
+typedef struct NdbOcs {
+	int no_ninfo;
+	int no_ntext;
+	int no_nitext;	/* number of implicit classes */
+	NdbOcInfo *no_info[NDB_MAX_OCS];
+	struct berval no_text[NDB_MAX_OCS];
+	struct berval no_itext[NDB_MAX_OCS];	/* implicit classes */
+} NdbOcs;
+
+typedef struct NdbArgs {
+	Ndb *ndb;
+	NdbTransaction *txn;
+	Entry *e;
+	NdbRdns *rdns;
+	struct berval *ocs;
+	int erdns;
+} NdbArgs;
+
+#define	NDB_NO_SUCH_OBJECT	626
+#define	NDB_ALREADY_EXISTS	630
+
+LDAP_END_DECL
+
+#include "proto-ndb.h"
+
+#endif

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/bind.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/bind.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/bind.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,163 @@
+/* bind.cpp - ndb backend bind routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/bind.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include "back-ndb.h"
+
+extern "C" int
+ndb_back_bind( Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	Entry		e = {0};
+	Attribute	*a;
+
+	AttributeDescription *password = slap_schema.si_ad_userPassword;
+
+	NdbArgs NA;
+
+	Debug( LDAP_DEBUG_ARGS,
+		"==> " LDAP_XSTRING(ndb_back_bind) ": dn: %s\n",
+		op->o_req_dn.bv_val, 0, 0);
+
+	/* allow noauth binds */
+	switch ( be_rootdn_bind( op, NULL ) ) {
+	case SLAP_CB_CONTINUE:
+		break;
+
+	default:
+		return rs->sr_err;
+	}
+
+	/* Get our NDB handle */
+	rs->sr_err = ndb_thread_handle( op, &NA.ndb );
+
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+	NA.e = &e;
+
+dn2entry_retry:
+	NA.txn = NA.ndb->startTransaction();
+	rs->sr_text = NULL;
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_bind) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto done;
+	}
+
+	/* get entry */
+	{
+		NdbRdns rdns;
+		rdns.nr_num = 0;
+		NA.rdns = &rdns;
+		NA.ocs = NULL;
+		rs->sr_err = ndb_entry_get_info( op, &NA, 0, NULL );
+	}
+	switch(rs->sr_err) {
+	case 0:
+		break;
+	case LDAP_NO_SUCH_OBJECT:
+		rs->sr_err = LDAP_INVALID_CREDENTIALS;
+		goto done;
+	case LDAP_BUSY:
+		rs->sr_text = "ldap_server_busy";
+		goto done;
+#if 0
+	case DB_LOCK_DEADLOCK:
+	case DB_LOCK_NOTGRANTED:
+		goto dn2entry_retry;
+#endif
+	default:
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto done;
+	}
+
+	rs->sr_err = ndb_entry_get_data( op, &NA, 0 );
+	ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+	ber_dupbv( &op->oq_bind.rb_edn, &e.e_name );
+
+	/* check for deleted */
+	if ( is_entry_subentry( &e ) ) {
+		/* entry is an subentry, don't allow bind */
+		Debug( LDAP_DEBUG_TRACE, "entry is subentry\n", 0,
+			0, 0 );
+		rs->sr_err = LDAP_INVALID_CREDENTIALS;
+		goto done;
+	}
+
+	if ( is_entry_alias( &e ) ) {
+		/* entry is an alias, don't allow bind */
+		Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0, 0, 0 );
+		rs->sr_err = LDAP_INVALID_CREDENTIALS;
+		goto done;
+	}
+
+	if ( is_entry_referral( &e ) ) {
+		Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0,
+			0, 0 );
+		rs->sr_err = LDAP_INVALID_CREDENTIALS;
+		goto done;
+	}
+
+	switch ( op->oq_bind.rb_method ) {
+	case LDAP_AUTH_SIMPLE:
+		a = attr_find( e.e_attrs, password );
+		if ( a == NULL ) {
+			rs->sr_err = LDAP_INVALID_CREDENTIALS;
+			goto done;
+		}
+
+		if ( slap_passwd_check( op, &e, a, &op->oq_bind.rb_cred,
+					&rs->sr_text ) != 0 )
+		{
+			/* failure; stop front end from sending result */
+			rs->sr_err = LDAP_INVALID_CREDENTIALS;
+			goto done;
+		}
+			
+		rs->sr_err = 0;
+		break;
+
+	default:
+		assert( 0 ); /* should not be reachable */
+		rs->sr_err = LDAP_STRONG_AUTH_NOT_SUPPORTED;
+		rs->sr_text = "authentication method not supported";
+	}
+
+done:
+	NA.txn->close();
+	if ( e.e_attrs ) {
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+	}
+	if ( rs->sr_err ) {
+		send_ldap_result( op, rs );
+	}
+	/* front end will send result on success (rs->sr_err==0) */
+	return rs->sr_err;
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/compare.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/compare.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/compare.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,169 @@
+/* compare.cpp - ndb backend compare routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/compare.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-ndb.h"
+
+int
+ndb_back_compare( Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	Entry		e = {0};
+	Attribute	*a;
+	int		manageDSAit = get_manageDSAit( op );
+
+	NdbArgs NA;
+	NdbRdns rdns;
+	struct berval matched;
+
+	/* Get our NDB handle */
+	rs->sr_err = ndb_thread_handle( op, &NA.ndb );
+
+	rdns.nr_num = 0;
+	NA.rdns = &rdns;
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+	NA.e = &e;
+
+dn2entry_retry:
+	NA.txn = NA.ndb->startTransaction();
+	rs->sr_text = NULL;
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_compare) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	NA.ocs = NULL;
+	/* get entry */
+	rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
+	switch( rs->sr_err ) {
+	case 0:
+		break;
+	case LDAP_NO_SUCH_OBJECT:
+		rs->sr_matched = matched.bv_val;
+		if ( NA.ocs )
+			ndb_check_referral( op, rs, &NA );
+		goto return_results;
+	case LDAP_BUSY:
+		rs->sr_text = "ldap server busy";
+		goto return_results;
+#if 0
+	case DB_LOCK_DEADLOCK:
+	case DB_LOCK_NOTGRANTED:
+		goto dn2entry_retry;
+#endif
+	default:
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	rs->sr_err = ndb_entry_get_data( op, &NA, 0 );
+	ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+	if (!manageDSAit && is_entry_referral( &e ) ) {
+		/* return referral only if "disclose" is granted on the object */
+		if ( !access_allowed( op, &e, slap_schema.si_ad_entry,
+			NULL, ACL_DISCLOSE, NULL ) )
+		{
+			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		} else {
+			/* entry is a referral, don't allow compare */
+			rs->sr_ref = get_entry_referrals( op, &e );
+			rs->sr_err = LDAP_REFERRAL;
+			rs->sr_matched = e.e_name.bv_val;
+			rs->sr_flags |= REP_REF_MUSTBEFREED;
+		}
+
+		Debug( LDAP_DEBUG_TRACE, "entry is referral\n", 0, 0, 0 );
+		goto return_results;
+	}
+
+	if ( get_assert( op ) &&
+		( test_filter( op, &e, (Filter *)get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		if ( !access_allowed( op, &e, slap_schema.si_ad_entry,
+			NULL, ACL_DISCLOSE, NULL ) )
+		{
+			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		} else {
+			rs->sr_err = LDAP_ASSERTION_FAILED;
+		}
+		goto return_results;
+	}
+
+	if ( !access_allowed( op, &e, op->oq_compare.rs_ava->aa_desc,
+		&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL ) )
+	{
+		/* return error only if "disclose"
+		 * is granted on the object */
+		if ( !access_allowed( op, &e, slap_schema.si_ad_entry,
+					NULL, ACL_DISCLOSE, NULL ) )
+		{
+			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		} else {
+			rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		}
+		goto return_results;
+	}
+
+	rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+
+	for ( a = attrs_find( e.e_attrs, op->oq_compare.rs_ava->aa_desc );
+		a != NULL;
+		a = attrs_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
+	{
+		rs->sr_err = LDAP_COMPARE_FALSE;
+
+		if ( attr_valfind( a,
+			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+			&op->oq_compare.rs_ava->aa_value, NULL,
+			op->o_tmpmemctx ) == 0 )
+		{
+			rs->sr_err = LDAP_COMPARE_TRUE;
+			break;
+		}
+	}
+
+return_results:
+	NA.txn->close();
+	if ( e.e_attrs ) {
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+	}
+	send_ldap_result( op, rs );
+
+	switch ( rs->sr_err ) {
+	case LDAP_COMPARE_FALSE:
+	case LDAP_COMPARE_TRUE:
+		rs->sr_err = LDAP_SUCCESS;
+		break;
+	}
+
+	return rs->sr_err;
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/config.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/config.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/config.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,333 @@
+/* config.cpp - ndb backend configuration file routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/config.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+#include "lutil.h"
+
+#include "back-ndb.h"
+
+#include "config.h"
+
+extern "C" {
+	static ConfigDriver ndb_cf_gen;
+};
+
+enum {
+	NDB_ATLEN = 1,
+	NDB_ATSET,
+	NDB_INDEX,
+	NDB_ATBLOB
+};
+
+static ConfigTable ndbcfg[] = {
+	{ "dbhost", "hostname", 2, 2, 0, ARG_STRING|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_hostname),
+		"( OLcfgDbAt:6.1 NAME 'olcDbHost' "
+			"DESC 'Hostname of SQL server' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "dbname", "name", 2, 2, 0, ARG_STRING|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_dbname),
+		"( OLcfgDbAt:6.2 NAME 'olcDbName' "
+			"DESC 'Name of SQL database' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "dbuser", "username", 2, 2, 0, ARG_STRING|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_username),
+		"( OLcfgDbAt:6.3 NAME 'olcDbUser' "
+			"DESC 'Username for SQL session' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "dbpass", "password", 2, 2, 0, ARG_STRING|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_password),
+		"( OLcfgDbAt:6.4 NAME 'olcDbPass' "
+			"DESC 'Password for SQL session' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "dbport", "port", 2, 2, 0, ARG_UINT|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_port),
+		"( OLcfgDbAt:6.5 NAME 'olcDbPort' "
+			"DESC 'Port number of SQL server' "
+			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "dbsocket", "path", 2, 2, 0, ARG_STRING|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_socket),
+		"( OLcfgDbAt:6.6 NAME 'olcDbSocket' "
+			"DESC 'Local socket path of SQL server' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "dbflag", "flag", 2, 2, 0, ARG_LONG|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_clflag),
+		"( OLcfgDbAt:6.7 NAME 'olcDbFlag' "
+			"DESC 'Flags for SQL session' "
+			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "dbconnect", "hostname", 2, 2, 0, ARG_STRING|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_connectstr),
+		"( OLcfgDbAt:6.8 NAME 'olcDbConnect' "
+			"DESC 'Hostname of NDB server' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "dbconnections", "number", 2, 2, 0, ARG_INT|ARG_OFFSET,
+		(void *)offsetof(struct ndb_info, ni_nconns),
+		"( OLcfgDbAt:6.9 NAME 'olcDbConnections' "
+			"DESC 'Number of cluster connections to open' "
+			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "attrlen", "attr> <len", 3, 3, 0, ARG_MAGIC|NDB_ATLEN,
+		(void *)ndb_cf_gen,
+		"( OLcfgDbAt:6.10 NAME 'olcNdbAttrLen' "
+			"DESC 'Column length of a specific attribute' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "attrset", "set> <attrs", 3, 3, 0, ARG_MAGIC|NDB_ATSET,
+		(void *)ndb_cf_gen,
+		"( OLcfgDbAt:6.11 NAME 'olcNdbAttrSet' "
+			"DESC 'Set of common attributes' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "index", "attr", 2, 2, 0, ARG_MAGIC|NDB_INDEX,
+		(void *)ndb_cf_gen, "( OLcfgDbAt:0.2 NAME 'olcDbIndex' "
+		"DESC 'Attribute to index' "
+		"EQUALITY caseIgnoreMatch "
+		"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "attrblob", "attr", 2, 2, 0, ARG_MAGIC|NDB_ATBLOB,
+		(void *)ndb_cf_gen, "( OLcfgDbAt:6.12 NAME 'olcNdbAttrBlob' "
+		"DESC 'Attribute to treat as a BLOB' "
+		"EQUALITY caseIgnoreMatch "
+		"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "directory", "dir", 2, 2, 0, ARG_IGNORED,
+		NULL, "( OLcfgDbAt:0.1 NAME 'olcDbDirectory' "
+			"DESC 'Dummy keyword' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED,
+		NULL, NULL, NULL, NULL }
+};
+
+static ConfigOCs ndbocs[] = {
+	{
+		"( OLcfgDbOc:6.2 "
+		"NAME 'olcNdbConfig' "
+		"DESC 'NDB backend configuration' "
+		"SUP olcDatabaseConfig "
+		"MUST ( olcDbHost $ olcDbName $ olcDbConnect ) "
+		"MAY ( olcDbUser $ olcDbPass $ olcDbPort $ olcDbSocket $ "
+		"olcDbFlag $ olcDbConnections $ olcNdbAttrLen $ "
+		"olcDbIndex $ olcNdbAttrSet $ olcNdbAttrBlob ) )",
+			Cft_Database, ndbcfg },
+	{ NULL, Cft_Abstract, NULL }
+};
+
+static int
+ndb_cf_gen( ConfigArgs *c )
+{
+	struct ndb_info *ni = (struct ndb_info *)c->be->be_private;
+	int i, rc;
+	NdbAttrInfo *ai;
+	NdbOcInfo *oci;
+	ListNode *ln, **l2;
+	struct berval bv, *bva;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		char buf[BUFSIZ];
+		rc = 0;
+		bv.bv_val = buf;
+		switch( c->type ) {
+		case NDB_ATLEN:
+			if ( ni->ni_attrlens ) {
+				for ( ln = ni->ni_attrlens; ln; ln=ln->ln_next ) {
+					ai = (NdbAttrInfo *)ln->ln_data;
+					bv.bv_len = snprintf( buf, sizeof(buf),
+						"%s %d", ai->na_name.bv_val,
+							ai->na_len );
+					value_add_one( &c->rvalue_vals, &bv );
+				}
+			} else {
+				rc = 1;
+			}
+			break;
+
+		case NDB_ATSET:
+			if ( ni->ni_attrsets ) {
+				char *ptr, *end = buf+sizeof(buf);
+				for ( ln = ni->ni_attrsets; ln; ln=ln->ln_next ) {
+					oci = (NdbOcInfo *)ln->ln_data;
+					ptr = lutil_strcopy( buf, oci->no_name.bv_val );
+					*ptr++ = ' ';
+					for ( i=0; i<oci->no_nattrs; i++ ) {
+						if ( end - ptr < oci->no_attrs[i]->na_name.bv_len+1 )
+							break;
+						if ( i )
+							*ptr++ = ',';
+						ptr = lutil_strcopy(ptr,
+							oci->no_attrs[i]->na_name.bv_val );
+					}
+					bv.bv_len = ptr - buf;
+					value_add_one( &c->rvalue_vals, &bv );
+				}
+			} else {
+				rc = 1;
+			}
+			break;
+
+		case NDB_INDEX:
+			if ( ni->ni_attridxs ) {
+				for ( ln = ni->ni_attridxs; ln; ln=ln->ln_next ) {
+					ai = (NdbAttrInfo *)ln->ln_data;
+					value_add_one( &c->rvalue_vals, &ai->na_name );
+				}
+			} else {
+				rc = 1;
+			}
+			break;
+
+		case NDB_ATBLOB:
+			if ( ni->ni_attrblobs ) {
+				for ( ln = ni->ni_attrblobs; ln; ln=ln->ln_next ) {
+					ai = (NdbAttrInfo *)ln->ln_data;
+					value_add_one( &c->rvalue_vals, &ai->na_name );
+				}
+			} else {
+				rc = 1;
+			}
+			break;
+
+		}
+		return rc;
+	} else if ( c->op == LDAP_MOD_DELETE ) { /* FIXME */
+		rc = 0;
+		switch( c->type ) {
+		case NDB_INDEX:
+			if ( c->valx == -1 ) {
+
+				/* delete all */
+
+			} else {
+
+			}
+			break;
+		}
+		return rc;
+	}
+
+	switch( c->type ) {
+	case NDB_ATLEN:
+		ber_str2bv( c->argv[1], 0, 0, &bv );
+		ai = ndb_ai_get( ni, &bv );
+		if ( !ai ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: invalid attr %s",
+				c->log, c->argv[1] );
+			Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+			return -1;
+		}
+		for ( ln = ni->ni_attrlens; ln; ln = ln->ln_next ) {
+			if ( ln->ln_data == (void *)ai ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: attr len already set for %s",
+					c->log, c->argv[1] );
+				Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+				return -1;
+			}
+		}
+		ai->na_len = atoi( c->argv[2] );
+		ai->na_flag |= NDB_INFO_ATLEN;
+		ln = (ListNode *)ch_malloc( sizeof(ListNode));
+		ln->ln_data = ai;
+		ln->ln_next = NULL;
+		for ( l2 = &ni->ni_attrlens; *l2; l2 = &(*l2)->ln_next );
+		*l2 = ln;
+		break;
+		
+	case NDB_INDEX:
+		ber_str2bv( c->argv[1], 0, 0, &bv );
+		ai = ndb_ai_get( ni, &bv );
+		if ( !ai ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: invalid attr %s",
+				c->log, c->argv[1] );
+			Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+			return -1;
+		}
+		for ( ln = ni->ni_attridxs; ln; ln = ln->ln_next ) {
+			if ( ln->ln_data == (void *)ai ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: attr index already set for %s",
+					c->log, c->argv[1] );
+				Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+				return -1;
+			}
+		}
+		ai->na_flag |= NDB_INFO_INDEX;
+		ln = (ListNode *)ch_malloc( sizeof(ListNode));
+		ln->ln_data = ai;
+		ln->ln_next = NULL;
+		for ( l2 = &ni->ni_attridxs; *l2; l2 = &(*l2)->ln_next );
+		*l2 = ln;
+		break;
+
+	case NDB_ATSET:
+		ber_str2bv( c->argv[1], 0, 0, &bv );
+		bva = ndb_str2bvarray( c->argv[2], strlen( c->argv[2] ), ',', NULL );
+		rc = ndb_aset_get( ni, &bv, bva, &oci );
+		ber_bvarray_free( bva );
+		if ( rc ) {
+			if ( rc == LDAP_ALREADY_EXISTS ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					"%s: attrset %s already defined",
+					c->log, c->argv[1] );
+			} else {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					"%s: invalid attrset %s (%d)",
+					c->log, c->argv[1], rc );
+			}
+			Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+			return -1;
+		}
+		ln = (ListNode *)ch_malloc( sizeof(ListNode));
+		ln->ln_data = oci;
+		ln->ln_next = NULL;
+		for ( l2 = &ni->ni_attrsets; *l2; l2 = &(*l2)->ln_next );
+		*l2 = ln;
+		break;
+
+	case NDB_ATBLOB:
+		ber_str2bv( c->argv[1], 0, 0, &bv );
+		ai = ndb_ai_get( ni, &bv );
+		if ( !ai ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: invalid attr %s",
+				c->log, c->argv[1] );
+			Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+			return -1;
+		}
+		for ( ln = ni->ni_attrblobs; ln; ln = ln->ln_next ) {
+			if ( ln->ln_data == (void *)ai ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: attr blob already set for %s",
+					c->log, c->argv[1] );
+				Debug( LDAP_DEBUG_ANY, "%s\n", c->cr_msg, 0, 0 );
+				return -1;
+			}
+		}
+		ai->na_flag |= NDB_INFO_ATBLOB;
+		ln = (ListNode *)ch_malloc( sizeof(ListNode));
+		ln->ln_data = ai;
+		ln->ln_next = NULL;
+		for ( l2 = &ni->ni_attrblobs; *l2; l2 = &(*l2)->ln_next );
+		*l2 = ln;
+		break;
+
+	}
+	return 0;
+}
+
+extern "C"
+int ndb_back_init_cf( BackendInfo *bi )
+{
+	bi->bi_cf_ocs = ndbocs;
+
+	return config_register_schema( ndbcfg, ndbocs );
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/delete.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/delete.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/delete.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,322 @@
+/* delete.cpp - ndb backend delete routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/delete.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "lutil.h"
+#include "back-ndb.h"
+
+static struct berval glue_bv = BER_BVC("glue");
+
+int
+ndb_back_delete( Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	Entry	e = {0};
+	Entry	p = {0};
+	int		manageDSAit = get_manageDSAit( op );
+	AttributeDescription *children = slap_schema.si_ad_children;
+	AttributeDescription *entry = slap_schema.si_ad_entry;
+
+	NdbArgs NA;
+	NdbRdns rdns;
+	struct berval matched;
+
+	int	num_retries = 0;
+
+	int     rc;
+
+	LDAPControl **preread_ctrl = NULL;
+	LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+	int num_ctrls = 0;
+
+	Debug( LDAP_DEBUG_ARGS, "==> " LDAP_XSTRING(ndb_back_delete) ": %s\n",
+		op->o_req_dn.bv_val, 0, 0 );
+
+	ctrls[num_ctrls] = 0;
+
+	/* allocate CSN */
+	if ( BER_BVISNULL( &op->o_csn ) ) {
+		struct berval csn;
+		char csnbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
+
+		csn.bv_val = csnbuf;
+		csn.bv_len = sizeof(csnbuf);
+		slap_get_csn( op, &csn, 1 );
+	}
+
+	if ( !be_issuffix( op->o_bd, &op->o_req_ndn ) ) {
+		dnParent( &op->o_req_dn, &p.e_name );
+		dnParent( &op->o_req_ndn, &p.e_nname );
+	}
+
+	/* Get our NDB handle */
+	rs->sr_err = ndb_thread_handle( op, &NA.ndb );
+	rdns.nr_num = 0;
+	NA.rdns = &rdns;
+	NA.ocs = NULL;
+	NA.e = &e;
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+
+	if( 0 ) {
+retry:	/* transaction retry */
+		NA.txn->close();
+		NA.txn = NULL;
+		Debug( LDAP_DEBUG_TRACE,
+			"==> " LDAP_XSTRING(ndb_back_delete) ": retrying...\n",
+			0, 0, 0 );
+		if ( op->o_abandon ) {
+			rs->sr_err = SLAPD_ABANDON;
+			goto return_results;
+		}
+		if ( NA.ocs ) {
+			ber_bvarray_free( NA.ocs );
+			NA.ocs = NULL;
+		}
+		ndb_trans_backoff( ++num_retries );
+	}
+
+	/* begin transaction */
+	NA.txn = NA.ndb->startTransaction();
+	rs->sr_text = NULL;
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_delete) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* get entry */
+	rs->sr_err = ndb_entry_get_info( op, &NA, 1, &matched );
+	switch( rs->sr_err ) {
+	case 0:
+	case LDAP_NO_SUCH_OBJECT:
+		break;
+#if 0
+	case DB_LOCK_DEADLOCK:
+	case DB_LOCK_NOTGRANTED:
+		goto retry;
+#endif
+	case LDAP_BUSY:
+		rs->sr_text = "ldap server busy";
+		goto return_results;
+	default:
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ||
+		( !manageDSAit && bvmatch( NA.ocs, &glue_bv ))) {
+		Debug( LDAP_DEBUG_ARGS,
+			"<=- " LDAP_XSTRING(ndb_back_delete) ": no such object %s\n",
+			op->o_req_dn.bv_val, 0, 0);
+
+		if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+			rs->sr_matched = matched.bv_val;
+			if ( NA.ocs )
+				ndb_check_referral( op, rs, &NA );
+		} else {
+			rs->sr_matched = p.e_name.bv_val;
+			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		}
+		goto return_results;
+	}
+
+	/* check parent for "children" acl */
+	rs->sr_err = access_allowed( op, &p,
+		children, NULL, ACL_WDEL, NULL );
+
+	if ( !rs->sr_err  ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_delete) ": no write "
+			"access to parent\n", 0, 0, 0 );
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to parent";
+		goto return_results;
+	}
+
+	rs->sr_err = ndb_entry_get_data( op, &NA, 1 );
+
+	rs->sr_err = access_allowed( op, &e,
+		entry, NULL, ACL_WDEL, NULL );
+
+	if ( !rs->sr_err  ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_delete) ": no write access "
+			"to entry\n", 0, 0, 0 );
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to entry";
+		goto return_results;
+	}
+
+	if ( !manageDSAit && is_entry_referral( &e ) ) {
+		/* entry is a referral, don't allow delete */
+		rs->sr_ref = get_entry_referrals( op, &e );
+
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_delete) ": entry is referral\n",
+			0, 0, 0 );
+
+		rs->sr_err = LDAP_REFERRAL;
+		rs->sr_matched = e.e_name.bv_val;
+		rs->sr_flags = REP_REF_MUSTBEFREED;
+		goto return_results;
+	}
+
+	if ( get_assert( op ) &&
+		( test_filter( op, &e, (Filter *)get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
+	/* pre-read */
+	if( op->o_preread ) {
+		if( preread_ctrl == NULL ) {
+			preread_ctrl = &ctrls[num_ctrls++];
+			ctrls[num_ctrls] = NULL;
+		}
+		if( slap_read_controls( op, rs, &e,
+			&slap_pre_read_bv, preread_ctrl ) )
+		{
+			Debug( LDAP_DEBUG_TRACE,
+				"<=- " LDAP_XSTRING(ndb_back_delete) ": pre-read "
+				"failed!\n", 0, 0, 0 );
+			if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
+				/* FIXME: is it correct to abort
+				 * operation if control fails? */
+				goto return_results;
+			}
+		}
+	}
+
+	/* Can't do it if we have kids */
+	rs->sr_err = ndb_has_children( &NA, &rc );
+	if ( rs->sr_err ) {
+		Debug(LDAP_DEBUG_ARGS,
+			"<=- " LDAP_XSTRING(ndb_back_delete)
+			": has_children failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+	if ( rc == LDAP_COMPARE_TRUE ) {
+		Debug(LDAP_DEBUG_ARGS,
+			"<=- " LDAP_XSTRING(ndb_back_delete)
+			": non-leaf %s\n",
+			op->o_req_dn.bv_val, 0, 0);
+		rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+		rs->sr_text = "subordinate objects must be deleted first";
+		goto return_results;
+	}
+
+	/* delete info */
+	rs->sr_err = ndb_entry_del_info( op->o_bd, &NA );
+	if ( rs->sr_err != 0 ) {
+		Debug(LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_delete) ": del_info failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+		rs->sr_text = "DN index delete failed";
+		rs->sr_err = LDAP_OTHER;
+		goto return_results;
+	}
+
+	/* delete data */
+	rs->sr_err = ndb_entry_del_data( op->o_bd, &NA );
+	if ( rs->sr_err != 0 ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_delete) ": del_data failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+		rs->sr_text = "entry delete failed";
+		rs->sr_err = LDAP_OTHER;
+		goto return_results;
+	}
+
+	if( op->o_noop ) {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn (no-op) failed";
+		} else {
+			rs->sr_err = LDAP_X_NO_OPERATION;
+		}
+	} else {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn_commit failed";
+		} else {
+			rs->sr_err = LDAP_SUCCESS;
+		}
+	}
+
+	if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_delete) ": txn_%s failed: %s (%d)\n",
+			op->o_noop ? "abort (no-op)" : "commit",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "commit failed";
+
+		goto return_results;
+	}
+	NA.txn->close();
+	NA.txn = NULL;
+
+	Debug( LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_back_delete) ": deleted%s id=%08lx dn=\"%s\"\n",
+		op->o_noop ? " (no-op)" : "",
+		e.e_id, op->o_req_dn.bv_val );
+	rs->sr_err = LDAP_SUCCESS;
+	rs->sr_text = NULL;
+	if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+	if ( NA.ocs ) {
+		ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		NA.ocs = NULL;
+	}
+
+	/* free entry */
+	if( e.e_attrs != NULL ) {
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+	}
+
+	if( NA.txn != NULL ) {
+		NA.txn->execute( Rollback );
+		NA.txn->close();
+	}
+
+	send_ldap_result( op, rs );
+	slap_graduate_commit_csn( op );
+
+	if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+		slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+	}
+	return rs->sr_err;
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/init.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/init.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/init.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,451 @@
+/* init.cpp - initialize ndb backend */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/init.cpp,v 1.4.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+#include <ac/stdlib.h>
+#include <ac/errno.h>
+#include <sys/stat.h>
+#include "back-ndb.h"
+#include <lutil.h>
+#include "config.h"
+
+extern "C" {
+	static BI_db_init ndb_db_init;
+	static BI_db_close ndb_db_close;
+	static BI_db_open ndb_db_open;
+	static BI_db_destroy ndb_db_destroy;
+}
+
+static struct berval ndb_optable = BER_BVC("OL_opattrs");
+
+static struct berval ndb_opattrs[] = {
+	BER_BVC("structuralObjectClass"),
+	BER_BVC("entryUUID"),
+	BER_BVC("creatorsName"),
+	BER_BVC("createTimestamp"),
+	BER_BVC("entryCSN"),
+	BER_BVC("modifiersName"),
+	BER_BVC("modifyTimestamp"),
+	BER_BVNULL
+};
+
+static int ndb_oplens[] = {
+	0,	/* structuralOC, default */
+	36,	/* entryUUID */
+	0,	/* creatorsName, default */
+	26,	/* createTimestamp */
+	40,	/* entryCSN */
+	0,	/* modifiersName, default */
+	26,	/* modifyTimestamp */
+	-1
+};
+
+static Uint32 ndb_lastrow[1];
+NdbInterpretedCode *ndb_lastrow_code;
+
+static int
+ndb_db_init( BackendDB *be, ConfigReply *cr )
+{
+	struct ndb_info	*ni;
+	int rc = 0;
+
+	Debug( LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_db_init) ": Initializing ndb database\n",
+		0, 0, 0 );
+
+	/* allocate backend-database-specific stuff */
+	ni = (struct ndb_info *) ch_calloc( 1, sizeof(struct ndb_info) );
+
+	be->be_private = ni;
+	be->be_cf_ocs = be->bd_info->bi_cf_ocs;
+
+	ni->ni_search_stack_depth = DEFAULT_SEARCH_STACK_DEPTH;
+
+	ldap_pvt_thread_rdwr_init( &ni->ni_ai_rwlock );
+	ldap_pvt_thread_rdwr_init( &ni->ni_oc_rwlock );
+	ldap_pvt_thread_mutex_init( &ni->ni_conn_mutex );
+
+#ifdef DO_MONITORING
+	rc = ndb_monitor_db_init( be );
+#endif
+
+	return rc;
+}
+
+static int
+ndb_db_close( BackendDB *be, ConfigReply *cr );
+
+static int
+ndb_db_open( BackendDB *be, ConfigReply *cr )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	char sqlbuf[BUFSIZ], *ptr;
+	int rc, i;
+
+	if ( be->be_suffix == NULL ) {
+		snprintf( cr->msg, sizeof( cr->msg ),
+			"ndb_db_open: need suffix" );
+		Debug( LDAP_DEBUG_ANY, "%s\n",
+			cr->msg, 0, 0 );
+		return -1;
+	}
+
+	Debug( LDAP_DEBUG_ARGS,
+		LDAP_XSTRING(ndb_db_open) ": \"%s\"\n",
+		be->be_suffix[0].bv_val, 0, 0 );
+
+	if ( ni->ni_nconns < 1 )
+		ni->ni_nconns = 1;
+
+	ni->ni_cluster = (Ndb_cluster_connection **)ch_calloc( ni->ni_nconns, sizeof( Ndb_cluster_connection *));
+	for ( i=0; i<ni->ni_nconns; i++ ) {
+		ni->ni_cluster[i] = new Ndb_cluster_connection( ni->ni_connectstr );
+		rc = ni->ni_cluster[i]->connect( 20, 5, 1 );
+		if ( rc ) {
+			snprintf( cr->msg, sizeof( cr->msg ),
+				"ndb_db_open: ni_cluster[%d]->connect failed (%d)",
+				i, rc );
+			goto fail;
+		}
+	}
+	for ( i=0; i<ni->ni_nconns; i++ ) {
+		rc = ni->ni_cluster[i]->wait_until_ready( 30, 0 );
+		if ( rc ) {
+			snprintf( cr->msg, sizeof( cr->msg ),
+				"ndb_db_open: ni_cluster[%d]->wait failed (%d)",
+				i, rc );
+			goto fail;
+		}
+	}
+
+	mysql_init( &ni->ni_sql );
+	if ( !mysql_real_connect( &ni->ni_sql, ni->ni_hostname, ni->ni_username, ni->ni_password,
+		"", ni->ni_port, ni->ni_socket, ni->ni_clflag )) {
+		snprintf( cr->msg, sizeof( cr->msg ),
+			"ndb_db_open: mysql_real_connect failed, %s (%d)",
+			mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+		rc = -1;
+		goto fail;
+	}
+
+	sprintf( sqlbuf, "CREATE DATABASE IF NOT EXISTS %s", ni->ni_dbname );
+	rc = mysql_query( &ni->ni_sql, sqlbuf );
+	if ( rc ) {
+		snprintf( cr->msg, sizeof( cr->msg ),
+			"ndb_db_open: CREATE DATABASE %s failed, %s (%d)",
+			ni->ni_dbname, mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+		goto fail;
+	}
+
+	sprintf( sqlbuf, "USE %s", ni->ni_dbname );
+	rc = mysql_query( &ni->ni_sql, sqlbuf );
+	if ( rc ) {
+		snprintf( cr->msg, sizeof( cr->msg ),
+			"ndb_db_open: USE DATABASE %s failed, %s (%d)",
+			ni->ni_dbname, mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+		goto fail;
+	}
+
+	ptr = sqlbuf;
+	ptr += sprintf( ptr, "CREATE TABLE IF NOT EXISTS " DN2ID_TABLE " ("
+		"eid bigint unsigned NOT NULL, "
+		"object_classes VARCHAR(1024) NOT NULL, "
+		"a0 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a1 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a2 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a3 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a4 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a5 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a6 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a7 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a8 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a9 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a10 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a11 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a12 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a13 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a14 VARCHAR(128) NOT NULL DEFAULT '', "
+		"a15 VARCHAR(128) NOT NULL DEFAULT '', "
+		"PRIMARY KEY (a0, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15), "
+		"UNIQUE KEY eid (eid) USING HASH" );
+	/* Create index columns */
+	if ( ni->ni_attridxs ) {
+		ListNode *ln;
+		int newcol = 0;
+
+		*ptr++ = ',';
+		*ptr++ = ' ';
+		for ( ln = ni->ni_attridxs; ln; ln=ln->ln_next ) {
+			NdbAttrInfo *ai = (NdbAttrInfo *)ln->ln_data;
+			ptr += sprintf( ptr, "`%s` VARCHAR(%d), ",
+				ai->na_name.bv_val, ai->na_len );
+		}
+		ptr = lutil_strcopy(ptr, "KEY " INDEX_NAME " (" );
+
+		for ( ln = ni->ni_attridxs; ln; ln=ln->ln_next ) {
+			NdbAttrInfo *ai = (NdbAttrInfo *)ln->ln_data;
+			if ( newcol ) *ptr++ = ',';
+			*ptr++ = '`';
+			ptr = lutil_strcopy( ptr, ai->na_name.bv_val );
+			*ptr++ = '`';
+			ai->na_ixcol = newcol + 18;
+			newcol++;
+		}
+		*ptr++ = ')';
+	}
+	strcpy( ptr, ") ENGINE=ndb" );
+	rc = mysql_query( &ni->ni_sql, sqlbuf );
+	if ( rc ) {
+		snprintf( cr->msg, sizeof( cr->msg ),
+			"ndb_db_open: CREATE TABLE " DN2ID_TABLE " failed, %s (%d)",
+			mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+		goto fail;
+	}
+
+	rc = mysql_query( &ni->ni_sql, "CREATE TABLE IF NOT EXISTS " NEXTID_TABLE " ("
+		"a bigint unsigned AUTO_INCREMENT PRIMARY KEY ) ENGINE=ndb" );
+	if ( rc ) {
+		snprintf( cr->msg, sizeof( cr->msg ),
+			"ndb_db_open: CREATE TABLE " NEXTID_TABLE " failed, %s (%d)",
+			mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+		goto fail;
+	}
+
+	{
+		NdbOcInfo *oci;
+
+		rc = ndb_aset_get( ni, &ndb_optable, ndb_opattrs, &oci );
+		if ( rc ) {
+			snprintf( cr->msg, sizeof( cr->msg ),
+				"ndb_db_open: ndb_aset_get( %s ) failed (%d)",
+				ndb_optable.bv_val, rc );
+			goto fail;
+		}
+		for ( i=0; ndb_oplens[i] >= 0; i++ ) {
+			if ( ndb_oplens[i] )
+				oci->no_attrs[i]->na_len = ndb_oplens[i];
+		}
+		rc = ndb_aset_create( ni, oci );
+		if ( rc ) {
+			snprintf( cr->msg, sizeof( cr->msg ),
+				"ndb_db_open: ndb_aset_create( %s ) failed (%d)",
+				ndb_optable.bv_val, rc );
+			goto fail;
+		}
+		ni->ni_opattrs = oci;
+	}
+	/* Create attribute sets */
+	{
+		ListNode *ln;
+
+		for ( ln = ni->ni_attrsets; ln; ln=ln->ln_next ) {
+			NdbOcInfo *oci = (NdbOcInfo *)ln->ln_data;
+			rc = ndb_aset_create( ni, oci );
+			if ( rc ) {
+				snprintf( cr->msg, sizeof( cr->msg ),
+					"ndb_db_open: ndb_aset_create( %s ) failed (%d)",
+					oci->no_name.bv_val, rc );
+				goto fail;
+			}
+		}
+	}
+	/* Initialize any currently used objectClasses */
+	{
+		Ndb *ndb;
+		const NdbDictionary::Dictionary *myDict;
+
+		ndb = new Ndb( ni->ni_cluster[0], ni->ni_dbname );
+		ndb->init(1024);
+
+		myDict = ndb->getDictionary();
+		ndb_oc_read( ni, myDict );
+		delete ndb;
+	}
+
+#ifdef DO_MONITORING
+	/* monitor setup */
+	rc = ndb_monitor_db_open( be );
+	if ( rc != 0 ) {
+		goto fail;
+	}
+#endif
+
+	return 0;
+
+fail:
+	Debug( LDAP_DEBUG_ANY, "%s\n",
+		cr->msg, 0, 0 );
+	ndb_db_close( be, NULL );
+	return rc;
+}
+
+static int
+ndb_db_close( BackendDB *be, ConfigReply *cr )
+{
+	int i;
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+
+	mysql_close( &ni->ni_sql );
+	if ( ni->ni_cluster ) {
+		for ( i=0; i<ni->ni_nconns; i++ ) {
+			if ( ni->ni_cluster[i] ) {
+				delete ni->ni_cluster[i];
+				ni->ni_cluster[i] = NULL;
+			}
+		}
+		ch_free( ni->ni_cluster );
+		ni->ni_cluster = NULL;
+	}
+
+#ifdef DO_MONITORING
+	/* monitor handling */
+	(void)ndb_monitor_db_close( be );
+#endif
+
+	return 0;
+}
+
+static int
+ndb_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+
+#ifdef DO_MONITORING
+	/* monitor handling */
+	(void)ndb_monitor_db_destroy( be );
+#endif
+
+	ldap_pvt_thread_mutex_destroy( &ni->ni_conn_mutex );
+	ldap_pvt_thread_rdwr_destroy( &ni->ni_ai_rwlock );
+	ldap_pvt_thread_rdwr_destroy( &ni->ni_oc_rwlock );
+
+	ch_free( ni );
+	be->be_private = NULL;
+
+	return 0;
+}
+
+extern "C" int
+ndb_back_initialize(
+	BackendInfo	*bi )
+{
+	static char *controls[] = {
+		LDAP_CONTROL_ASSERT,
+		LDAP_CONTROL_MANAGEDSAIT,
+		LDAP_CONTROL_NOOP,
+		LDAP_CONTROL_PAGEDRESULTS,
+		LDAP_CONTROL_PRE_READ,
+		LDAP_CONTROL_POST_READ,
+		LDAP_CONTROL_SUBENTRIES,
+		LDAP_CONTROL_X_PERMISSIVE_MODIFY,
+#ifdef LDAP_X_TXN
+		LDAP_CONTROL_X_TXN_SPEC,
+#endif
+		NULL
+	};
+
+	int rc = 0;
+
+	/* initialize the underlying database system */
+	Debug( LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_back_initialize) ": initialize ndb backend\n", 0, 0, 0 );
+
+	ndb_init();
+
+	ndb_lastrow_code = new NdbInterpretedCode( NULL, ndb_lastrow, 1 );
+	ndb_lastrow_code->interpret_exit_last_row();
+	ndb_lastrow_code->finalise();
+
+	bi->bi_flags |=
+		SLAP_BFLAG_INCREMENT |
+		SLAP_BFLAG_SUBENTRIES |
+		SLAP_BFLAG_ALIASES |
+		SLAP_BFLAG_REFERRALS;
+
+	bi->bi_controls = controls;
+
+	bi->bi_open = 0;
+	bi->bi_close = 0;
+	bi->bi_config = 0;
+	bi->bi_destroy = 0;
+
+	bi->bi_db_init = ndb_db_init;
+	bi->bi_db_config = config_generic_wrapper;
+	bi->bi_db_open = ndb_db_open;
+	bi->bi_db_close = ndb_db_close;
+	bi->bi_db_destroy = ndb_db_destroy;
+
+	bi->bi_op_add = ndb_back_add;
+	bi->bi_op_bind = ndb_back_bind;
+	bi->bi_op_compare = ndb_back_compare;
+	bi->bi_op_delete = ndb_back_delete;
+	bi->bi_op_modify = ndb_back_modify;
+	bi->bi_op_modrdn = ndb_back_modrdn;
+	bi->bi_op_search = ndb_back_search;
+
+	bi->bi_op_unbind = 0;
+
+#if 0
+	bi->bi_extended = ndb_extended;
+
+	bi->bi_chk_referrals = ndb_referrals;
+#endif
+	bi->bi_operational = ndb_operational;
+	bi->bi_has_subordinates = ndb_has_subordinates;
+	bi->bi_entry_release_rw = 0;
+	bi->bi_entry_get_rw = ndb_entry_get;
+
+	/*
+	 * hooks for slap tools
+	 */
+	bi->bi_tool_entry_open = ndb_tool_entry_open;
+	bi->bi_tool_entry_close = ndb_tool_entry_close;
+	bi->bi_tool_entry_first = ndb_tool_entry_first;
+	bi->bi_tool_entry_next = ndb_tool_entry_next;
+	bi->bi_tool_entry_get = ndb_tool_entry_get;
+	bi->bi_tool_entry_put = ndb_tool_entry_put;
+#if 0
+	bi->bi_tool_entry_reindex = ndb_tool_entry_reindex;
+	bi->bi_tool_sync = 0;
+	bi->bi_tool_dn2id_get = ndb_tool_dn2id_get;
+	bi->bi_tool_entry_modify = ndb_tool_entry_modify;
+#endif
+
+	bi->bi_connection_init = 0;
+	bi->bi_connection_destroy = 0;
+
+	rc = ndb_back_init_cf( bi );
+
+	return rc;
+}
+
+#if	SLAPD_NDB == SLAPD_MOD_DYNAMIC
+
+/* conditionally define the init_module() function */
+extern "C" { int init_module( int argc, char *argv[] ); }
+
+SLAP_BACKEND_INIT_MODULE( ndb )
+
+#endif /* SLAPD_NDB == SLAPD_MOD_DYNAMIC */
+

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/modify.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/modify.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/modify.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,652 @@
+/* modify.cpp - ndb backend modify routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/modify.cpp,v 1.3.2.3 2009/02/05 19:35:54 quanah Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/time.h>
+
+#include "back-ndb.h"
+
+/* This is a copy from slapd/mods.c, but with compaction tweaked
+ * to swap values from the tail into deleted slots, to reduce the
+ * overall update traffic.
+ */
+static int
+ndb_modify_delete(
+	Entry	*e,
+	Modification	*mod,
+	int	permissive,
+	const char	**text,
+	char *textbuf, size_t textlen,
+	int *idx )
+{
+	Attribute	*a;
+	MatchingRule 	*mr = mod->sm_desc->ad_type->sat_equality;
+	struct berval *cvals;
+	int		*id2 = NULL;
+	int		i, j, rc = 0, num;
+	unsigned flags;
+	char		dummy = '\0';
+
+	/* For ordered vals, we have no choice but to preserve order */
+	if ( mod->sm_desc->ad_type->sat_flags & SLAP_AT_ORDERED_VAL )
+		return modify_delete_vindex( e, mod, permissive, text,
+			textbuf, textlen, idx );
+
+	/*
+	 * If permissive is set, then the non-existence of an 
+	 * attribute is not treated as an error.
+	 */
+
+	/* delete the entire attribute */
+	if ( mod->sm_values == NULL ) {
+		rc = attr_delete( &e->e_attrs, mod->sm_desc );
+
+		if( permissive ) {
+			rc = LDAP_SUCCESS;
+		} else if( rc != LDAP_SUCCESS ) {
+			*text = textbuf;
+			snprintf( textbuf, textlen,
+				"modify/delete: %s: no such attribute",
+				mod->sm_desc->ad_cname.bv_val );
+			rc = LDAP_NO_SUCH_ATTRIBUTE;
+		}
+		return rc;
+	}
+
+	/* FIXME: Catch old code that doesn't set sm_numvals.
+	 */
+	if ( !BER_BVISNULL( &mod->sm_values[mod->sm_numvals] )) {
+		for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ );
+		assert( mod->sm_numvals == i );
+	}
+	if ( !idx ) {
+		id2 = (int *)ch_malloc( mod->sm_numvals * sizeof( int ));
+		idx = id2;
+	}
+
+	if( mr == NULL || !mr->smr_match ) {
+		/* disallow specific attributes from being deleted if
+			no equality rule */
+		*text = textbuf;
+		snprintf( textbuf, textlen,
+			"modify/delete: %s: no equality matching rule",
+			mod->sm_desc->ad_cname.bv_val );
+		rc = LDAP_INAPPROPRIATE_MATCHING;
+		goto return_result;
+	}
+
+	/* delete specific values - find the attribute first */
+	if ( (a = attr_find( e->e_attrs, mod->sm_desc )) == NULL ) {
+		if( permissive ) {
+			rc = LDAP_SUCCESS;
+			goto return_result;
+		}
+		*text = textbuf;
+		snprintf( textbuf, textlen,
+			"modify/delete: %s: no such attribute",
+			mod->sm_desc->ad_cname.bv_val );
+		rc = LDAP_NO_SUCH_ATTRIBUTE;
+		goto return_result;
+	}
+
+	if ( mod->sm_nvalues ) {
+		flags = SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX
+			| SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH
+			| SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH;
+		cvals = mod->sm_nvalues;
+	} else {
+		flags = SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX;
+		cvals = mod->sm_values;
+	}
+
+	/* Locate values to delete */
+	for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ ) {
+		unsigned sort;
+		rc = attr_valfind( a, flags, &cvals[i], &sort, NULL );
+		if ( rc == LDAP_SUCCESS ) {
+			idx[i] = sort;
+		} else if ( rc == LDAP_NO_SUCH_ATTRIBUTE ) {
+			if ( permissive ) {
+				idx[i] = -1;
+				continue;
+			}
+			*text = textbuf;
+			snprintf( textbuf, textlen,
+				"modify/delete: %s: no such value",
+				mod->sm_desc->ad_cname.bv_val );
+			goto return_result;
+		} else {
+			*text = textbuf;
+			snprintf( textbuf, textlen,
+				"modify/delete: %s: matching rule failed",
+				mod->sm_desc->ad_cname.bv_val );
+			goto return_result;
+		}
+	}
+
+	num = a->a_numvals;
+
+	/* Delete the values */
+	for ( i = 0; i < mod->sm_numvals; i++ ) {
+		/* Skip permissive values that weren't found */
+		if ( idx[i] < 0 )
+			continue;
+		/* Skip duplicate delete specs */
+		if ( a->a_vals[idx[i]].bv_val == &dummy )
+			continue;
+		/* delete value and mark it as gone */
+		free( a->a_vals[idx[i]].bv_val );
+		a->a_vals[idx[i]].bv_val = &dummy;
+		if( a->a_nvals != a->a_vals ) {
+			free( a->a_nvals[idx[i]].bv_val );
+			a->a_nvals[idx[i]].bv_val = &dummy;
+		}
+		a->a_numvals--;
+	}
+
+	/* compact array */
+	for ( i=0; i<num; i++ ) {
+		if ( a->a_vals[i].bv_val != &dummy )
+			continue;
+		for ( --num; num > i && a->a_vals[num].bv_val == &dummy; num-- )
+			;
+		a->a_vals[i] = a->a_vals[num];
+		if ( a->a_nvals != a->a_vals )
+			a->a_nvals[i] = a->a_nvals[num];
+	}
+
+	BER_BVZERO( &a->a_vals[num] );
+	if (a->a_nvals != a->a_vals) {
+		BER_BVZERO( &a->a_nvals[num] );
+	}
+
+	/* if no values remain, delete the entire attribute */
+	if ( !a->a_numvals ) {
+		if ( attr_delete( &e->e_attrs, mod->sm_desc ) ) {
+			/* Can never happen */
+			*text = textbuf;
+			snprintf( textbuf, textlen,
+				"modify/delete: %s: no such attribute",
+				mod->sm_desc->ad_cname.bv_val );
+			rc = LDAP_NO_SUCH_ATTRIBUTE;
+		}
+	}
+return_result:
+	if ( id2 )
+		ch_free( id2 );
+	return rc;
+}
+
+int ndb_modify_internal(
+	Operation *op,
+	NdbArgs *NA,
+	const char **text,
+	char *textbuf,
+	size_t textlen )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	Modification	*mod;
+	Modifications	*ml;
+	Modifications	*modlist = op->orm_modlist;
+	NdbAttrInfo **modai, *atmp;
+	const NdbDictionary::Dictionary *myDict;
+	const NdbDictionary::Table *myTable;
+	int got_oc = 0, nmods = 0, nai = 0, i, j;
+	int rc, indexed = 0;
+	Attribute *old = NULL;
+
+	Debug( LDAP_DEBUG_TRACE, "ndb_modify_internal: 0x%08lx: %s\n",
+		NA->e->e_id, NA->e->e_dn, 0);
+
+	if ( !acl_check_modlist( op, NA->e, modlist )) {
+		return LDAP_INSUFFICIENT_ACCESS;
+	}
+
+	old = attrs_dup( NA->e->e_attrs );
+
+	for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+		mod = &ml->sml_mod;
+		nmods++;
+
+		switch ( mod->sm_op ) {
+		case LDAP_MOD_ADD:
+			Debug(LDAP_DEBUG_ARGS,
+				"ndb_modify_internal: add %s\n",
+				mod->sm_desc->ad_cname.bv_val, 0, 0);
+			rc = modify_add_values( NA->e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
+			if( rc != LDAP_SUCCESS ) {
+				Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
+					rc, *text, 0);
+			}
+			break;
+
+		case LDAP_MOD_DELETE:
+			Debug(LDAP_DEBUG_ARGS,
+				"ndb_modify_internal: delete %s\n",
+				mod->sm_desc->ad_cname.bv_val, 0, 0);
+			rc = ndb_modify_delete( NA->e, mod, get_permissiveModify(op),
+				text, textbuf, textlen, NULL );
+			assert( rc != LDAP_TYPE_OR_VALUE_EXISTS );
+			if( rc != LDAP_SUCCESS ) {
+				Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
+					rc, *text, 0);
+			}
+			break;
+
+		case LDAP_MOD_REPLACE:
+			Debug(LDAP_DEBUG_ARGS,
+				"ndb_modify_internal: replace %s\n",
+				mod->sm_desc->ad_cname.bv_val, 0, 0);
+			rc = modify_replace_values( NA->e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
+			if( rc != LDAP_SUCCESS ) {
+				Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
+					rc, *text, 0);
+			}
+			break;
+
+		case LDAP_MOD_INCREMENT:
+			Debug(LDAP_DEBUG_ARGS,
+				"ndb_modify_internal: increment %s\n",
+				mod->sm_desc->ad_cname.bv_val, 0, 0);
+			rc = modify_increment_values( NA->e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
+			if( rc != LDAP_SUCCESS ) {
+				Debug(LDAP_DEBUG_ARGS,
+					"ndb_modify_internal: %d %s\n",
+					rc, *text, 0);
+			}
+			break;
+
+		case SLAP_MOD_SOFTADD:
+			Debug(LDAP_DEBUG_ARGS,
+				"ndb_modify_internal: softadd %s\n",
+				mod->sm_desc->ad_cname.bv_val, 0, 0);
+ 			mod->sm_op = LDAP_MOD_ADD;
+
+			rc = modify_add_values( NA->e, mod, get_permissiveModify(op),
+				text, textbuf, textlen );
+
+ 			mod->sm_op = SLAP_MOD_SOFTADD;
+
+ 			if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
+ 				rc = LDAP_SUCCESS;
+ 			}
+
+			if( rc != LDAP_SUCCESS ) {
+				Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
+					rc, *text, 0);
+			}
+ 			break;
+
+		default:
+			Debug(LDAP_DEBUG_ANY, "ndb_modify_internal: invalid op %d\n",
+				mod->sm_op, 0, 0);
+			*text = "Invalid modify operation";
+			rc = LDAP_OTHER;
+			Debug(LDAP_DEBUG_ARGS, "ndb_modify_internal: %d %s\n",
+				rc, *text, 0);
+		}
+
+		if ( rc != LDAP_SUCCESS ) {
+			attrs_free( old );
+			return rc; 
+		}
+
+		/* If objectClass was modified, reset the flags */
+		if ( mod->sm_desc == slap_schema.si_ad_objectClass ) {
+			NA->e->e_ocflags = 0;
+			got_oc = 1;
+		}
+	}
+
+	/* check that the entry still obeys the schema */
+	rc = entry_schema_check( op, NA->e, NULL, get_relax(op), 0, NULL,
+		text, textbuf, textlen );
+	if ( rc != LDAP_SUCCESS || op->o_noop ) {
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY,
+				"entry failed schema check: %s\n",
+				*text, 0, 0 );
+		}
+		attrs_free( old );
+		return rc;
+	}
+
+	/* apply modifications to DB */
+	modai = (NdbAttrInfo **)op->o_tmpalloc( nmods * sizeof(NdbAttrInfo*), op->o_tmpmemctx );
+
+	/* Get the unique list of modified attributes */
+	ldap_pvt_thread_rdwr_rlock( &ni->ni_ai_rwlock );
+	for ( ml = modlist; ml != NULL; ml = ml->sml_next ) {
+		/* Already took care of objectclass */
+		if ( ml->sml_desc == slap_schema.si_ad_objectClass )
+			continue;
+		for ( i=0; i<nai; i++ ) {
+			if ( ml->sml_desc->ad_type == modai[i]->na_attr )
+				break;
+		}
+		/* This attr was already updated */
+		if ( i < nai )
+			continue;
+		modai[nai] = ndb_ai_find( ni, ml->sml_desc->ad_type );
+		if ( modai[nai]->na_flag & NDB_INFO_INDEX )
+			indexed++;
+		nai++;
+	}
+	ldap_pvt_thread_rdwr_runlock( &ni->ni_ai_rwlock );
+
+	if ( got_oc || indexed ) {
+		rc = ndb_entry_put_info( op->o_bd, NA, 1 );
+		if ( rc ) {
+			attrs_free( old );
+			return rc;
+		}
+	}
+
+	myDict = NA->ndb->getDictionary();
+
+	/* sort modai so that OcInfo's are contiguous */
+	{
+		int j, k;
+		for ( i=0; i<nai; i++ ) {
+			for ( j=i+1; j<nai; j++ ) {
+				if ( modai[i]->na_oi == modai[j]->na_oi )
+					continue;
+				for ( k=j+1; k<nai; k++ ) {
+					if ( modai[i]->na_oi == modai[k]->na_oi ) {
+						atmp = modai[j];
+						modai[j] = modai[k];
+						modai[k] = atmp;
+						break;
+					}
+				}
+				/* there are no more na_oi's that match modai[i] */
+				if ( k == nai ) {
+					i = j;
+				}
+			}
+		}
+	}
+
+	/* One call per table... */
+	for ( i=0; i<nai; i += j ) {
+		atmp = modai[i];
+		for ( j=i+1; j<nai; j++ )
+			if ( atmp->na_oi != modai[j]->na_oi )
+				break;
+		j -= i;
+		myTable = myDict->getTable( atmp->na_oi->no_table.bv_val );
+		if ( !myTable )
+			continue;
+		rc = ndb_oc_attrs( NA->txn, myTable, NA->e, atmp->na_oi, &modai[i], j, old );
+		if ( rc ) break;
+	}
+	attrs_free( old );
+	return rc;
+}
+
+
+int
+ndb_back_modify( Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	Entry		e = {0};
+	int		manageDSAit = get_manageDSAit( op );
+	char textbuf[SLAP_TEXT_BUFLEN];
+	size_t textlen = sizeof textbuf;
+
+	int		num_retries = 0;
+
+	NdbArgs NA;
+	NdbRdns rdns;
+	struct berval matched;
+
+	LDAPControl **preread_ctrl = NULL;
+	LDAPControl **postread_ctrl = NULL;
+	LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+	int num_ctrls = 0;
+
+	Debug( LDAP_DEBUG_ARGS, LDAP_XSTRING(ndb_back_modify) ": %s\n",
+		op->o_req_dn.bv_val, 0, 0 );
+
+	ctrls[num_ctrls] = NULL;
+
+	slap_mods_opattrs( op, &op->orm_modlist, 1 );
+
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+
+	/* Get our NDB handle */
+	rs->sr_err = ndb_thread_handle( op, &NA.ndb );
+	rdns.nr_num = 0;
+	NA.rdns = &rdns;
+	NA.e = &e;
+
+	if( 0 ) {
+retry:	/* transaction retry */
+		NA.txn->close();
+		NA.txn = NULL;
+		if( e.e_attrs ) {
+			attrs_free( e.e_attrs );
+			e.e_attrs = NULL;
+		}
+		Debug(LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modify) ": retrying...\n", 0, 0, 0);
+		if ( op->o_abandon ) {
+			rs->sr_err = SLAPD_ABANDON;
+			goto return_results;
+		}
+		if ( NA.ocs ) {
+			ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		}
+		ndb_trans_backoff( ++num_retries );
+	}
+	NA.ocs = NULL;
+
+	/* begin transaction */
+	NA.txn = NA.ndb->startTransaction();
+	rs->sr_text = NULL;
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modify) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* get entry or ancestor */
+	rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
+	switch( rs->sr_err ) {
+	case 0:
+		break;
+	case LDAP_NO_SUCH_OBJECT:
+		Debug( LDAP_DEBUG_ARGS,
+			"<=- ndb_back_modify: no such object %s\n",
+			op->o_req_dn.bv_val, 0, 0 );
+		rs->sr_matched = matched.bv_val;
+		if (NA.ocs )
+			ndb_check_referral( op, rs, &NA );
+		goto return_results;
+#if 0
+	case DB_LOCK_DEADLOCK:
+	case DB_LOCK_NOTGRANTED:
+		goto retry;
+#endif
+	case LDAP_BUSY:
+		rs->sr_text = "ldap server busy";
+		goto return_results;
+	default:
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* acquire and lock entry */
+	rs->sr_err = ndb_entry_get_data( op, &NA, 1 );
+
+	if ( !manageDSAit && is_entry_referral( &e ) ) {
+		/* entry is a referral, don't allow modify */
+		rs->sr_ref = get_entry_referrals( op, &e );
+
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modify) ": entry is referral\n",
+			0, 0, 0 );
+
+		rs->sr_err = LDAP_REFERRAL;
+		rs->sr_matched = e.e_name.bv_val;
+		rs->sr_flags = REP_REF_MUSTBEFREED;
+		goto return_results;
+	}
+
+	if ( get_assert( op ) &&
+		( test_filter( op, &e, (Filter*)get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
+	if( op->o_preread ) {
+		if( preread_ctrl == NULL ) {
+			preread_ctrl = &ctrls[num_ctrls++];
+			ctrls[num_ctrls] = NULL;
+		}
+		if ( slap_read_controls( op, rs, &e,
+			&slap_pre_read_bv, preread_ctrl ) )
+		{
+			Debug( LDAP_DEBUG_TRACE,
+				"<=- " LDAP_XSTRING(ndb_back_modify) ": pre-read "
+				"failed!\n", 0, 0, 0 );
+			if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
+				/* FIXME: is it correct to abort
+				 * operation if control fails? */
+				goto return_results;
+			}
+		}
+	}
+
+	/* Modify the entry */
+	rs->sr_err = ndb_modify_internal( op, &NA, &rs->sr_text, textbuf, textlen );
+
+	if( rs->sr_err != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modify) ": modify failed (%d)\n",
+			rs->sr_err, 0, 0 );
+#if 0
+		switch( rs->sr_err ) {
+		case DB_LOCK_DEADLOCK:
+		case DB_LOCK_NOTGRANTED:
+			goto retry;
+		}
+#endif
+		goto return_results;
+	}
+
+	if( op->o_postread ) {
+		if( postread_ctrl == NULL ) {
+			postread_ctrl = &ctrls[num_ctrls++];
+			ctrls[num_ctrls] = NULL;
+		}
+		if( slap_read_controls( op, rs, &e,
+			&slap_post_read_bv, postread_ctrl ) )
+		{
+			Debug( LDAP_DEBUG_TRACE,
+				"<=- " LDAP_XSTRING(ndb_back_modify)
+				": post-read failed!\n", 0, 0, 0 );
+			if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
+				/* FIXME: is it correct to abort
+				 * operation if control fails? */
+				goto return_results;
+			}
+		}
+	}
+
+	if( op->o_noop ) {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn_abort (no-op) failed";
+		} else {
+			rs->sr_err = LDAP_X_NO_OPERATION;
+		}
+	} else {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn_commit failed";
+		} else {
+			rs->sr_err = LDAP_SUCCESS;
+		}
+	}
+
+	if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modify) ": txn_%s failed: %s (%d)\n",
+			op->o_noop ? "abort (no-op)" : "commit",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code );
+		rs->sr_err = LDAP_OTHER;
+		goto return_results;
+	}
+	NA.txn->close();
+	NA.txn = NULL;
+
+	Debug( LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_back_modify) ": updated%s id=%08lx dn=\"%s\"\n",
+		op->o_noop ? " (no-op)" : "",
+		e.e_id, op->o_req_dn.bv_val );
+
+	rs->sr_err = LDAP_SUCCESS;
+	rs->sr_text = NULL;
+	if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+	if ( NA.ocs ) {
+		ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		NA.ocs = NULL;
+	}
+
+	if ( e.e_attrs != NULL ) {
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+	}
+
+	if( NA.txn != NULL ) {
+		NA.txn->execute( Rollback );
+		NA.txn->close();
+	}
+
+	send_ldap_result( op, rs );
+	slap_graduate_commit_csn( op );
+
+	if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+		slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+	}
+	if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+		slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+	}
+
+	rs->sr_text = NULL;
+	return rs->sr_err;
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/modrdn.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/modrdn.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/modrdn.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,558 @@
+/* modrdn.cpp - ndb backend modrdn routine */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/modrdn.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "back-ndb.h"
+
+int
+ndb_back_modrdn( Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	AttributeDescription *children = slap_schema.si_ad_children;
+	AttributeDescription *entry = slap_schema.si_ad_entry;
+	struct berval	new_dn = BER_BVNULL, new_ndn = BER_BVNULL;
+	Entry		e = {0};
+	Entry		e2 = {0};
+	char textbuf[SLAP_TEXT_BUFLEN];
+	size_t textlen = sizeof textbuf;
+
+	struct berval	*np_dn = NULL;			/* newSuperior dn */
+	struct berval	*np_ndn = NULL;			/* newSuperior ndn */
+
+	int		manageDSAit = get_manageDSAit( op );
+	int		num_retries = 0;
+
+	NdbArgs NA, NA2;
+	NdbRdns rdns, rdn2;
+	struct berval matched;
+
+	LDAPControl **preread_ctrl = NULL;
+	LDAPControl **postread_ctrl = NULL;
+	LDAPControl *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+	int num_ctrls = 0;
+
+	int	rc;
+
+	Debug( LDAP_DEBUG_ARGS, "==>" LDAP_XSTRING(ndb_back_modrdn) "(%s,%s,%s)\n",
+		op->o_req_dn.bv_val,op->oq_modrdn.rs_newrdn.bv_val,
+		op->oq_modrdn.rs_newSup ? op->oq_modrdn.rs_newSup->bv_val : "NULL" );
+
+	ctrls[num_ctrls] = NULL;
+
+	slap_mods_opattrs( op, &op->orr_modlist, 1 );
+
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+
+	/* Get our NDB handle */
+	rs->sr_err = ndb_thread_handle( op, &NA.ndb );
+	rdns.nr_num = 0;
+	NA.rdns = &rdns;
+	NA.e = &e;
+	NA2.ndb = NA.ndb;
+	NA2.e = &e2;
+	NA2.rdns = &rdn2;
+
+	if( 0 ) {
+retry:	/* transaction retry */
+		NA.txn->close();
+		NA.txn = NULL;
+		if ( e.e_attrs ) {
+			attrs_free( e.e_attrs );
+			e.e_attrs = NULL;
+		}
+		Debug( LDAP_DEBUG_TRACE, "==>" LDAP_XSTRING(ndb_back_modrdn)
+				": retrying...\n", 0, 0, 0 );
+		if ( op->o_abandon ) {
+			rs->sr_err = SLAPD_ABANDON;
+			goto return_results;
+		}
+		if ( NA2.ocs ) {
+			ber_bvarray_free_x( NA2.ocs, op->o_tmpmemctx );
+		}
+		if ( NA.ocs ) {
+			ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		}
+		ndb_trans_backoff( ++num_retries );
+	}
+	NA.ocs = NULL;
+	NA2.ocs = NULL;
+
+	/* begin transaction */
+	NA.txn = NA.ndb->startTransaction();
+	rs->sr_text = NULL;
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modrdn) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+	NA2.txn = NA.txn;
+
+	/* get entry */
+	rs->sr_err = ndb_entry_get_info( op, &NA, 1, &matched );
+	switch( rs->sr_err ) {
+	case 0:
+		break;
+	case LDAP_NO_SUCH_OBJECT:
+		Debug( LDAP_DEBUG_ARGS,
+			"<=- ndb_back_modrdn: no such object %s\n",
+			op->o_req_dn.bv_val, 0, 0 );
+		rs->sr_matched = matched.bv_val;
+		if ( NA.ocs )
+			ndb_check_referral( op, rs, &NA );
+		goto return_results;
+#if 0
+	case DB_LOCK_DEADLOCK:
+	case DB_LOCK_NOTGRANTED:
+		goto retry;
+#endif
+	case LDAP_BUSY:
+		rs->sr_text = "ldap server busy";
+		goto return_results;
+	default:
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+
+	/* acquire and lock entry */
+	rs->sr_err = ndb_entry_get_data( op, &NA, 1 );
+	if ( rs->sr_err )
+		goto return_results;
+
+	if ( !manageDSAit && is_entry_glue( &e )) {
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		goto return_results;
+	}
+	
+	if ( get_assert( op ) &&
+		( test_filter( op, &e, (Filter *)get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
+	/* check write on old entry */
+	rs->sr_err = access_allowed( op, &e, entry, NULL, ACL_WRITE, NULL );
+	if ( ! rs->sr_err ) {
+		Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
+			0, 0 );
+		rs->sr_text = "no write access to old entry";
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		goto return_results;
+	}
+
+	/* Can't do it if we have kids */
+	rs->sr_err = ndb_has_children( &NA, &rc );
+	if ( rs->sr_err ) {
+		Debug(LDAP_DEBUG_ARGS,
+			"<=- " LDAP_XSTRING(ndb_back_modrdn)
+			": has_children failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto return_results;
+	}
+	if ( rc == LDAP_COMPARE_TRUE ) {
+		Debug(LDAP_DEBUG_ARGS,
+			"<=- " LDAP_XSTRING(ndb_back_modrdn)
+			": non-leaf %s\n",
+			op->o_req_dn.bv_val, 0, 0);
+		rs->sr_err = LDAP_NOT_ALLOWED_ON_NONLEAF;
+		rs->sr_text = "subtree rename not supported";
+		goto return_results;
+	}
+
+	if (!manageDSAit && is_entry_referral( &e ) ) {
+		/* entry is a referral, don't allow modrdn */
+		rs->sr_ref = get_entry_referrals( op, &e );
+
+		Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modrdn)
+			": entry %s is referral\n", e.e_dn, 0, 0 );
+
+		rs->sr_err = LDAP_REFERRAL,
+		rs->sr_matched = op->o_req_dn.bv_val;
+		rs->sr_flags = REP_REF_MUSTBEFREED;
+		goto return_results;
+	}
+
+	if ( be_issuffix( op->o_bd, &e.e_nname ) ) {
+		/* There can only be one suffix entry */
+		rs->sr_err = LDAP_NAMING_VIOLATION;
+		rs->sr_text = "cannot rename suffix entry";
+		goto return_results;
+	} else {
+		dnParent( &e.e_nname, &e2.e_nname );
+		dnParent( &e.e_name, &e2.e_name );
+	}
+
+	/* check parent for "children" acl */
+	rs->sr_err = access_allowed( op, &e2,
+		children, NULL,
+		op->oq_modrdn.rs_newSup == NULL ?
+			ACL_WRITE : ACL_WDEL,
+		NULL );
+
+	if ( ! rs->sr_err ) {
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		Debug( LDAP_DEBUG_TRACE, "no access to parent\n", 0,
+			0, 0 );
+		rs->sr_text = "no write access to old parent's children";
+		goto return_results;
+	}
+
+	Debug( LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_back_modrdn) ": wr to children "
+		"of entry %s OK\n", e2.e_name.bv_val, 0, 0 );
+	
+	if ( op->oq_modrdn.rs_newSup != NULL ) {
+		Debug( LDAP_DEBUG_TRACE, 
+			LDAP_XSTRING(ndb_back_modrdn)
+			": new parent \"%s\" requested...\n",
+			op->oq_modrdn.rs_newSup->bv_val, 0, 0 );
+
+		/*  newSuperior == oldParent? */
+		if( dn_match( &e2.e_nname, op->oq_modrdn.rs_nnewSup ) ) {
+			Debug( LDAP_DEBUG_TRACE, "bdb_back_modrdn: "
+				"new parent \"%s\" same as the old parent \"%s\"\n",
+				op->oq_modrdn.rs_newSup->bv_val, e2.e_name.bv_val, 0 );
+			op->oq_modrdn.rs_newSup = NULL; /* ignore newSuperior */
+		}
+	}
+
+	if ( op->oq_modrdn.rs_newSup != NULL ) {
+		if ( op->oq_modrdn.rs_newSup->bv_len ) {
+			rdn2.nr_num = 0;
+			np_dn = op->oq_modrdn.rs_newSup;
+			np_ndn = op->oq_modrdn.rs_nnewSup;
+
+			/* newSuperior == oldParent? - checked above */
+			/* newSuperior == entry being moved?, if so ==> ERROR */
+			if ( dnIsSuffix( np_ndn, &e.e_nname )) {
+				rs->sr_err = LDAP_NO_SUCH_OBJECT;
+				rs->sr_text = "new superior not found";
+				goto return_results;
+			}
+			/* Get Entry with dn=newSuperior. Does newSuperior exist? */
+
+			e2.e_name = *np_dn;
+			e2.e_nname = *np_ndn;
+			rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );
+			switch( rs->sr_err ) {
+			case 0:
+				break;
+			case LDAP_NO_SUCH_OBJECT:
+				Debug( LDAP_DEBUG_TRACE,
+					LDAP_XSTRING(ndb_back_modrdn)
+					": newSup(ndn=%s) not here!\n",
+					np_ndn->bv_val, 0, 0);
+				rs->sr_text = "new superior not found";
+				goto return_results;
+#if 0
+			case DB_LOCK_DEADLOCK:
+			case DB_LOCK_NOTGRANTED:
+				goto retry;
+#endif
+			case LDAP_BUSY:
+				rs->sr_text = "ldap server busy";
+				goto return_results;
+			default:
+				rs->sr_err = LDAP_OTHER;
+				rs->sr_text = "internal error";
+				goto return_results;
+			}
+			if ( NA2.ocs ) {
+				Attribute a;
+				int i;
+
+				for ( i=0; !BER_BVISNULL( &NA2.ocs[i] ); i++);
+				a.a_numvals = i;
+				a.a_desc = slap_schema.si_ad_objectClass;
+				a.a_vals = NA2.ocs;
+				a.a_nvals = NA2.ocs;
+				a.a_next = NULL;
+				e2.e_attrs = &a;
+
+				if ( is_entry_alias( &e2 )) {
+					/* parent is an alias, don't allow move */
+					Debug( LDAP_DEBUG_TRACE,
+						LDAP_XSTRING(ndb_back_modrdn)
+						": entry is alias\n",
+						0, 0, 0 );
+					rs->sr_text = "new superior is an alias";
+					rs->sr_err = LDAP_ALIAS_PROBLEM;
+					goto return_results;
+				}
+
+				if ( is_entry_referral( &e2 ) ) {
+					/* parent is a referral, don't allow move */
+					Debug( LDAP_DEBUG_TRACE,
+						LDAP_XSTRING(ndb_back_modrdn)
+						": entry is referral\n",
+						0, 0, 0 );
+					rs->sr_text = "new superior is a referral";
+					rs->sr_err = LDAP_OTHER;
+					goto return_results;
+				}
+			}
+		}
+
+		/* check newSuperior for "children" acl */
+		rs->sr_err = access_allowed( op, &e2, children,
+			NULL, ACL_WADD, NULL );
+		if( ! rs->sr_err ) {
+			Debug( LDAP_DEBUG_TRACE,
+				LDAP_XSTRING(ndb_back_modrdn)
+				": no wr to newSup children\n",
+				0, 0, 0 );
+			rs->sr_text = "no write access to new superior's children";
+			rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+			goto return_results;
+		}
+
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modrdn)
+			": wr to new parent OK id=%ld\n",
+			(long) e2.e_id, 0, 0 );
+	}
+
+	/* Build target dn and make sure target entry doesn't exist already. */
+	if (!new_dn.bv_val) {
+		build_new_dn( &new_dn, &e2.e_name, &op->oq_modrdn.rs_newrdn, NULL ); 
+	}
+
+	if (!new_ndn.bv_val) {
+		build_new_dn( &new_ndn, &e2.e_nname, &op->oq_modrdn.rs_nnewrdn, NULL ); 
+	}
+
+	Debug( LDAP_DEBUG_TRACE, LDAP_XSTRING(ndb_back_modrdn) ": new ndn=%s\n",
+		new_ndn.bv_val, 0, 0 );
+
+	/* Allow rename to same DN */
+	if ( !bvmatch ( &new_ndn, &e.e_nname )) {
+		rdn2.nr_num = 0;
+		e2.e_name = new_dn;
+		e2.e_nname = new_ndn;
+		NA2.ocs = &matched;
+		rs->sr_err = ndb_entry_get_info( op, &NA2, 1, NULL );
+		NA2.ocs = NULL;
+		switch( rs->sr_err ) {
+#if 0
+		case DB_LOCK_DEADLOCK:
+		case DB_LOCK_NOTGRANTED:
+			goto retry;
+#endif
+		case LDAP_NO_SUCH_OBJECT:
+			break;
+		case 0:
+			rs->sr_err = LDAP_ALREADY_EXISTS;
+			goto return_results;
+		default:
+			rs->sr_err = LDAP_OTHER;
+			rs->sr_text = "internal error";
+			goto return_results;
+		}
+	}
+
+	assert( op->orr_modlist != NULL );
+
+	if( op->o_preread ) {
+		if( preread_ctrl == NULL ) {
+			preread_ctrl = &ctrls[num_ctrls++];
+			ctrls[num_ctrls] = NULL;
+		}
+		if( slap_read_controls( op, rs, &e,
+			&slap_pre_read_bv, preread_ctrl ) )
+		{
+			Debug( LDAP_DEBUG_TRACE,        
+				"<=- " LDAP_XSTRING(ndb_back_modrdn)
+				": pre-read failed!\n", 0, 0, 0 );
+			if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
+				/* FIXME: is it correct to abort
+				 * operation if control fails? */
+				goto return_results;
+			}
+		}                   
+	}
+
+	/* delete old DN */
+	rs->sr_err = ndb_entry_del_info( op->o_bd, &NA );
+	if ( rs->sr_err != 0 ) {
+		Debug(LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_modrdn)
+			": dn2id del failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+#if 0
+		switch( rs->sr_err ) {
+		case DB_LOCK_DEADLOCK:
+		case DB_LOCK_NOTGRANTED:
+			goto retry;
+		}
+#endif
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "DN index delete fail";
+		goto return_results;
+	}
+
+	/* copy entry fields */
+	e2.e_attrs = e.e_attrs;
+	e2.e_id = e.e_id;
+
+	/* add new DN */
+	rs->sr_err = ndb_entry_put_info( op->o_bd, &NA2, 0 );
+	if ( rs->sr_err != 0 ) {
+		Debug(LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_modrdn)
+			": dn2id add failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+#if 0
+		switch( rs->sr_err ) {
+		case DB_LOCK_DEADLOCK:
+		case DB_LOCK_NOTGRANTED:
+			goto retry;
+		}
+#endif
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "DN index add failed";
+		goto return_results;
+	}
+
+	/* modify entry */
+	rs->sr_err = ndb_modify_internal( op, &NA2,
+		&rs->sr_text, textbuf, textlen );
+	if( rs->sr_err != LDAP_SUCCESS ) {
+		Debug(LDAP_DEBUG_TRACE,
+			"<=- " LDAP_XSTRING(ndb_back_modrdn)
+			": modify failed: %s (%d)\n",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code, 0 );
+#if 0
+		switch( rs->sr_err ) {
+		case DB_LOCK_DEADLOCK:
+		case DB_LOCK_NOTGRANTED:
+			goto retry;
+		}
+#endif
+		goto return_results;
+	}
+
+	e.e_attrs = e2.e_attrs;
+
+	if( op->o_postread ) {
+		if( postread_ctrl == NULL ) {
+			postread_ctrl = &ctrls[num_ctrls++];
+			ctrls[num_ctrls] = NULL;
+		}
+		if( slap_read_controls( op, rs, &e2,
+			&slap_post_read_bv, postread_ctrl ) )
+		{
+			Debug( LDAP_DEBUG_TRACE,        
+				"<=- " LDAP_XSTRING(ndb_back_modrdn)
+				": post-read failed!\n", 0, 0, 0 );
+			if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
+				/* FIXME: is it correct to abort
+				 * operation if control fails? */
+				goto return_results;
+			}
+		}                   
+	}
+
+	if( op->o_noop ) {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Rollback,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn_abort (no-op) failed";
+		} else {
+			rs->sr_err = LDAP_X_NO_OPERATION;
+		}
+	} else {
+		if (( rs->sr_err=NA.txn->execute( NdbTransaction::Commit,
+			NdbOperation::AbortOnError, 1 )) != 0 ) {
+			rs->sr_text = "txn_commit failed";
+		} else {
+			rs->sr_err = LDAP_SUCCESS;
+		}
+	}
+ 
+	if( rs->sr_err != LDAP_SUCCESS && rs->sr_err != LDAP_X_NO_OPERATION ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_modrdn) ": txn_%s failed: %s (%d)\n",
+			op->o_noop ? "abort (no-op)" : "commit",
+			NA.txn->getNdbError().message, NA.txn->getNdbError().code );
+		rs->sr_err = LDAP_OTHER;
+		goto return_results;
+	}
+	NA.txn->close();
+	NA.txn = NULL;
+
+	Debug(LDAP_DEBUG_TRACE,
+		LDAP_XSTRING(ndb_back_modrdn)
+		": rdn modified%s id=%08lx dn=\"%s\"\n",
+		op->o_noop ? " (no-op)" : "",
+		e.e_id, op->o_req_dn.bv_val );
+
+	rs->sr_err = LDAP_SUCCESS;
+	rs->sr_text = NULL;
+	if( num_ctrls ) rs->sr_ctrls = ctrls;
+
+return_results:
+	if ( NA2.ocs ) {
+		ber_bvarray_free_x( NA2.ocs, op->o_tmpmemctx );
+		NA2.ocs = NULL;
+	}
+
+	if ( NA.ocs ) {
+		ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		NA.ocs = NULL;
+	}
+
+	if ( e.e_attrs ) {
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+	}
+
+	if( NA.txn != NULL ) {
+		NA.txn->execute( Rollback );
+		NA.txn->close();
+	}
+
+	send_ldap_result( op, rs );
+	slap_graduate_commit_csn( op );
+
+	if( new_dn.bv_val != NULL ) free( new_dn.bv_val );
+	if( new_ndn.bv_val != NULL ) free( new_ndn.bv_val );
+
+	if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+		slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+	}
+	if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+		slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+	}
+
+	rs->sr_text = NULL;
+	return rs->sr_err;
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/ndbio.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/ndbio.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/ndbio.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,1677 @@
+/* ndbio.cpp - get/set/del data for NDB */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/ndbio.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/errno.h>
+#include <lutil.h>
+
+#include "back-ndb.h"
+
+/* For reference only */
+typedef struct MedVar {
+	Int16 len;	/* length is always little-endian */
+	char buf[1024];
+} MedVar;
+
+extern "C" {
+	static int ndb_name_cmp( const void *v1, const void *v2 );
+	static int ndb_oc_dup_err( void *v1, void *v2 );
+};
+
+static int
+ndb_name_cmp( const void *v1, const void *v2 )
+{
+	NdbOcInfo *oc1 = (NdbOcInfo *)v1, *oc2 = (NdbOcInfo *)v2;
+	return ber_bvstrcasecmp( &oc1->no_name, &oc2->no_name );
+}
+
+static int
+ndb_oc_dup_err( void *v1, void *v2 )
+{
+	NdbOcInfo *oc = (NdbOcInfo *)v2;
+
+	oc->no_oc = (ObjectClass *)v1;
+	return -1;
+}
+
+/* Find an existing NdbAttrInfo */
+extern "C" NdbAttrInfo *
+ndb_ai_find( struct ndb_info *ni, AttributeType *at )
+{
+	NdbAttrInfo atmp;
+	atmp.na_name = at->sat_cname;
+
+	return (NdbAttrInfo *)avl_find( ni->ni_ai_tree, &atmp, ndb_name_cmp );
+}
+
+/* Find or create an NdbAttrInfo */
+extern "C" NdbAttrInfo *
+ndb_ai_get( struct ndb_info *ni, struct berval *aname )
+{
+	NdbAttrInfo atmp, *ai;
+	atmp.na_name = *aname;
+
+	ai = (NdbAttrInfo *)avl_find( ni->ni_ai_tree, &atmp, ndb_name_cmp );
+	if ( !ai ) {
+		const char *text;
+		AttributeDescription *ad = NULL;
+
+		if ( slap_bv2ad( aname, &ad, &text ))
+			return NULL;
+
+		ai = (NdbAttrInfo *)ch_malloc( sizeof( NdbAttrInfo ));
+		ai->na_desc = ad;
+		ai->na_attr = ai->na_desc->ad_type;
+		ai->na_name = ai->na_attr->sat_cname;
+		ai->na_oi = NULL;
+		ai->na_flag = 0;
+		ai->na_ixcol = 0;
+		ai->na_len = ai->na_attr->sat_atype.at_syntax_len;
+		/* Reasonable default */
+		if ( !ai->na_len ) {
+			if ( ai->na_attr->sat_syntax == slap_schema.si_syn_distinguishedName )
+				ai->na_len = 1024;
+			else
+				ai->na_len = 128;
+		}
+		/* Arbitrary limit */
+		if ( ai->na_len > 1024 )
+			ai->na_len = 1024;
+		avl_insert( &ni->ni_ai_tree, ai, ndb_name_cmp, avl_dup_error );
+	}
+	return ai;
+}
+
+static int
+ndb_ai_check( struct ndb_info *ni, NdbOcInfo *oci, AttributeType **attrs, char **ptr, int *col,
+	int create )
+{
+	NdbAttrInfo *ai;
+	int i;
+
+	for ( i=0; attrs[i]; i++ ) {
+		if ( attrs[i] == slap_schema.si_ad_objectClass->ad_type )
+			continue;
+		/* skip attrs that are in a superior */
+		if ( oci->no_oc && oci->no_oc->soc_sups ) {
+			int j, k, found=0;
+			ObjectClass *oc;
+			for ( j=0; oci->no_oc->soc_sups[j]; j++ ) {
+				oc = oci->no_oc->soc_sups[j];
+				if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT )
+					continue;
+				if ( oc->soc_required ) {
+					for ( k=0; oc->soc_required[k]; k++ ) {
+						if ( attrs[i] == oc->soc_required[k] ) {
+							found = 1;
+							break;
+						}
+					}
+					if ( found ) break;
+				}
+				if ( oc->soc_allowed ) {
+					for ( k=0; oc->soc_allowed[k]; k++ ) {
+						if ( attrs[i] == oc->soc_allowed[k] ) {
+							found = 1;
+							break;
+						}
+					}
+					if ( found ) break;
+				}
+			}
+			if ( found )
+				continue;
+		}
+
+		ai = ndb_ai_get( ni, &attrs[i]->sat_cname );
+		if ( !ai ) {
+			/* can never happen */
+			return LDAP_OTHER;
+		}
+
+		/* An attrset may have already been connected */
+		if (( oci->no_flag & NDB_INFO_ATSET ) && ai->na_oi == oci )
+			continue;
+
+		/* An indexed attr is defined before its OC is */
+		if ( !ai->na_oi ) {
+			ai->na_oi = oci;
+			ai->na_column = (*col)++;
+		}
+
+		oci->no_attrs[oci->no_nattrs++] = ai;
+
+		/* An attrset attr may already be defined */
+		if ( ai->na_oi != oci ) {
+			int j;
+			for ( j=0; j<oci->no_nsets; j++ )
+				if ( oci->no_sets[j] == ai->na_oi ) break;
+			if ( j >= oci->no_nsets ) {
+				/* FIXME: data loss if more sets are in use */
+				if ( oci->no_nsets < NDB_MAX_OCSETS ) {
+					oci->no_sets[oci->no_nsets++] = ai->na_oi;
+				}
+			}
+			continue;
+		}
+
+		if ( create ) {
+			if ( ai->na_flag & NDB_INFO_ATBLOB ) {
+				*ptr += sprintf( *ptr, ", `%s` BLOB", ai->na_attr->sat_cname.bv_val );
+			} else {
+				*ptr += sprintf( *ptr, ", `%s` VARCHAR(%d)", ai->na_attr->sat_cname.bv_val,
+					ai->na_len );
+			}
+		}
+	}
+	return 0;
+}
+
+static int
+ndb_oc_create( struct ndb_info *ni, NdbOcInfo *oci, int create )
+{
+	char buf[4096], *ptr;
+	int i, rc = 0, col;
+
+	if ( create ) {
+		ptr = buf + sprintf( buf,
+			"CREATE TABLE `%s` (eid bigint unsigned NOT NULL, vid int unsigned NOT NULL",
+			oci->no_table.bv_val );
+	}
+
+	col = 0;
+	if ( oci->no_oc->soc_required ) {
+		for ( i=0; oci->no_oc->soc_required[i]; i++ );
+		col += i;
+	}
+	if ( oci->no_oc->soc_allowed ) {
+		for ( i=0; oci->no_oc->soc_allowed[i]; i++ );
+		col += i;
+	}
+	/* assume all are present */
+	oci->no_attrs = (struct ndb_attrinfo **)ch_malloc( col * sizeof(struct ndb_attrinfo *));
+
+	col = 2;
+	ldap_pvt_thread_rdwr_wlock( &ni->ni_ai_rwlock );
+	if ( oci->no_oc->soc_required ) {
+		rc = ndb_ai_check( ni, oci, oci->no_oc->soc_required, &ptr, &col, create );
+	}
+	if ( !rc && oci->no_oc->soc_allowed ) {
+		rc = ndb_ai_check( ni, oci, oci->no_oc->soc_allowed, &ptr, &col, create );
+	}
+	ldap_pvt_thread_rdwr_wunlock( &ni->ni_ai_rwlock );
+
+	/* shrink down to just the needed size */
+	oci->no_attrs = (struct ndb_attrinfo **)ch_realloc( oci->no_attrs,
+		oci->no_nattrs * sizeof(struct ndb_attrinfo *));
+
+	if ( create ) {
+		ptr = lutil_strcopy( ptr, ", PRIMARY KEY(eid, vid) ) ENGINE=ndb PARTITION BY KEY(eid)" );
+		rc = mysql_real_query( &ni->ni_sql, buf, ptr - buf );
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY,
+				"ndb_oc_create: CREATE TABLE %s failed, %s (%d)\n",
+				oci->no_table.bv_val, mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+		}
+	}
+	return rc;
+}
+
+/* Read table definitions from the DB and populate ObjectClassInfo */
+extern "C" int
+ndb_oc_read( struct ndb_info *ni, const NdbDictionary::Dictionary *myDict )
+{
+	const NdbDictionary::Table *myTable;
+	const NdbDictionary::Column *myCol;
+	NdbOcInfo *oci, octmp;
+	NdbAttrInfo *ai;
+	ObjectClass *oc;
+	NdbDictionary::Dictionary::List myList;
+	struct berval bv;
+	int i, j, rc, col;
+
+	rc = myDict->listObjects( myList, NdbDictionary::Object::UserTable );
+	/* Populate our objectClass structures */
+	for ( i=0; i<myList.count; i++ ) {
+		/* Ignore other DBs */
+		if ( strcmp( myList.elements[i].database, ni->ni_dbname ))
+			continue;
+		/* Ignore internal tables */
+		if ( !strncmp( myList.elements[i].name, "OL_", 3 ))
+			continue;
+		ber_str2bv( myList.elements[i].name, 0, 0, &octmp.no_name );
+		oci = (NdbOcInfo *)avl_find( ni->ni_oc_tree, &octmp, ndb_name_cmp );
+		if ( oci )
+			continue;
+
+		oc = oc_bvfind( &octmp.no_name );
+		if ( !oc ) {
+			/* undefined - shouldn't happen */
+			continue;
+		}
+		myTable = myDict->getTable( myList.elements[i].name );
+		oci = (NdbOcInfo *)ch_malloc( sizeof( NdbOcInfo )+oc->soc_cname.bv_len+1 );
+		oci->no_table.bv_val = (char *)(oci+1);
+		strcpy( oci->no_table.bv_val, oc->soc_cname.bv_val );
+		oci->no_table.bv_len = oc->soc_cname.bv_len;
+		oci->no_name = oci->no_table;
+		oci->no_oc = oc;
+		oci->no_flag = 0;
+		oci->no_nsets = 0;
+		oci->no_nattrs = 0;
+		col = 0;
+		/* Make space for all attrs, even tho sups will be dropped */
+		if ( oci->no_oc->soc_required ) {
+			for ( j=0; oci->no_oc->soc_required[j]; j++ );
+			col = j;
+		}
+		if ( oci->no_oc->soc_allowed ) {
+			for ( j=0; oci->no_oc->soc_allowed[j]; j++ );
+			col += j;
+		}
+		oci->no_attrs = (struct ndb_attrinfo **)ch_malloc( col * sizeof(struct ndb_attrinfo *));
+		avl_insert( &ni->ni_oc_tree, oci, ndb_name_cmp, avl_dup_error );
+
+		col = myTable->getNoOfColumns();
+		/* Skip 0 and 1, eid and vid */
+		for ( j = 2; j<col; j++ ) {
+			myCol = myTable->getColumn( j );
+			ber_str2bv( myCol->getName(), 0, 0, &bv );
+			ai = ndb_ai_get( ni, &bv );
+			/* shouldn't happen */
+			if ( !ai )
+				continue;
+			ai->na_oi = oci;
+			ai->na_column = j;
+			ai->na_len = myCol->getLength();
+			if ( myCol->getType() == NdbDictionary::Column::Blob )
+				ai->na_flag |= NDB_INFO_ATBLOB;
+		}
+	}
+	/* Link to any attrsets */
+	for ( i=0; i<myList.count; i++ ) {
+		/* Ignore other DBs */
+		if ( strcmp( myList.elements[i].database, ni->ni_dbname ))
+			continue;
+		/* Ignore internal tables */
+		if ( !strncmp( myList.elements[i].name, "OL_", 3 ))
+			continue;
+		ber_str2bv( myList.elements[i].name, 0, 0, &octmp.no_name );
+		oci = (NdbOcInfo *)avl_find( ni->ni_oc_tree, &octmp, ndb_name_cmp );
+		/* shouldn't happen */
+		if ( !oci )
+			continue;
+		col = 2;
+		if ( oci->no_oc->soc_required ) {
+			rc = ndb_ai_check( ni, oci, oci->no_oc->soc_required, NULL, &col, 0 );
+		}
+		if ( oci->no_oc->soc_allowed ) {
+			rc = ndb_ai_check( ni, oci, oci->no_oc->soc_allowed, NULL, &col, 0 );
+		}
+		/* shrink down to just the needed size */
+		oci->no_attrs = (struct ndb_attrinfo **)ch_realloc( oci->no_attrs,
+			oci->no_nattrs * sizeof(struct ndb_attrinfo *));
+	}
+	return 0;
+}
+
+static int
+ndb_oc_list( struct ndb_info *ni, const NdbDictionary::Dictionary *myDict,
+	struct berval *oname, int implied, NdbOcs *out )
+{
+	const NdbDictionary::Table *myTable;
+	NdbOcInfo *oci, octmp;
+	ObjectClass *oc;
+	int i, rc;
+
+	/* shortcut top */
+	if ( ber_bvstrcasecmp( oname, &slap_schema.si_oc_top->soc_cname )) {
+		octmp.no_name = *oname;
+		oci = (NdbOcInfo *)avl_find( ni->ni_oc_tree, &octmp, ndb_name_cmp );
+		if ( oci ) {
+			oc = oci->no_oc;
+		} else {
+			oc = oc_bvfind( oname );
+			if ( !oc ) {
+				/* undefined - shouldn't happen */
+				return LDAP_INVALID_SYNTAX;
+			}
+		}
+		if ( oc->soc_sups ) {
+			int i;
+
+			for ( i=0; oc->soc_sups[i]; i++ ) {
+				rc = ndb_oc_list( ni, myDict, &oc->soc_sups[i]->soc_cname, 1, out );
+				if ( rc ) return rc;
+			}
+		}
+	} else {
+		oc = slap_schema.si_oc_top;
+	}
+	/* Only insert once */
+	for ( i=0; i<out->no_ntext; i++ )
+		if ( out->no_text[i].bv_val == oc->soc_cname.bv_val )
+			break;
+	if ( i == out->no_ntext ) {
+		for ( i=0; i<out->no_nitext; i++ )
+			if ( out->no_itext[i].bv_val == oc->soc_cname.bv_val )
+				break;
+		if ( i == out->no_nitext ) {
+			if ( implied )
+				out->no_itext[out->no_nitext++] = oc->soc_cname;
+			else
+				out->no_text[out->no_ntext++] = oc->soc_cname;
+		}
+	}
+
+	/* ignore top, etc... */
+	if ( oc->soc_kind == LDAP_SCHEMA_ABSTRACT )
+		return 0;
+
+	if ( !oci ) {
+		ldap_pvt_thread_rdwr_runlock( &ni->ni_oc_rwlock );
+		oci = (NdbOcInfo *)ch_malloc( sizeof( NdbOcInfo )+oc->soc_cname.bv_len+1 );
+		oci->no_table.bv_val = (char *)(oci+1);
+		strcpy( oci->no_table.bv_val, oc->soc_cname.bv_val );
+		oci->no_table.bv_len = oc->soc_cname.bv_len;
+		oci->no_name = oci->no_table;
+		oci->no_oc = oc;
+		oci->no_flag = 0;
+		oci->no_nsets = 0;
+		oci->no_nattrs = 0;
+		ldap_pvt_thread_rdwr_wlock( &ni->ni_oc_rwlock );
+		if ( avl_insert( &ni->ni_oc_tree, oci, ndb_name_cmp, ndb_oc_dup_err )) {
+			octmp.no_oc = oci->no_oc;
+			ch_free( oci );
+			oci = (NdbOcInfo *)octmp.no_oc;
+		}
+		/* see if the oc table already exists in the DB */
+		myTable = myDict->getTable( oci->no_table.bv_val );
+		rc = ndb_oc_create( ni, oci, myTable == NULL );
+		ldap_pvt_thread_rdwr_wunlock( &ni->ni_oc_rwlock );
+		ldap_pvt_thread_rdwr_rlock( &ni->ni_oc_rwlock );
+		if ( rc ) return rc;
+	}
+	/* Only insert once */
+	for ( i=0; i<out->no_ninfo; i++ )
+		if ( out->no_info[i] == oci )
+			break;
+	if ( i == out->no_ninfo )
+		out->no_info[out->no_ninfo++] = oci;
+	return 0;
+}
+
+extern "C" int
+ndb_aset_get( struct ndb_info *ni, struct berval *sname, struct berval *attrs, NdbOcInfo **ret )
+{
+	NdbOcInfo *oci, octmp;
+	int i, rc;
+
+	octmp.no_name = *sname;
+	oci = (NdbOcInfo *)avl_find( ni->ni_oc_tree, &octmp, ndb_name_cmp );
+	if ( oci )
+		return LDAP_ALREADY_EXISTS;
+
+	for ( i=0; !BER_BVISNULL( &attrs[i] ); i++ ) {
+		if ( !at_bvfind( &attrs[i] ))
+			return LDAP_NO_SUCH_ATTRIBUTE;
+	}
+	i++;
+
+	oci = (NdbOcInfo *)ch_calloc( 1, sizeof( NdbOcInfo ) + sizeof( ObjectClass ) +
+		i*sizeof(AttributeType *) + sname->bv_len+1 );
+	oci->no_oc = (ObjectClass *)(oci+1);
+	oci->no_oc->soc_required = (AttributeType **)(oci->no_oc+1);
+	oci->no_table.bv_val = (char *)(oci->no_oc->soc_required+i);
+
+	for ( i=0; !BER_BVISNULL( &attrs[i] ); i++ )
+		oci->no_oc->soc_required[i] = at_bvfind( &attrs[i] );
+
+	strcpy( oci->no_table.bv_val, sname->bv_val );
+	oci->no_table.bv_len = sname->bv_len;
+	oci->no_name = oci->no_table;
+	oci->no_oc->soc_cname = oci->no_name;
+	oci->no_flag = NDB_INFO_ATSET;
+
+	if ( !ber_bvcmp( sname, &slap_schema.si_oc_extensibleObject->soc_cname ))
+		oci->no_oc->soc_kind = slap_schema.si_oc_extensibleObject->soc_kind;
+
+	rc = ndb_oc_create( ni, oci, 0 );
+	if ( !rc )
+		rc = avl_insert( &ni->ni_oc_tree, oci, ndb_name_cmp, avl_dup_error );
+	if ( rc ) {
+		ch_free( oci );
+	} else {
+		*ret = oci;
+	}
+	return rc;
+}
+
+extern "C" int
+ndb_aset_create( struct ndb_info *ni, NdbOcInfo *oci )
+{
+	char buf[4096], *ptr;
+	NdbAttrInfo *ai;
+	int i;
+
+	ptr = buf + sprintf( buf,
+		"CREATE TABLE IF NOT EXISTS `%s` (eid bigint unsigned NOT NULL, vid int unsigned NOT NULL",
+		oci->no_table.bv_val );
+
+	for ( i=0; i<oci->no_nattrs; i++ ) {
+		if ( oci->no_attrs[i]->na_oi != oci )
+			continue;
+		ai = oci->no_attrs[i];
+		ptr += sprintf( ptr, ", `%s` VARCHAR(%d)", ai->na_attr->sat_cname.bv_val,
+			ai->na_len );
+		if ( ai->na_flag & NDB_INFO_INDEX ) {
+			ptr += sprintf( ptr, ", INDEX (`%s`)", ai->na_attr->sat_cname.bv_val );
+		}
+	}
+	ptr = lutil_strcopy( ptr, ", PRIMARY KEY(eid, vid) ) ENGINE=ndb PARTITION BY KEY(eid)" );
+	i = mysql_real_query( &ni->ni_sql, buf, ptr - buf );
+	if ( i ) {
+		Debug( LDAP_DEBUG_ANY,
+			"ndb_aset_create: CREATE TABLE %s failed, %s (%d)\n",
+			oci->no_table.bv_val, mysql_error(&ni->ni_sql), mysql_errno(&ni->ni_sql) );
+	}
+	return i;
+}
+
+static int
+ndb_oc_check( BackendDB *be, Ndb *ndb,
+	struct berval *ocsin, NdbOcs *out )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	const NdbDictionary::Dictionary *myDict = ndb->getDictionary();
+
+	int i, rc = 0;
+
+	out->no_ninfo = 0;
+	out->no_ntext = 0;
+	out->no_nitext = 0;
+
+	/* Find all objectclasses and their superiors. List
+	 * the superiors first.
+	 */
+
+	ldap_pvt_thread_rdwr_rlock( &ni->ni_oc_rwlock );
+	for ( i=0; !BER_BVISNULL( &ocsin[i] ); i++ ) {
+		rc = ndb_oc_list( ni, myDict, &ocsin[i], 0, out );
+		if ( rc ) break;
+	}
+	ldap_pvt_thread_rdwr_runlock( &ni->ni_oc_rwlock );
+	return rc;
+}
+
+#define	V_INS	1
+#define	V_DEL	2
+#define	V_REP	3
+
+static int ndb_flush_blobs;
+
+/* set all the unique attrs of this objectclass into the table
+ */
+extern "C" int
+ndb_oc_attrs(
+	NdbTransaction *txn,
+	const NdbDictionary::Table *myTable,
+	Entry *e,
+	NdbOcInfo *no,
+	NdbAttrInfo **attrs,
+	int nattrs,
+	Attribute *old
+)
+{
+	char buf[65538], *ptr;
+	Attribute **an, **ao, *a;
+	NdbOperation *myop;
+	int i, j, max = 0;
+	int changed, rc;
+	Uint64 eid = e->e_id;
+
+	if ( !nattrs )
+		return 0;
+
+	an = (Attribute **)ch_malloc( 2 * nattrs * sizeof(Attribute *));
+	ao = an + nattrs;
+
+	/* Turn lists of attrs into arrays for easier access */
+	for ( i=0; i<nattrs; i++ ) {
+		if ( attrs[i]->na_oi != no ) {
+			an[i] = NULL;
+			ao[i] = NULL;
+			continue;
+		}
+		for ( a=e->e_attrs; a; a=a->a_next ) {
+			if ( a->a_desc == slap_schema.si_ad_objectClass )
+				continue;
+			if ( a->a_desc->ad_type == attrs[i]->na_attr ) {
+				/* Don't process same attr twice */
+				if ( a->a_flags & SLAP_ATTR_IXADD )
+					a = NULL;
+				else
+					a->a_flags |= SLAP_ATTR_IXADD;
+				break;
+			}
+		}
+		an[i] = a;
+		if ( a && a->a_numvals > max )
+			max = a->a_numvals;
+		for ( a=old; a; a=a->a_next ) {
+			if ( a->a_desc == slap_schema.si_ad_objectClass )
+				continue;
+			if ( a->a_desc->ad_type == attrs[i]->na_attr )
+				break;
+		}
+		ao[i] = a;
+		if ( a && a->a_numvals > max )
+			max = a->a_numvals;
+	}
+
+	for ( i=0; i<max; i++ ) {
+		myop = NULL;
+		for ( j=0; j<nattrs; j++ ) {
+			if ( !an[j] && !ao[j] )
+				continue;
+			changed = 0;
+			if ( an[j] && an[j]->a_numvals > i ) {
+				/* both old and new are present, compare for changes */
+				if ( ao[j] && ao[j]->a_numvals > i ) {
+					if ( ber_bvcmp( &ao[j]->a_nvals[i], &an[j]->a_nvals[i] ))
+						changed = V_REP;
+				} else {
+					changed = V_INS;
+				}
+			} else {
+				if ( ao[j] && ao[j]->a_numvals > i )
+					changed = V_DEL;
+			}
+			if ( changed ) {
+				if ( !myop ) {
+					rc = LDAP_OTHER;
+					myop = txn->getNdbOperation( myTable );
+					if ( !myop ) {
+						goto done;
+					}
+					if ( old ) {
+						if ( myop->writeTuple()) {
+							goto done;
+						}
+					} else {
+						if ( myop->insertTuple()) {
+							goto done;
+						}
+					}
+					if ( myop->equal( EID_COLUMN, eid )) {
+						goto done;
+					}
+					if ( myop->equal( VID_COLUMN, i )) {
+						goto done;
+					}
+				}
+				if ( attrs[j]->na_flag & NDB_INFO_ATBLOB ) {
+					NdbBlob *myBlob = myop->getBlobHandle( attrs[j]->na_column );
+					rc = LDAP_OTHER;
+					if ( !myBlob ) {
+						Debug( LDAP_DEBUG_TRACE, "ndb_oc_attrs: getBlobHandle failed %s (%d)\n",
+							myop->getNdbError().message, myop->getNdbError().code, 0 );
+						goto done;
+					}
+					if ( slapMode & SLAP_TOOL_MODE )
+						ndb_flush_blobs = 1;
+					if ( changed & V_INS ) {
+						if ( myBlob->setValue( an[j]->a_vals[i].bv_val, an[j]->a_vals[i].bv_len )) {
+							Debug( LDAP_DEBUG_TRACE, "ndb_oc_attrs: blob->setValue failed %s (%d)\n",
+								myBlob->getNdbError().message, myBlob->getNdbError().code, 0 );
+							goto done;
+						}
+					} else {
+						if ( myBlob->setValue( NULL, 0 )) {
+							Debug( LDAP_DEBUG_TRACE, "ndb_oc_attrs: blob->setValue failed %s (%d)\n",
+								myBlob->getNdbError().message, myBlob->getNdbError().code, 0 );
+							goto done;
+						}
+					}
+				} else {
+					if ( changed & V_INS ) {
+						if ( an[j]->a_vals[i].bv_len > attrs[j]->na_len ) {
+							Debug( LDAP_DEBUG_ANY, "ndb_oc_attrs: attribute %s too long for column\n",
+								attrs[j]->na_name.bv_val, 0, 0 );
+							rc = LDAP_CONSTRAINT_VIOLATION;
+							goto done;
+						}
+						ptr = buf;
+						*ptr++ = an[j]->a_vals[i].bv_len & 0xff;
+						if ( attrs[j]->na_len > 255 ) {
+							/* MedVar */
+							*ptr++ = an[j]->a_vals[i].bv_len >> 8;
+						}
+						memcpy( ptr, an[j]->a_vals[i].bv_val, an[j]->a_vals[i].bv_len );
+						ptr = buf;
+					} else {
+						ptr = NULL;
+					}
+					if ( myop->setValue( attrs[j]->na_column, ptr )) {
+						rc = LDAP_OTHER;
+						goto done;
+					}
+				}
+			}
+		}
+	}
+	rc = LDAP_SUCCESS;
+done:
+	ch_free( an );
+	if ( rc ) {
+		Debug( LDAP_DEBUG_TRACE, "ndb_oc_attrs: failed %s (%d)\n",
+			myop->getNdbError().message, myop->getNdbError().code, 0 );
+	}
+	return rc;
+}
+
+static int
+ndb_oc_put(
+	const NdbDictionary::Dictionary *myDict,
+	NdbTransaction *txn, NdbOcInfo *no, Entry *e )
+{
+	const NdbDictionary::Table *myTable;
+	int i, rc;
+
+	for ( i=0; i<no->no_nsets; i++ ) {
+		rc = ndb_oc_put( myDict, txn, no->no_sets[i], e );
+		if ( rc )
+			return rc;
+	}
+
+	myTable = myDict->getTable( no->no_table.bv_val );
+	if ( !myTable )
+		return LDAP_OTHER;
+
+	return ndb_oc_attrs( txn, myTable, e, no, no->no_attrs, no->no_nattrs, NULL );
+}
+
+/* This is now only used for Adds. Modifies call ndb_oc_attrs directly. */
+extern "C" int
+ndb_entry_put_data(
+	BackendDB *be,
+	NdbArgs *NA
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	Attribute *aoc;
+	const NdbDictionary::Dictionary *myDict = NA->ndb->getDictionary();
+	NdbOcs myOcs;
+	int i, rc;
+
+	/* Get the entry's objectClass attribute */
+	aoc = attr_find( NA->e->e_attrs, slap_schema.si_ad_objectClass );
+	if ( !aoc )
+		return LDAP_OTHER;
+
+	ndb_oc_check( be, NA->ndb, aoc->a_nvals, &myOcs );
+	myOcs.no_info[myOcs.no_ninfo++] = ni->ni_opattrs;
+
+	/* Walk thru objectclasses, find all the attributes belonging to a class */
+	for ( i=0; i<myOcs.no_ninfo; i++ ) {
+		rc = ndb_oc_put( myDict, NA->txn, myOcs.no_info[i], NA->e );
+		if ( rc ) return rc;
+	}
+
+	/* slapadd tries to batch multiple entries per txn, but entry data is
+	 * transient and blob data is required to remain valid for the whole txn.
+	 * So we need to flush blobs before their source data disappears.
+	 */
+	if (( slapMode & SLAP_TOOL_MODE ) && ndb_flush_blobs )
+		NA->txn->execute( NdbTransaction::NoCommit );
+
+	return 0;
+}
+
+static void
+ndb_oc_get( Operation *op, NdbOcInfo *no, int *j, int *nocs, NdbOcInfo ***oclist )
+{
+	int i;
+	NdbOcInfo  **ol2;
+
+	for ( i=0; i<no->no_nsets; i++ ) {
+		ndb_oc_get( op, no->no_sets[i], j, nocs, oclist );
+	}
+
+	/* Don't insert twice */
+	ol2 = *oclist;
+	for ( i=0; i<*j; i++ )
+		if ( ol2[i] == no )
+			return;
+
+	if ( *j >= *nocs ) {
+		*nocs *= 2;
+		ol2 = (NdbOcInfo **)op->o_tmprealloc( *oclist, *nocs * sizeof(NdbOcInfo *), op->o_tmpmemctx );
+		*oclist = ol2;
+	}
+	ol2 = *oclist;
+	ol2[(*j)++] = no;
+}
+
+/* Retrieve attribute data for given entry. The entry's DN and eid should
+ * already be populated.
+ */
+extern "C" int
+ndb_entry_get_data(
+	Operation *op,
+	NdbArgs *NA,
+	int update
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	const NdbDictionary::Dictionary *myDict = NA->ndb->getDictionary();
+	const NdbDictionary::Table *myTable;
+	NdbIndexScanOperation **myop = NULL;
+	Uint64 eid;
+
+	Attribute *a;
+	NdbOcs myOcs;
+	NdbOcInfo *oci, **oclist = NULL;
+	char abuf[65536], *ptr, **attrs = NULL;
+	struct berval bv[2];
+	int *ocx = NULL;
+
+	/* FIXME: abuf should be dynamically allocated */
+
+	int i, j, k, nocs, nattrs, rc = LDAP_OTHER;
+
+	eid = NA->e->e_id;
+
+	ndb_oc_check( op->o_bd, NA->ndb, NA->ocs, &myOcs );
+	myOcs.no_info[myOcs.no_ninfo++] = ni->ni_opattrs;
+	nocs = myOcs.no_ninfo;
+
+	oclist = (NdbOcInfo **)op->o_tmpcalloc( 1, nocs * sizeof(NdbOcInfo *), op->o_tmpmemctx );
+
+	for ( i=0, j=0; i<myOcs.no_ninfo; i++ ) {
+		ndb_oc_get( op, myOcs.no_info[i], &j, &nocs, &oclist );
+	}
+
+	nocs = j;
+	nattrs = 0;
+	for ( i=0; i<nocs; i++ )
+		nattrs += oclist[i]->no_nattrs;
+
+	ocx = (int *)op->o_tmpalloc( nocs * sizeof(int), op->o_tmpmemctx );
+
+	attrs = (char **)op->o_tmpalloc( nattrs * sizeof(char *), op->o_tmpmemctx );
+
+	myop = (NdbIndexScanOperation **)op->o_tmpalloc( nattrs * sizeof(NdbIndexScanOperation *), op->o_tmpmemctx );
+
+	k = 0;
+	ptr = abuf;
+	for ( i=0; i<nocs; i++ ) {
+		oci = oclist[i];
+
+		myop[i] = NA->txn->getNdbIndexScanOperation( "PRIMARY", oci->no_table.bv_val );
+		if ( !myop[i] )
+			goto leave;
+		if ( myop[i]->readTuples( update ? NdbOperation::LM_Exclusive : NdbOperation::LM_CommittedRead ))
+			goto leave;
+		if ( myop[i]->setBound( 0U, NdbIndexScanOperation::BoundEQ, &eid ))
+			goto leave;
+
+		for ( j=0; j<oci->no_nattrs; j++ ) {
+			if ( oci->no_attrs[j]->na_oi != oci )
+				continue;
+			if ( oci->no_attrs[j]->na_flag & NDB_INFO_ATBLOB ) {
+				NdbBlob *bi = myop[i]->getBlobHandle( oci->no_attrs[j]->na_column );
+				attrs[k++] = (char *)bi;
+			} else {
+				attrs[k] = ptr;
+				*ptr++ = 0;
+				if ( oci->no_attrs[j]->na_len > 255 )
+					*ptr++ = 0;
+				ptr += oci->no_attrs[j]->na_len + 1;
+				myop[i]->getValue( oci->no_attrs[j]->na_column, attrs[k++] );
+			}
+		}
+		ocx[i] = k;
+	}
+	/* Must use IgnoreError, because an entry with multiple objectClasses may not
+	 * actually have attributes defined in each class / table.
+	 */
+	if ( NA->txn->execute( NdbTransaction::NoCommit, NdbOperation::AO_IgnoreError, 1) < 0 )
+		goto leave;
+
+	/* count results */
+	for ( i=0; i<nocs; i++ ) {
+		if (( j = myop[i]->nextResult(true) )) {
+			if ( j < 0 ) {
+				Debug( LDAP_DEBUG_TRACE,
+					"ndb_entry_get_data: first nextResult(%d) failed: %s (%d)\n",
+					i, myop[i]->getNdbError().message, myop[i]->getNdbError().code );
+			}
+			myop[i] = NULL;
+		}
+	}
+
+	nattrs = 0;
+	k = 0;
+	for ( i=0; i<nocs; i++ ) {
+		oci = oclist[i];
+		for ( j=0; j<oci->no_nattrs; j++ ) {
+			unsigned char *buf;
+			int len;
+			if ( oci->no_attrs[j]->na_oi != oci )
+				continue;
+			if ( !myop[i] ) {
+				attrs[k] = NULL;
+			} else if ( oci->no_attrs[j]->na_flag & NDB_INFO_ATBLOB ) {
+				void *vi = attrs[k];
+				NdbBlob *bi = (NdbBlob *)vi;
+				int isNull;
+				bi->getNull( isNull );
+				if ( !isNull ) {
+					nattrs++;
+				} else {
+					attrs[k] = NULL;
+				}
+			} else {
+				buf = (unsigned char *)attrs[k];
+				len = buf[0];
+				if ( oci->no_attrs[j]->na_len > 255 ) {
+					/* MedVar */
+					len |= (buf[1] << 8);
+				}
+				if ( len ) {
+					nattrs++;
+				} else {
+					attrs[k] = NULL;
+				}
+			}
+			k++;
+		}
+	}
+
+	a = attrs_alloc( nattrs+1 );
+	NA->e->e_attrs = a;
+
+	a->a_desc = slap_schema.si_ad_objectClass;
+	a->a_vals = NULL;
+	ber_bvarray_dup_x( &a->a_vals, NA->ocs, NULL );
+	a->a_nvals = a->a_vals;
+	a->a_numvals = myOcs.no_ntext;
+
+	BER_BVZERO( &bv[1] );
+
+	do {
+		a = NA->e->e_attrs->a_next;
+		k = 0;
+		for ( i=0; i<nocs; k=ocx[i], i++ ) {
+			oci = oclist[i];
+			for ( j=0; j<oci->no_nattrs; j++ ) {
+				unsigned char *buf;
+				struct berval nbv;
+				if ( oci->no_attrs[j]->na_oi != oci )
+					continue;
+				buf = (unsigned char *)attrs[k++];
+				if ( !buf )
+					continue;
+				if ( !myop[i] ) {
+					a=a->a_next;
+					continue;
+				}
+				if ( oci->no_attrs[j]->na_flag & NDB_INFO_ATBLOB ) {
+					void *vi = (void *)buf;
+					NdbBlob *bi = (NdbBlob *)vi;
+					Uint64 len;
+					Uint32 len2;
+					int isNull;
+					bi->getNull( isNull );
+					if ( isNull ) {
+						a = a->a_next;
+						continue;
+					}
+					bi->getLength( len );
+					bv[0].bv_len = len;
+					bv[0].bv_val = (char *)ch_malloc( len+1 );
+					len2 = len;
+					if ( bi->readData( bv[0].bv_val, len2 )) {
+						Debug( LDAP_DEBUG_TRACE,
+							"ndb_entry_get_data: blob readData failed: %s (%d), len %d\n",
+							bi->getNdbError().message, bi->getNdbError().code, len2 );
+					}
+					bv[0].bv_val[len] = '\0';
+					ber_bvarray_add_x( &a->a_vals, bv, NULL );
+				} else {
+					bv[0].bv_len = buf[0];
+					if ( oci->no_attrs[j]->na_len > 255 ) {
+						/* MedVar */
+						bv[0].bv_len |= (buf[1] << 8);
+						bv[0].bv_val = (char *)buf+2;
+						buf[1] = 0;
+					} else {
+						bv[0].bv_val = (char *)buf+1;
+					}
+					buf[0] = 0;
+					if ( bv[0].bv_len == 0 ) {
+						a = a->a_next;
+						continue;
+					}
+					bv[0].bv_val[bv[0].bv_len] = '\0';
+					value_add_one( &a->a_vals, bv );
+				}
+				a->a_desc = oci->no_attrs[j]->na_desc;
+				attr_normalize_one( a->a_desc, bv, &nbv, NULL );
+				a->a_numvals++;
+				if ( !BER_BVISNULL( &nbv )) {
+					ber_bvarray_add_x( &a->a_nvals, &nbv, NULL );
+				} else if ( !a->a_nvals ) {
+					a->a_nvals = a->a_vals;
+				}
+				a = a->a_next;
+			}
+		}
+		k = 0;
+		for ( i=0; i<nocs; i++ ) {
+			if ( !myop[i] )
+				continue;
+			if ((j = myop[i]->nextResult(true))) {
+				if ( j < 0 ) {
+					Debug( LDAP_DEBUG_TRACE,
+						"ndb_entry_get_data: last nextResult(%d) failed: %s (%d)\n",
+						i, myop[i]->getNdbError().message, myop[i]->getNdbError().code );
+				}
+				myop[i] = NULL;
+			} else {
+				k = 1;
+			}
+		}
+	} while ( k );
+
+	rc = 0;
+leave:
+	if ( myop ) {
+		op->o_tmpfree( myop, op->o_tmpmemctx );
+	}
+	if ( attrs ) {
+		op->o_tmpfree( attrs, op->o_tmpmemctx );
+	}
+	if ( ocx ) {
+		op->o_tmpfree( ocx, op->o_tmpmemctx );
+	}
+	if ( oclist ) {
+		op->o_tmpfree( oclist, op->o_tmpmemctx );
+	}
+
+	return rc;
+}
+
+static int
+ndb_oc_del( 
+	NdbTransaction *txn, Uint64 eid, NdbOcInfo *no )
+{
+	NdbIndexScanOperation *myop;
+	int i, rc;
+
+	for ( i=0; i<no->no_nsets; i++ ) {
+		rc = ndb_oc_del( txn, eid, no->no_sets[i] );
+		if ( rc ) return rc;
+	}
+
+	myop = txn->getNdbIndexScanOperation( "PRIMARY", no->no_table.bv_val );
+	if ( !myop )
+		return LDAP_OTHER;
+	if ( myop->readTuples( NdbOperation::LM_Exclusive ))
+		return LDAP_OTHER;
+	if ( myop->setBound( 0U, NdbIndexScanOperation::BoundEQ, &eid ))
+		return LDAP_OTHER;
+
+	txn->execute(NoCommit);
+	while ( myop->nextResult(true) == 0) {
+		do {
+			myop->deleteCurrentTuple();
+		} while (myop->nextResult(false) == 0);
+		txn->execute(NoCommit);
+	}
+
+	return 0;
+}
+
+extern "C" int
+ndb_entry_del_data(
+	BackendDB *be,
+	NdbArgs *NA
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	Uint64 eid = NA->e->e_id;
+	int i;
+	NdbOcs myOcs;
+
+	ndb_oc_check( be, NA->ndb, NA->ocs, &myOcs );
+	myOcs.no_info[myOcs.no_ninfo++] = ni->ni_opattrs;
+
+	for ( i=0; i<myOcs.no_ninfo; i++ ) {
+		if ( ndb_oc_del( NA->txn, eid, myOcs.no_info[i] ))
+			return LDAP_OTHER;
+	}
+
+	return 0;
+}
+
+extern "C" int
+ndb_dn2rdns(
+	struct berval *dn,
+	NdbRdns *rdns
+)
+{
+	char *beg, *end;
+	int i, len;
+
+	/* Walk thru RDNs */
+	end = dn->bv_val + dn->bv_len;
+	for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+		for ( beg = end-1; beg > dn->bv_val; beg-- ) {
+			if (*beg == ',') {
+				beg++;
+				break;
+			}
+		}
+		if ( beg >= dn->bv_val ) {
+			len = end - beg;
+			/* RDN is too long */
+			if ( len > NDB_RDN_LEN )
+				return LDAP_CONSTRAINT_VIOLATION;
+			memcpy( rdns->nr_buf[i]+1, beg, len );
+		} else {
+			break;
+		}
+		rdns->nr_buf[i][0] = len;
+		end = beg - 1;
+	}
+	/* Too many RDNs in DN */
+	if ( i == NDB_MAX_RDNS && beg > dn->bv_val ) {
+			return LDAP_CONSTRAINT_VIOLATION;
+	}
+	rdns->nr_num = i;
+	return 0;
+}
+
+static int
+ndb_rdns2keys(
+	NdbOperation *myop,
+	NdbRdns *rdns
+)
+{
+	int i;
+	char dummy[2] = {0,0};
+
+	/* Walk thru RDNs */
+	for ( i=0; i<rdns->nr_num; i++ ) {
+		if ( myop->equal( i+RDN_COLUMN, rdns->nr_buf[i] ))
+			return LDAP_OTHER;
+	}
+	for ( ; i<NDB_MAX_RDNS; i++ ) {
+		if ( myop->equal( i+RDN_COLUMN, dummy ))
+			return LDAP_OTHER;
+	}
+	return 0;
+}
+
+/* Store the DN2ID_TABLE fields */
+extern "C" int
+ndb_entry_put_info(
+	BackendDB *be,
+	NdbArgs *NA,
+	int update
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	const NdbDictionary::Dictionary *myDict = NA->ndb->getDictionary();
+	const NdbDictionary::Table *myTable = myDict->getTable( DN2ID_TABLE );
+	NdbOperation *myop;
+	NdbAttrInfo *ai;
+	Attribute *aoc, *a;
+
+	/* Get the entry's objectClass attribute; it's ok to be
+	 * absent on a fresh insert
+	 */
+	aoc = attr_find( NA->e->e_attrs, slap_schema.si_ad_objectClass );
+	if ( update && !aoc )
+		return LDAP_OBJECT_CLASS_VIOLATION;
+
+	myop = NA->txn->getNdbOperation( myTable );
+	if ( !myop )
+		return LDAP_OTHER;
+	if ( update ) {
+		if ( myop->updateTuple())
+			return LDAP_OTHER;
+	} else {
+		if ( myop->insertTuple())
+			return LDAP_OTHER;
+	}
+
+	if ( ndb_rdns2keys( myop, NA->rdns ))
+		return LDAP_OTHER;
+
+	/* Set entry ID */
+	{
+		Uint64 eid = NA->e->e_id;
+		if ( myop->setValue( EID_COLUMN, eid ))
+			return LDAP_OTHER;
+	}
+
+	/* Set list of objectClasses */
+	/* List is <sp> <class> <sp> <class> <sp> ... so that
+	 * searches for " class " will yield accurate results
+	 */
+	if ( aoc ) {
+		char *ptr, buf[sizeof(MedVar)];
+		NdbOcs myOcs;
+		int i;
+
+		ndb_oc_check( be, NA->ndb, aoc->a_nvals, &myOcs );
+		ptr = buf+2;
+		*ptr++ = ' ';
+		for ( i=0; i<myOcs.no_ntext; i++ ) {
+			/* data loss... */
+			if ( ptr + myOcs.no_text[i].bv_len + 1 >= &buf[sizeof(buf)] )
+				break;
+			ptr = lutil_strcopy( ptr, myOcs.no_text[i].bv_val );
+			*ptr++ = ' ';
+		}
+
+		/* implicit classes */
+		if ( myOcs.no_nitext ) {
+			*ptr++ = '@';
+			*ptr++ = ' ';
+			for ( i=0; i<myOcs.no_nitext; i++ ) {
+				/* data loss... */
+				if ( ptr + myOcs.no_itext[i].bv_len + 1 >= &buf[sizeof(buf)] )
+					break;
+				ptr = lutil_strcopy( ptr, myOcs.no_itext[i].bv_val );
+				*ptr++ = ' ';
+			}
+		}
+
+		i = ptr - buf - 2;
+		buf[0] = i & 0xff;
+		buf[1] = i >> 8;
+		if ( myop->setValue( OCS_COLUMN, buf ))
+			return LDAP_OTHER;
+	}
+
+	/* Set any indexed attrs */
+	for ( a = NA->e->e_attrs; a; a=a->a_next ) {
+		ai = ndb_ai_find( ni, a->a_desc->ad_type );
+		if ( ai && ( ai->na_flag & NDB_INFO_INDEX )) {
+			char *ptr, buf[sizeof(MedVar)];
+			int len;
+
+			ptr = buf+1;
+			len = a->a_vals[0].bv_len;
+			/* FIXME: data loss */
+			if ( len > ai->na_len )
+				len = ai->na_len;
+			buf[0] = len & 0xff;
+			if ( ai->na_len > 255 ) {
+				*ptr++ = len >> 8;
+			}
+			memcpy( ptr, a->a_vals[0].bv_val, len );
+			if ( myop->setValue( ai->na_ixcol, buf ))
+				return LDAP_OTHER;
+		}
+	}
+
+	return 0;
+}
+
+extern "C" struct berval *
+ndb_str2bvarray(
+	char *str,
+	int len,
+	char delim,
+	void *ctx
+)
+{
+	struct berval *list, tmp;
+	char *beg;
+	int i, num;
+
+	while ( *str == delim ) {
+		str++;
+		len--;
+	}
+
+	while ( str[len-1] == delim ) {
+		str[--len] = '\0';
+	}
+
+	for ( i = 1, beg = str;; i++ ) {
+		beg = strchr( beg, delim );
+		if ( !beg )
+			break;
+		if ( beg >= str + len )
+			break;
+		beg++;
+	}
+
+	num = i;
+	list = (struct berval *)slap_sl_malloc( (num+1)*sizeof(struct berval), ctx);
+
+	for ( i = 0, beg = str; i<num; i++ ) {
+		tmp.bv_val = beg;
+		beg = strchr( beg, delim );
+		if ( beg >= str + len )
+			beg = NULL;
+		if ( beg ) {
+			tmp.bv_len = beg - tmp.bv_val;
+		} else {
+			tmp.bv_len = len - (tmp.bv_val - str);
+		}
+		ber_dupbv_x( &list[i], &tmp, ctx );
+		beg++;
+	}
+
+	BER_BVZERO( &list[i] );
+	return list;
+}
+
+extern "C" struct berval *
+ndb_ref2oclist(
+	const char *ref,
+	void *ctx
+)
+{
+	char *implied;
+
+	/* MedVar */
+	int len = ref[0] | (ref[1] << 8);
+
+	/* don't return the implied classes */
+	implied = (char *)memchr( ref+2, '@', len );
+	if ( implied ) {
+		len = implied - ref - 2;
+		*implied = '\0';
+	}
+
+	return ndb_str2bvarray( (char *)ref+2, len, ' ', ctx );
+}
+
+/* Retrieve the DN2ID_TABLE fields. Can call with NULL ocs if just verifying
+ * the existence of a DN.
+ */
+extern "C" int
+ndb_entry_get_info(
+	Operation *op,
+	NdbArgs *NA,
+	int update,
+	struct berval *matched
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	const NdbDictionary::Dictionary *myDict = NA->ndb->getDictionary();
+	const NdbDictionary::Table *myTable = myDict->getTable( DN2ID_TABLE );
+	NdbOperation *myop[NDB_MAX_RDNS];
+	NdbRecAttr *eid[NDB_MAX_RDNS], *oc[NDB_MAX_RDNS];
+	char idbuf[NDB_MAX_RDNS][2*sizeof(ID)];
+	char ocbuf[NDB_MAX_RDNS][NDB_OC_BUFLEN];
+
+	if ( matched ) {
+		BER_BVZERO( matched );
+	}
+	if ( !myTable ) {
+		return LDAP_OTHER;
+	}
+
+	myop[0] = NA->txn->getNdbOperation( myTable );
+	if ( !myop[0] ) {
+		return LDAP_OTHER;
+	}
+
+	if ( myop[0]->readTuple( update ? NdbOperation::LM_Exclusive : NdbOperation::LM_CommittedRead )) {
+		return LDAP_OTHER;
+	}
+
+	if ( !NA->rdns->nr_num && ndb_dn2rdns( &NA->e->e_name, NA->rdns )) {
+		return LDAP_NO_SUCH_OBJECT;
+	}
+
+	if ( ndb_rdns2keys( myop[0], NA->rdns )) {
+		return LDAP_OTHER;
+	}
+
+	eid[0] = myop[0]->getValue( EID_COLUMN, idbuf[0] );
+	if ( !eid[0] ) {
+		return LDAP_OTHER;
+	}
+
+	ocbuf[0][0] = 0;
+	ocbuf[0][1] = 0;
+	if ( !NA->ocs ) {
+		oc[0] = myop[0]->getValue( OCS_COLUMN, ocbuf[0] );
+		if ( !oc[0] ) {
+			return LDAP_OTHER;
+		}
+	}
+
+	if ( NA->txn->execute(NdbTransaction::NoCommit, NdbOperation::AO_IgnoreError, 1) < 0 ) {
+		return LDAP_OTHER;
+	}
+
+	switch( myop[0]->getNdbError().code ) {
+	case 0:
+		if ( !eid[0]->isNULL() && ( NA->e->e_id = eid[0]->u_64_value() )) {
+			/* If we didn't care about OCs, or we got them */
+			if ( NA->ocs || ocbuf[0][0] || ocbuf[0][1] ) {
+				/* If wanted, return them */
+				if ( !NA->ocs )
+					NA->ocs = ndb_ref2oclist( ocbuf[0], op->o_tmpmemctx );
+				break;
+			}
+		}
+		/* FALLTHRU */
+	case NDB_NO_SUCH_OBJECT:	/* no such tuple: look for closest parent */
+		if ( matched ) {
+			int i, j, k;
+			char dummy[2] = {0,0};
+
+			/* get to last RDN, then back up 1 */
+			k = NA->rdns->nr_num - 1;
+
+			for ( i=0; i<k; i++ ) {
+				myop[i] = NA->txn->getNdbOperation( myTable );
+				if ( !myop[i] )
+					return LDAP_OTHER;
+				if ( myop[i]->readTuple( NdbOperation::LM_CommittedRead ))
+					return LDAP_OTHER;
+				for ( j=0; j<=i; j++ ) {
+					if ( myop[i]->equal( j+RDN_COLUMN, NA->rdns->nr_buf[j] ))
+						return LDAP_OTHER;
+				}
+				for ( ;j<NDB_MAX_RDNS; j++ ) {
+					if ( myop[i]->equal( j+RDN_COLUMN, dummy ))
+						return LDAP_OTHER;
+				}
+				eid[i] = myop[i]->getValue( EID_COLUMN, idbuf[i] );
+				if ( !eid[i] ) {
+					return LDAP_OTHER;
+				}
+				ocbuf[i][0] = 0;
+				ocbuf[i][1] = 0;
+				if ( !NA->ocs ) {
+					oc[i] = myop[0]->getValue( OCS_COLUMN, ocbuf[i] );
+					if ( !oc[i] ) {
+						return LDAP_OTHER;
+					}
+				}
+			}
+			if ( NA->txn->execute(NdbTransaction::NoCommit, NdbOperation::AO_IgnoreError, 1) < 0 ) {
+				return LDAP_OTHER;
+			}
+			for ( --i; i>=0; i-- ) {
+				if ( myop[i]->getNdbError().code == 0 ) {
+					for ( j=0; j<=i; j++ )
+						matched->bv_len += NA->rdns->nr_buf[j][0];
+					NA->erdns = NA->rdns->nr_num;
+					NA->rdns->nr_num = j;
+					matched->bv_len += i;
+					matched->bv_val = NA->e->e_name.bv_val +
+						NA->e->e_name.bv_len - matched->bv_len;
+					if ( !eid[i]->isNULL() )
+						NA->e->e_id = eid[i]->u_64_value();
+					if ( !NA->ocs )
+						NA->ocs = ndb_ref2oclist( ocbuf[i], op->o_tmpmemctx );
+					break;
+				}
+			}
+		}
+		return LDAP_NO_SUCH_OBJECT;
+	default:
+		return LDAP_OTHER;
+	}
+
+	return 0;
+}
+
+extern "C" int
+ndb_entry_del_info(
+	BackendDB *be,
+	NdbArgs *NA
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	const NdbDictionary::Dictionary *myDict = NA->ndb->getDictionary();
+	const NdbDictionary::Table *myTable = myDict->getTable( DN2ID_TABLE );
+	NdbOperation *myop;
+
+	myop = NA->txn->getNdbOperation( myTable );
+	if ( !myop )
+		return LDAP_OTHER;
+	if ( myop->deleteTuple())
+		return LDAP_OTHER;
+
+	if ( ndb_rdns2keys( myop, NA->rdns ))
+		return LDAP_OTHER;
+
+	return 0;
+}
+
+extern "C" int
+ndb_next_id(
+	BackendDB *be,
+	Ndb *ndb,
+	ID *id
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	const NdbDictionary::Dictionary *myDict = ndb->getDictionary();
+	const NdbDictionary::Table *myTable = myDict->getTable( NEXTID_TABLE );
+	Uint64 nid = 0;
+	int rc;
+
+	if ( !myTable ) {
+		Debug( LDAP_DEBUG_ANY, "ndb_next_id: " NEXTID_TABLE " table is missing\n",
+			0, 0, 0 );
+		return LDAP_OTHER;
+	}
+
+	rc = ndb->getAutoIncrementValue( myTable, nid, 1000 );
+	if ( !rc )
+		*id = nid;
+	return rc;
+}
+
+extern "C" { static void ndb_thread_hfree( void *key, void *data ); };
+static void
+ndb_thread_hfree( void *key, void *data )
+{
+	Ndb *ndb = (Ndb *)data;
+	delete ndb;
+}
+
+extern "C" int
+ndb_thread_handle(
+	Operation *op,
+	Ndb **ndb )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	void *data;
+
+	if ( ldap_pvt_thread_pool_getkey( op->o_threadctx, ni, &data, NULL )) {
+		Ndb *myNdb;
+		int rc;
+		ldap_pvt_thread_mutex_lock( &ni->ni_conn_mutex );
+		myNdb = new Ndb( ni->ni_cluster[ni->ni_nextconn++], ni->ni_dbname );
+		if ( ni->ni_nextconn >= ni->ni_nconns )
+			ni->ni_nextconn = 0;
+		ldap_pvt_thread_mutex_unlock( &ni->ni_conn_mutex );
+		if ( !myNdb ) {
+			return LDAP_OTHER;
+		}
+		rc = myNdb->init(1024);
+		if ( rc ) {
+			delete myNdb;
+			Debug( LDAP_DEBUG_ANY, "ndb_thread_handle: err %d\n",
+				rc, 0, 0 );
+			return rc;
+		}
+		data = (void *)myNdb;
+		if (( rc = ldap_pvt_thread_pool_setkey( op->o_threadctx, ni,
+			data, ndb_thread_hfree, NULL, NULL ))) {
+			delete myNdb;
+			Debug( LDAP_DEBUG_ANY, "ndb_thread_handle: err %d\n",
+				rc, 0, 0 );
+			return rc;
+		}
+	}
+	*ndb = (Ndb *)data;
+	return 0;
+}
+
+extern "C" int
+ndb_entry_get(
+	Operation *op,
+	struct berval *ndn,
+	ObjectClass *oc,
+	AttributeDescription *ad,
+	int rw,
+	Entry **ent )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	NdbArgs NA;
+	Entry e = {0};
+	int rc;
+
+	/* Get our NDB handle */
+	rc = ndb_thread_handle( op, &NA.ndb );
+
+	NA.txn = NA.ndb->startTransaction();
+	if( !NA.txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_entry_get) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		return 1;
+	}
+
+	e.e_name = *ndn;
+	NA.e = &e;
+	/* get entry */
+	{
+		NdbRdns rdns;
+		rdns.nr_num = 0;
+		NA.ocs = NULL;
+		NA.rdns = &rdns;
+		rc = ndb_entry_get_info( op, &NA, rw, NULL );
+	}
+	if ( rc == 0 ) {
+		e.e_name = *ndn;
+		e.e_nname = *ndn;
+		rc = ndb_entry_get_data( op, &NA, 0 );
+		ber_bvarray_free( NA.ocs );
+		if ( rc == 0 ) {
+			if ( oc && !is_entry_objectclass_or_sub( &e, oc )) {
+				attrs_free( e.e_attrs );
+				rc = 1;
+			}
+		}
+	}
+	if ( rc == 0 ) {
+		*ent = entry_alloc();
+		**ent = e;
+		ber_dupbv( &(*ent)->e_name, ndn );
+		ber_dupbv( &(*ent)->e_nname, ndn );
+	} else {
+		rc = 1;
+	}
+	NA.txn->close();
+	return rc;
+}
+
+/* Congestion avoidance code
+ * for Deadlock Rollback
+ */
+
+extern "C" void
+ndb_trans_backoff( int num_retries )
+{
+	int i;
+	int delay = 0;
+	int pow_retries = 1;
+	unsigned long key = 0;
+	unsigned long max_key = -1;
+	struct timeval timeout;
+
+	lutil_entropy( (unsigned char *) &key, sizeof( unsigned long ));
+
+	for ( i = 0; i < num_retries; i++ ) {
+		if ( i >= 5 ) break;
+		pow_retries *= 4;
+	}
+
+	delay = 16384 * (key * (double) pow_retries / (double) max_key);
+	delay = delay ? delay : 1;
+
+	Debug( LDAP_DEBUG_TRACE,  "delay = %d, num_retries = %d\n", delay, num_retries, 0 );
+
+	timeout.tv_sec = delay / 1000000;
+	timeout.tv_usec = delay % 1000000;
+	select( 0, NULL, NULL, NULL, &timeout );
+}
+
+extern "C" void
+ndb_check_referral( Operation *op, SlapReply *rs, NdbArgs *NA )
+{
+	struct berval dn, ndn;
+	int i, dif;
+	dif = NA->erdns - NA->rdns->nr_num;
+
+	/* Set full DN of matched into entry */
+	for ( i=0; i<dif; i++ ) {
+		dnParent( &NA->e->e_name, &dn );
+		dnParent( &NA->e->e_nname, &ndn );
+		NA->e->e_name = dn;
+		NA->e->e_nname = ndn;
+	}
+
+	/* return referral only if "disclose" is granted on the object */
+	if ( access_allowed( op, NA->e, slap_schema.si_ad_entry,
+		NULL, ACL_DISCLOSE, NULL )) {
+		Attribute a;
+		for ( i=0; !BER_BVISNULL( &NA->ocs[i] ); i++ );
+		a.a_numvals = i;
+		a.a_desc = slap_schema.si_ad_objectClass;
+		a.a_vals = NA->ocs;
+		a.a_nvals = NA->ocs;
+		a.a_next = NULL;
+		NA->e->e_attrs = &a;
+		if ( is_entry_referral( NA->e )) {
+			NA->e->e_attrs = NULL;
+			ndb_entry_get_data( op, NA, 0 );
+			rs->sr_ref = get_entry_referrals( op, NA->e );
+			if ( rs->sr_ref ) {
+				rs->sr_err = LDAP_REFERRAL;
+				rs->sr_flags |= REP_REF_MUSTBEFREED;
+			}
+			attrs_free( NA->e->e_attrs );
+		}
+		NA->e->e_attrs = NULL;
+	}
+}

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/proto-ndb.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/proto-ndb.h	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/proto-ndb.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,166 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/proto-ndb.h,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#ifndef _PROTO_NDB_H
+#define _PROTO_NDB_H
+
+LDAP_BEGIN_DECL
+
+extern BI_init		ndb_back_initialize;
+
+extern BI_open		ndb_back_open;
+extern BI_close		ndb_back_close;
+extern BI_destroy	ndb_back_destroy;
+
+extern BI_db_init	ndb_back_db_init;
+extern BI_db_destroy	ndb_back_db_destroy;
+
+extern BI_op_bind	ndb_back_bind;
+extern BI_op_unbind	ndb_back_unbind;
+extern BI_op_search	ndb_back_search;
+extern BI_op_compare	ndb_back_compare;
+extern BI_op_modify	ndb_back_modify;
+extern BI_op_modrdn	ndb_back_modrdn;
+extern BI_op_add	ndb_back_add;
+extern BI_op_delete	ndb_back_delete;
+
+extern BI_operational	ndb_operational;
+extern BI_has_subordinates	ndb_has_subordinates;
+extern BI_entry_get_rw	ndb_entry_get;
+
+extern BI_tool_entry_open	ndb_tool_entry_open;
+extern BI_tool_entry_close	ndb_tool_entry_close;
+extern BI_tool_entry_first	ndb_tool_entry_first;
+extern BI_tool_entry_next	ndb_tool_entry_next;
+extern BI_tool_entry_get	ndb_tool_entry_get;
+extern BI_tool_entry_put	ndb_tool_entry_put;
+extern BI_tool_dn2id_get	ndb_tool_dn2id_get;
+
+extern int ndb_modify_internal(
+	Operation *op,
+	NdbArgs *NA,
+	const char **text,
+	char *textbuf,
+	size_t textlen );
+
+extern int
+ndb_entry_get_data(
+	Operation *op,
+	NdbArgs *args,
+	int update );
+
+extern int
+ndb_entry_put_data(
+	BackendDB *be,
+	NdbArgs *args );
+
+extern int
+ndb_entry_del_data(
+	BackendDB *be,
+	NdbArgs *args );
+
+extern int
+ndb_entry_put_info(
+	BackendDB *be,
+	NdbArgs *args,
+	int update );
+
+extern int
+ndb_entry_get_info(
+	Operation *op,
+	NdbArgs *args,
+	int update,
+	struct berval *matched );
+
+extern "C" int
+ndb_entry_del_info(
+	BackendDB *be,
+	NdbArgs *args );
+
+extern int
+ndb_dn2rdns(
+	struct berval *dn,
+	NdbRdns *buf );
+
+extern NdbAttrInfo *
+ndb_ai_find( struct ndb_info *ni, AttributeType *at );
+
+extern NdbAttrInfo *
+ndb_ai_get( struct ndb_info *ni, struct berval *at );
+
+extern int
+ndb_aset_get( struct ndb_info *ni, struct berval *sname, struct berval *attrs, NdbOcInfo **ret );
+
+extern int
+ndb_aset_create( struct ndb_info *ni, NdbOcInfo *oci );
+
+extern int
+ndb_oc_read( struct ndb_info *ni, const NdbDictionary::Dictionary *dict );
+
+extern int
+ndb_oc_attrs(
+	NdbTransaction *txn,
+	const NdbDictionary::Table *myTable,
+	Entry *e,
+	NdbOcInfo *no,
+	NdbAttrInfo **attrs,
+	int nattrs,
+	Attribute *old );
+
+extern int
+ndb_has_children(
+	NdbArgs *NA,
+	int *hasChildren );
+
+extern struct berval *
+ndb_str2bvarray(
+	char *str,
+	int len,
+	char delim,
+	void *ctx );
+
+extern struct berval *
+ndb_ref2oclist(
+	const char *ref,
+	void *ctx );
+
+extern int
+ndb_next_id(
+	BackendDB *be,
+	Ndb *ndb,
+	ID *id );
+
+extern int
+ndb_thread_handle(
+	Operation *op,
+	Ndb **ndb );
+
+extern int
+ndb_back_init_cf(
+	BackendInfo *bi );
+
+extern "C" void
+ndb_trans_backoff( int num_retries );
+
+extern "C" void
+ndb_check_referral( Operation *op, SlapReply *rs, NdbArgs *NA );
+
+LDAP_END_DECL
+
+#endif /* _PROTO_NDB_H */

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/search.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,844 @@
+/* search.cpp - tools for slap tools */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/search.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/errno.h>
+
+#include "lutil.h"
+
+#include "back-ndb.h"
+
+static int
+ndb_dn2bound(
+	NdbIndexScanOperation *myop,
+	NdbRdns *rdns
+)
+{
+	unsigned int i;
+
+	/* Walk thru RDNs */
+	for ( i=0; i<rdns->nr_num; i++ ) {
+		/* Note: RDN_COLUMN offset not needed here */
+		if ( myop->setBound( i, NdbIndexScanOperation::BoundEQ, rdns->nr_buf[i] ))
+			return LDAP_OTHER;
+	}
+	return i;
+}
+
+/* Check that all filter terms reside in the same table.
+ *
+ * If any of the filter terms are indexed, then only an IndexScan of the OL_index
+ * will be performed. If none are indexed, but all the terms reside in a single
+ * table, a Scan can be performed with the LDAP filter transformed into a ScanFilter.
+ *
+ * Otherwise, a full scan of the DB must be done with all filtering done by slapd.
+ */
+static int ndb_filter_check( struct ndb_info *ni, Filter *f,
+	NdbOcInfo **oci, int *indexed, int *ocfilter )
+{
+	AttributeDescription *ad = NULL;
+	ber_tag_t choice = f->f_choice;
+	int rc = 0, undef = 0;
+
+	if ( choice & SLAPD_FILTER_UNDEFINED ) {
+		choice &= SLAPD_FILTER_MASK;
+		undef = 1;
+	}
+	switch( choice ) {
+	case LDAP_FILTER_AND:
+	case LDAP_FILTER_OR:
+	case LDAP_FILTER_NOT:
+		for ( f = f->f_list; f; f=f->f_next ) {
+			rc = ndb_filter_check( ni, f, oci, indexed, ocfilter );
+			if ( rc ) return rc;
+		}
+		break;
+	case LDAP_FILTER_PRESENT:
+		ad = f->f_desc;
+		break;
+	case LDAP_FILTER_EQUALITY:
+	case LDAP_FILTER_SUBSTRINGS:
+	case LDAP_FILTER_GE:
+	case LDAP_FILTER_LE:
+	case LDAP_FILTER_APPROX:
+		ad = f->f_av_desc;
+		break;
+	default:
+		break;
+	}
+	if ( ad && !undef ) {
+		NdbAttrInfo *ai;
+		/* ObjectClass filtering is in dn2id table */
+		if ( ad == slap_schema.si_ad_objectClass ) {
+			if ( choice == LDAP_FILTER_EQUALITY )
+				(*ocfilter)++;
+			return 0;
+		}
+		ai = ndb_ai_find( ni, ad->ad_type );
+		if ( ai ) {
+			if ( ai->na_flag & NDB_INFO_INDEX )
+				(*indexed)++;
+			if ( *oci ) {
+				if ( ai->na_oi != *oci )
+					rc = -1;
+			} else {
+				*oci = ai->na_oi;
+			}
+		}
+	}
+	return rc;
+}
+
+static int ndb_filter_set( Operation *op, struct ndb_info *ni, Filter *f, int indexed,
+	NdbIndexScanOperation *scan, NdbScanFilter *sf, int *bounds )
+{
+	AttributeDescription *ad = NULL;
+	ber_tag_t choice = f->f_choice;
+	int undef = 0;
+
+	if ( choice & SLAPD_FILTER_UNDEFINED ) {
+		choice &= SLAPD_FILTER_MASK;
+		undef = 1;
+	}
+	switch( choice ) {
+	case LDAP_FILTER_NOT:
+		/* no indexing for these */
+		break;
+	case LDAP_FILTER_OR:
+		/* FIXME: these bounds aren't right. */
+		if ( indexed ) {
+			scan->end_of_bound( (*bounds)++ );
+		}
+	case LDAP_FILTER_AND:
+		if ( sf ) {
+			sf->begin( choice == LDAP_FILTER_OR ? NdbScanFilter::OR : NdbScanFilter::AND );
+		}
+		for ( f = f->f_list; f; f=f->f_next ) {
+			if ( ndb_filter_set( op, ni, f, indexed, scan, sf, bounds ))
+				return -1;
+		}
+		if ( sf ) {
+			sf->end();
+		}
+		break;
+	case LDAP_FILTER_PRESENT:
+		ad = f->f_desc;
+		break;
+	case LDAP_FILTER_EQUALITY:
+	case LDAP_FILTER_SUBSTRINGS:
+	case LDAP_FILTER_GE:
+	case LDAP_FILTER_LE:
+	case LDAP_FILTER_APPROX:
+		ad = f->f_av_desc;
+		break;
+	default:
+		break;
+	}
+	if ( ad && !undef ) {
+		NdbAttrInfo *ai;
+		/* ObjectClass filtering is in dn2id table */
+		if ( ad == slap_schema.si_ad_objectClass ) {
+			return 0;
+		}
+		ai = ndb_ai_find( ni, ad->ad_type );
+		if ( ai ) {
+			int rc;
+			if ( ai->na_flag & NDB_INFO_INDEX ) {
+				char *buf, *ptr;
+				NdbIndexScanOperation::BoundType bt;
+
+				switch(choice) {
+				case LDAP_FILTER_PRESENT:
+					rc = scan->setBound( ai->na_ixcol - IDX_COLUMN,
+						NdbIndexScanOperation::BoundGT, NULL );
+					break;
+				case LDAP_FILTER_EQUALITY:
+				case LDAP_FILTER_APPROX:
+					bt = NdbIndexScanOperation::BoundEQ;
+					goto setit;
+				case LDAP_FILTER_GE:
+					bt = NdbIndexScanOperation::BoundGE;
+					goto setit;
+				case LDAP_FILTER_LE:
+					bt = NdbIndexScanOperation::BoundLE;
+				setit:
+					rc = f->f_av_value.bv_len+1;
+					if ( ai->na_len > 255 )
+						rc++;
+					buf = (char *)op->o_tmpalloc( rc, op->o_tmpmemctx );
+					rc = f->f_av_value.bv_len;
+					buf[0] = rc & 0xff;
+					ptr = buf+1;
+					if ( ai->na_len > 255 ) {
+						buf[1] = (rc >> 8);
+						ptr++;
+					}
+					memcpy( ptr, f->f_av_value.bv_val, f->f_av_value.bv_len );
+					rc = scan->setBound( ai->na_ixcol - IDX_COLUMN, bt, buf );
+					op->o_tmpfree( buf, op->o_tmpmemctx );
+					break;
+				default:
+					break;
+				}
+			} else if ( sf ) {
+				char *buf, *ptr;
+				NdbScanFilter::BinaryCondition bc;
+
+				switch(choice) {
+				case LDAP_FILTER_PRESENT:
+					rc = sf->isnotnull( ai->na_column );
+					break;
+				case LDAP_FILTER_EQUALITY:
+				case LDAP_FILTER_APPROX:
+					bc = NdbScanFilter::COND_EQ;
+					goto setf;
+				case LDAP_FILTER_GE:
+					bc = NdbScanFilter::COND_GE;
+					goto setf;
+				case LDAP_FILTER_LE:
+					bc = NdbScanFilter::COND_LE;
+				setf:
+					rc = sf->cmp( bc, ai->na_column, f->f_av_value.bv_val, f->f_av_value.bv_len );
+					break;
+				case LDAP_FILTER_SUBSTRINGS:
+					rc = 0;
+					if ( f->f_sub_initial.bv_val )
+						rc += f->f_sub_initial.bv_len + 1;
+					if ( f->f_sub_any ) {
+						int i;
+						if ( !rc ) rc++;
+						for (i=0; f->f_sub_any[i].bv_val; i++)
+							rc += f->f_sub_any[i].bv_len + 1;
+					}
+					if ( f->f_sub_final.bv_val ) {
+						if ( !rc ) rc++;
+						rc += f->f_sub_final.bv_len;
+					}
+					buf = (char *)op->o_tmpalloc( rc+1, op->o_tmpmemctx );
+					ptr = buf;
+					if ( f->f_sub_initial.bv_val ) {
+						memcpy( ptr, f->f_sub_initial.bv_val, f->f_sub_initial.bv_len );
+						ptr += f->f_sub_initial.bv_len;
+						*ptr++ = '%';
+					}
+					if ( f->f_sub_any ) {
+						int i;
+						if ( ptr == buf )
+							*ptr++ = '%';
+						for (i=0; f->f_sub_any[i].bv_val; i++) {
+							memcpy( ptr, f->f_sub_any[i].bv_val, f->f_sub_any[i].bv_len );
+							ptr += f->f_sub_any[i].bv_len;
+							*ptr++ = '%';
+						}
+					}
+					if ( f->f_sub_final.bv_val ) {
+						if ( ptr == buf )
+							*ptr++ = '%';
+						memcpy( ptr, f->f_sub_final.bv_val, f->f_sub_final.bv_len );
+						ptr += f->f_sub_final.bv_len;
+					}
+					*ptr = '\0';
+					rc = sf->cmp( NdbScanFilter::COND_LIKE, ai->na_column, buf, ptr - buf );
+					op->o_tmpfree( buf, op->o_tmpmemctx );
+					break;
+				}
+			}
+		}
+	}
+	return 0;
+}
+
+static int ndb_oc_search( Operation *op, SlapReply *rs, Ndb *ndb, NdbTransaction *txn,
+	NdbRdns *rbase, NdbOcInfo *oci, int indexed )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	const NdbDictionary::Dictionary *myDict = ndb->getDictionary();
+	const NdbDictionary::Table *myTable;
+	const NdbDictionary::Index *myIndex;
+	NdbIndexScanOperation *scan;
+	NdbIndexOperation *ixop;
+	NdbScanFilter *sf = NULL;
+	struct berval *ocs;
+	NdbRecAttr *scanID, *scanOC, *scanDN[NDB_MAX_RDNS];
+	char dnBuf[2048], *ptr;
+	NdbRdns rdns;
+	NdbArgs NA;
+	char idbuf[2*sizeof(ID)];
+	char ocbuf[NDB_OC_BUFLEN];
+	int i, rc, bounds;
+	Entry e = {0};
+	Uint64 eid;
+	time_t stoptime;
+	int manageDSAit;
+
+	stoptime = op->o_time + op->ors_tlimit;
+	manageDSAit = get_manageDSAit( op );
+
+	myTable = myDict->getTable( oci->no_table.bv_val );
+	if ( indexed ) { 
+		scan = txn->getNdbIndexScanOperation( INDEX_NAME, DN2ID_TABLE );
+		if ( !scan )
+			return LDAP_OTHER;
+		scan->readTuples( NdbOperation::LM_CommittedRead );
+	} else {
+		myIndex = myDict->getIndex( "eid$unique", DN2ID_TABLE );
+		if ( !myIndex ) {
+			Debug( LDAP_DEBUG_ANY, DN2ID_TABLE " eid index is missing!\n", 0, 0, 0 );
+			rs->sr_err = LDAP_OTHER;
+			goto leave;
+		}
+		scan = (NdbIndexScanOperation *)txn->getNdbScanOperation( myTable );
+		if ( !scan )
+			return LDAP_OTHER;
+		scan->readTuples( NdbOperation::LM_CommittedRead );
+#if 1
+		sf = new NdbScanFilter(scan);
+		if ( !sf )
+			return LDAP_OTHER;
+		switch ( op->ors_filter->f_choice ) {
+		case LDAP_FILTER_AND:
+		case LDAP_FILTER_OR:
+		case LDAP_FILTER_NOT:
+			break;
+		default:
+			if ( sf->begin() < 0 ) {
+				rc = LDAP_OTHER;
+				goto leave;
+			}
+		}
+#endif
+	}
+
+	bounds = 0;
+	rc = ndb_filter_set( op, ni, op->ors_filter, indexed, scan, sf, &bounds );
+	if ( rc )
+		goto leave;
+	if ( sf ) sf->end();
+	
+	scanID = scan->getValue( EID_COLUMN, idbuf );
+	if ( indexed ) {
+		scanOC = scan->getValue( OCS_COLUMN, ocbuf );
+		for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+			rdns.nr_buf[i][0] = '\0';
+			scanDN[i] = scan->getValue( RDN_COLUMN+i, rdns.nr_buf[i] );
+		}
+	}
+
+	if ( txn->execute( NdbTransaction::NoCommit, NdbOperation::AbortOnError, 1 )) {
+		rs->sr_err = LDAP_OTHER;
+		goto leave;
+	}
+
+	e.e_name.bv_val = dnBuf;
+	NA.e = &e;
+	NA.ndb = ndb;
+	while ( scan->nextResult( true, true ) == 0 ) {
+		NdbTransaction *tx2;
+		if ( op->o_abandon ) {
+			rs->sr_err = SLAPD_ABANDON;
+			break;
+		}
+		if ( slapd_shutdown ) {
+			rs->sr_err = LDAP_UNAVAILABLE;
+			break;
+		}
+		if ( op->ors_tlimit != SLAP_NO_LIMIT &&
+			slap_get_time() > stoptime ) {
+			rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+			break;
+		}
+
+		eid = scanID->u_64_value();
+		e.e_id = eid;
+		if ( !indexed ) {
+			tx2 = ndb->startTransaction( myTable );
+			if ( !tx2 ) {
+				rs->sr_err = LDAP_OTHER;
+				goto leave;
+			}
+
+			ixop = tx2->getNdbIndexOperation( myIndex );
+			if ( !ixop ) {
+				tx2->close();
+				rs->sr_err = LDAP_OTHER;
+				goto leave;
+			}
+			ixop->readTuple( NdbOperation::LM_CommittedRead );
+			ixop->equal( EID_COLUMN, eid );
+
+			scanOC = ixop->getValue( OCS_COLUMN, ocbuf );
+			for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+				rdns.nr_buf[i][0] = '\0';
+				scanDN[i] = ixop->getValue( RDN_COLUMN+i, rdns.nr_buf[i] );
+			}
+			rc = tx2->execute( NdbTransaction::Commit, NdbOperation::AbortOnError, 1 );
+			tx2->close();
+			if ( rc ) {
+				rs->sr_err = LDAP_OTHER;
+				goto leave;
+			}
+		}
+
+		ocs = ndb_ref2oclist( ocbuf, op->o_tmpmemctx );
+		for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+			if ( scanDN[i]->isNULL() || !rdns.nr_buf[i][0] )
+				break;
+		}
+		rdns.nr_num = i;
+
+		/* entry must be subordinate to the base */
+		if ( i < rbase->nr_num ) {
+			continue;
+		}
+
+		ptr = dnBuf;
+		for ( --i; i>=0; i-- ) {
+			char *buf;
+			int len;
+			buf = rdns.nr_buf[i];
+			len = *buf++;
+			ptr = lutil_strncopy( ptr, buf, len );
+			if ( i ) *ptr++ = ',';
+		}
+		*ptr = '\0';
+		e.e_name.bv_len = ptr - dnBuf;
+
+		/* More scope checks */
+		/* If indexed, these can be moved into the ScanFilter */
+		switch( op->ors_scope ) {
+		case LDAP_SCOPE_ONELEVEL:
+			if ( rdns.nr_num != rbase->nr_num+1 )
+				continue;
+		case LDAP_SCOPE_SUBORDINATE:
+			if ( rdns.nr_num == rbase->nr_num )
+				continue;
+		case LDAP_SCOPE_SUBTREE:
+		default:
+			if ( e.e_name.bv_len <= op->o_req_dn.bv_len ) {
+				if ( op->ors_scope != LDAP_SCOPE_SUBTREE ||
+					strcasecmp( op->o_req_dn.bv_val, e.e_name.bv_val ))
+					continue;
+			} else if ( strcasecmp( op->o_req_dn.bv_val, e.e_name.bv_val +
+				e.e_name.bv_len - op->o_req_dn.bv_len ))
+				continue;
+		}
+
+		dnNormalize( 0, NULL, NULL, &e.e_name, &e.e_nname, op->o_tmpmemctx );
+		{
+#ifdef notdef		/* NDBapi is broken here */
+			Ndb::Key_part_ptr keys[2];
+			char xbuf[32];
+			keys[0].ptr = &eid;
+			keys[0].len = sizeof(eid);
+			keys[1].ptr = NULL;
+			keys[1].len = 0;
+			tx2 = ndb->startTransaction( myTable, keys, xbuf, sizeof(xbuf));
+#else
+			tx2 = ndb->startTransaction( myTable );
+#endif
+			if ( !tx2 ) {
+				rs->sr_err = LDAP_OTHER;
+				goto leave;
+			}
+			NA.txn = tx2;
+			NA.ocs = ocs;
+			rc = ndb_entry_get_data( op, &NA, 0 );
+			tx2->close();
+		}
+		ber_bvarray_free_x( ocs, op->o_tmpmemctx );
+		if ( !manageDSAit && is_entry_referral( &e )) {
+			BerVarray erefs = get_entry_referrals( op, &e );
+			rs->sr_ref = referral_rewrite( erefs, &e.e_name, NULL,
+				op->ors_scope == LDAP_SCOPE_ONELEVEL ?
+					LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
+			rc = send_search_reference( op, rs );
+			ber_bvarray_free( rs->sr_ref );
+			ber_bvarray_free( erefs );
+			rs->sr_ref = NULL;
+		} else if ( manageDSAit || !is_entry_glue( &e )) {
+			rc = test_filter( op, &e, op->ors_filter );
+			if ( rc == LDAP_COMPARE_TRUE ) {
+				rs->sr_entry = &e;
+				rs->sr_attrs = op->ors_attrs;
+				rs->sr_flags = 0;
+				rc = send_search_entry( op, rs );
+				rs->sr_entry = NULL;
+			} else {
+				rc = 0;
+			}
+		}
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+		op->o_tmpfree( e.e_nname.bv_val, op->o_tmpmemctx );
+		if ( rc ) break;
+	}
+leave:
+	if ( sf ) delete sf;
+	return rc;
+}
+
+extern "C"
+int ndb_back_search( Operation *op, SlapReply *rs )
+{
+	struct ndb_info *ni = (struct ndb_info *) op->o_bd->be_private;
+	NdbTransaction *txn;
+	NdbIndexScanOperation *scan;
+	NdbScanFilter *sf = NULL;
+	Entry e = {0};
+	int rc, i, ocfilter, indexed;
+	struct berval matched;
+	NdbRecAttr *scanID, *scanOC, *scanDN[NDB_MAX_RDNS];
+	char dnBuf[2048], *ptr;
+	char idbuf[2*sizeof(ID)];
+	char ocbuf[NDB_OC_BUFLEN];
+	NdbRdns rdns;
+	NdbOcInfo *oci;
+	NdbArgs NA;
+	slap_mask_t mask;
+	time_t stoptime;
+	int manageDSAit;
+
+	rc = ndb_thread_handle( op, &NA.ndb );
+	rdns.nr_num = 0;
+
+	manageDSAit = get_manageDSAit( op );
+
+	txn = NA.ndb->startTransaction();
+	if ( !txn ) {
+		Debug( LDAP_DEBUG_TRACE,
+			LDAP_XSTRING(ndb_back_search) ": startTransaction failed: %s (%d)\n",
+			NA.ndb->getNdbError().message, NA.ndb->getNdbError().code, 0 );
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+		goto leave;
+	}
+
+	NA.txn = txn;
+	e.e_name = op->o_req_dn;
+	e.e_nname = op->o_req_ndn;
+	NA.e = &e;
+	NA.rdns = &rdns;
+	NA.ocs = NULL;
+
+	rs->sr_err = ndb_entry_get_info( op, &NA, 0, &matched );
+	if ( rs->sr_err ) {
+		if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
+			rs->sr_matched = matched.bv_val;
+			if ( NA.ocs )
+				ndb_check_referral( op, rs, &NA );
+		}
+		goto leave;
+	}
+
+	if ( !access_allowed_mask( op, &e, slap_schema.si_ad_entry,
+		NULL, ACL_SEARCH, NULL, &mask )) {
+		if ( !ACL_GRANT( mask, ACL_DISCLOSE ))
+			rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		else
+			rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		goto leave;
+	}
+
+	rs->sr_err = ndb_entry_get_data( op, &NA, 0 );
+	ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+	if ( rs->sr_err )
+		goto leave;
+
+	if ( !manageDSAit && is_entry_referral( &e )) {
+		rs->sr_ref = get_entry_referrals( op, &e );
+		rs->sr_err = LDAP_REFERRAL;
+		if ( rs->sr_ref )
+			rs->sr_flags |= REP_REF_MUSTBEFREED;
+		rs->sr_matched = e.e_name.bv_val;
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+		goto leave;
+	}
+
+	if ( !manageDSAit && is_entry_glue( &e )) {
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		goto leave;
+	}
+
+	if ( get_assert( op ) && test_filter( op, &e, (Filter *)get_assertion( op )) !=
+		LDAP_COMPARE_TRUE ) {
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+		goto leave;
+	}
+
+	/* admin ignores tlimits */
+	stoptime = op->o_time + op->ors_tlimit;
+
+	if ( op->ors_scope == LDAP_SCOPE_BASE ) {
+		rc = test_filter( op, &e, op->ors_filter );
+		if ( rc == LDAP_COMPARE_TRUE ) {
+			rs->sr_entry = &e;
+			rs->sr_attrs = op->ors_attrs;
+			rs->sr_flags = 0;
+			send_search_entry( op, rs );
+			rs->sr_entry = NULL;
+		}
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+		rs->sr_err = LDAP_SUCCESS;
+		goto leave;
+	} else {
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+		if ( rdns.nr_num == NDB_MAX_RDNS ) {
+			if ( op->ors_scope == LDAP_SCOPE_ONELEVEL ||
+				op->ors_scope == LDAP_SCOPE_CHILDREN )
+			rs->sr_err = LDAP_SUCCESS;
+			goto leave;
+		}
+	}
+
+	/* See if we can handle the filter. Filtering on objectClass is only done
+	 * in the DN2ID table scan. If all other filter terms reside in one table,
+	 * then we scan the OC table instead of the DN2ID table.
+	 */
+	oci = NULL;
+	indexed = 0;
+	ocfilter = 0;
+	rc = ndb_filter_check( ni, op->ors_filter, &oci, &indexed, &ocfilter );
+	if ( rc ) {
+		Debug( LDAP_DEBUG_TRACE, "ndb_back_search: "
+			"filter attributes from multiple tables, indexing ignored\n",
+			0, 0, 0 );
+	} else if ( oci ) {
+		rc = ndb_oc_search( op, rs, NA.ndb, txn, &rdns, oci, indexed );
+		goto leave;
+	}
+
+	scan = txn->getNdbIndexScanOperation( "PRIMARY", DN2ID_TABLE );
+	scan->readTuples( NdbOperation::LM_CommittedRead );
+	rc = ndb_dn2bound( scan, &rdns );
+
+	/* TODO: if ( ocfilter ) set up scanfilter for objectclass matches
+	 * column COND_LIKE "% <class> %"
+	 */
+
+	switch( op->ors_scope ) {
+	case LDAP_SCOPE_ONELEVEL:
+		sf = new NdbScanFilter(scan);
+		if ( sf->begin() < 0 ||
+			sf->cmp(NdbScanFilter::COND_NOT_LIKE, rc+3, "_%",
+				STRLENOF("_%")) < 0 ||
+			sf->end() < 0 ) {
+			rs->sr_err = LDAP_OTHER;
+			goto leave;
+		}
+		/* FALLTHRU */
+	case LDAP_SCOPE_CHILDREN:
+		/* Note: RDN_COLUMN offset not needed here */
+		scan->setBound( rc, NdbIndexScanOperation::BoundLT, "\0" );
+		/* FALLTHRU */
+	case LDAP_SCOPE_SUBTREE:
+		break;
+	}
+	scanID = scan->getValue( EID_COLUMN, idbuf );
+	scanOC = scan->getValue( OCS_COLUMN, ocbuf );
+	for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+		rdns.nr_buf[i][0] = '\0';
+		scanDN[i] = scan->getValue( RDN_COLUMN+i, rdns.nr_buf[i] );
+	}
+	if ( txn->execute( NdbTransaction::NoCommit, NdbOperation::AbortOnError, 1 )) {
+		rs->sr_err = LDAP_OTHER;
+		goto leave;
+	}
+
+	e.e_name.bv_val = dnBuf;
+	while ( scan->nextResult( true, true ) == 0 ) {
+		if ( op->o_abandon ) {
+			rs->sr_err = SLAPD_ABANDON;
+			break;
+		}
+		if ( slapd_shutdown ) {
+			rs->sr_err = LDAP_UNAVAILABLE;
+			break;
+		}
+		if ( op->ors_tlimit != SLAP_NO_LIMIT &&
+			slap_get_time() > stoptime ) {
+			rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
+			break;
+		}
+		e.e_id = scanID->u_64_value();
+		NA.ocs = ndb_ref2oclist( ocbuf, op->o_tmpmemctx );
+		for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+			if ( scanDN[i]->isNULL() || !rdns.nr_buf[i][0] )
+				break;
+		}
+		ptr = dnBuf;
+		rdns.nr_num = i;
+		for ( --i; i>=0; i-- ) {
+			char *buf;
+			int len;
+			buf = rdns.nr_buf[i];
+			len = *buf++;
+			ptr = lutil_strncopy( ptr, buf, len );
+			if ( i ) *ptr++ = ',';
+		}
+		*ptr = '\0';
+		e.e_name.bv_len = ptr - dnBuf;
+		dnNormalize( 0, NULL, NULL, &e.e_name, &e.e_nname, op->o_tmpmemctx );
+		NA.txn = NA.ndb->startTransaction();
+		rc = ndb_entry_get_data( op, &NA, 0 );
+		NA.txn->close();
+		ber_bvarray_free_x( NA.ocs, op->o_tmpmemctx );
+		if ( !manageDSAit && is_entry_referral( &e )) {
+			BerVarray erefs = get_entry_referrals( op, &e );
+			rs->sr_ref = referral_rewrite( erefs, &e.e_name, NULL,
+				op->ors_scope == LDAP_SCOPE_ONELEVEL ?
+					LDAP_SCOPE_BASE : LDAP_SCOPE_SUBTREE );
+			rc = send_search_reference( op, rs );
+			ber_bvarray_free( rs->sr_ref );
+			ber_bvarray_free( erefs );
+			rs->sr_ref = NULL;
+		} else if ( manageDSAit || !is_entry_glue( &e )) {
+			rc = test_filter( op, &e, op->ors_filter );
+			if ( rc == LDAP_COMPARE_TRUE ) {
+				rs->sr_entry = &e;
+				rs->sr_attrs = op->ors_attrs;
+				rs->sr_flags = 0;
+				rc = send_search_entry( op, rs );
+				rs->sr_entry = NULL;
+			} else {
+				rc = 0;
+			}
+		}
+		attrs_free( e.e_attrs );
+		e.e_attrs = NULL;
+		op->o_tmpfree( e.e_nname.bv_val, op->o_tmpmemctx );
+		if ( rc ) break;
+	}
+leave:
+	if ( sf )
+		delete sf;
+	if ( txn )
+		txn->close();
+	send_ldap_result( op, rs );
+	return rs->sr_err;
+}
+
+extern NdbInterpretedCode *ndb_lastrow_code;	/* init.cpp */
+
+extern "C" int
+ndb_has_children(
+	NdbArgs *NA,
+	int *hasChildren
+)
+{
+	NdbIndexScanOperation *scan;
+	char idbuf[2*sizeof(ID)];
+	int rc;
+
+	if ( NA->rdns->nr_num >= NDB_MAX_RDNS ) {
+		*hasChildren = LDAP_COMPARE_FALSE;
+		return 0;
+	}
+
+	scan = NA->txn->getNdbIndexScanOperation( "PRIMARY", DN2ID_TABLE );
+	if ( !scan )
+		return LDAP_OTHER;
+	scan->readTuples( NdbOperation::LM_Read, 0U, 0U, 1U );
+	rc = ndb_dn2bound( scan, NA->rdns );
+	if ( rc < NDB_MAX_RDNS ) {
+		scan->setBound( rc, NdbIndexScanOperation::BoundLT, "\0" );
+	}
+#if 0
+	scan->interpret_exit_last_row();
+#else
+	scan->setInterpretedCode(ndb_lastrow_code);
+#endif
+	scan->getValue( EID_COLUMN, idbuf );
+	if ( NA->txn->execute( NdbTransaction::NoCommit, NdbOperation::AO_IgnoreError, 1 )) {
+		return LDAP_OTHER;
+	}
+	if (rc < NDB_MAX_RDNS && scan->nextResult( true, true ) == 0 )
+		*hasChildren = LDAP_COMPARE_TRUE;
+	else
+		*hasChildren = LDAP_COMPARE_FALSE;
+	scan->close();
+	return 0;
+}
+
+extern "C" int
+ndb_has_subordinates(
+	Operation *op,
+	Entry *e,
+	int *hasSubordinates )
+{
+	NdbArgs NA;
+	NdbRdns rdns;
+	int rc;
+
+	NA.rdns = &rdns;
+	rc = ndb_dn2rdns( &e->e_nname, &rdns );
+
+	if ( rc == 0 ) {
+		rc = ndb_thread_handle( op, &NA.ndb );
+		NA.txn = NA.ndb->startTransaction();
+		if ( NA.txn ) {
+			rc = ndb_has_children( &NA, hasSubordinates );
+			NA.txn->close();
+		}
+	}
+
+	return rc;
+}
+
+/*
+ * sets the supported operational attributes (if required)
+ */
+extern "C" int
+ndb_operational(
+	Operation	*op,
+	SlapReply	*rs )
+{
+	Attribute	**ap;
+
+	assert( rs->sr_entry != NULL );
+
+	for ( ap = &rs->sr_operational_attrs; *ap; ap = &(*ap)->a_next )
+		/* just count */ ;
+
+	if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+			ad_inlist( slap_schema.si_ad_hasSubordinates, rs->sr_attrs ) )
+	{
+		int	hasSubordinates, rc;
+
+		rc = ndb_has_subordinates( op, rs->sr_entry, &hasSubordinates );
+		if ( rc == LDAP_SUCCESS ) {
+			*ap = slap_operational_hasSubordinate( hasSubordinates == LDAP_COMPARE_TRUE );
+			assert( *ap != NULL );
+
+			ap = &(*ap)->a_next;
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+

Added: openldap/vendor/openldap-release/servers/slapd/back-ndb/tools.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-ndb/tools.cpp	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/back-ndb/tools.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,544 @@
+/* tools.cpp - tools for slap tools */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-ndb/tools.cpp,v 1.3.2.2 2009/01/22 00:01:09 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2009 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion
+ * in OpenLDAP Software. This work was sponsored by MySQL.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+#include <ac/errno.h>
+
+#include "lutil.h"
+
+#include "back-ndb.h"
+
+typedef struct dn_id {
+	ID id;
+	struct berval dn;
+} dn_id;
+
+#define	HOLE_SIZE	4096
+static dn_id hbuf[HOLE_SIZE], *holes = hbuf;
+static unsigned nhmax = HOLE_SIZE;
+static unsigned nholes;
+static Avlnode *myParents;
+
+static Ndb *myNdb;
+static NdbTransaction *myScanTxn;
+static NdbIndexScanOperation *myScanOp;
+
+static NdbRecAttr *myScanID, *myScanOC;
+static NdbRecAttr *myScanDN[NDB_MAX_RDNS];
+static char myDNbuf[2048];
+static char myIdbuf[2*sizeof(ID)];
+static char myOcbuf[NDB_OC_BUFLEN];
+static NdbRdns myRdns;
+
+static NdbTransaction *myPutTxn;
+static int myPutCnt;
+
+static struct berval *myOcList;
+static struct berval myDn;
+
+extern "C"
+int ndb_tool_entry_open(
+	BackendDB *be, int mode )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+
+	myNdb = new Ndb( ni->ni_cluster[0], ni->ni_dbname );
+	return myNdb->init(1024);
+}
+
+extern "C"
+int ndb_tool_entry_close(
+	BackendDB *be )
+{
+	if ( myPutTxn ) {
+		int rc = myPutTxn->execute(NdbTransaction::Commit);
+		if( rc != 0 ) {
+			char text[1024];
+			snprintf( text, sizeof(text),
+					"txn_commit failed: %s (%d)",
+					myPutTxn->getNdbError().message, myPutTxn->getNdbError().code );
+			Debug( LDAP_DEBUG_ANY,
+				"=> " LDAP_XSTRING(ndb_tool_entry_put) ": %s\n",
+				text, 0, 0 );
+		}
+		myPutTxn->close();
+		myPutTxn = NULL;
+	}
+	myPutCnt = 0;
+
+	if( nholes ) {
+		unsigned i;
+		fprintf( stderr, "Error, entries missing!\n");
+		for (i=0; i<nholes; i++) {
+			fprintf(stderr, "  entry %ld: %s\n",
+				holes[i].id, holes[i].dn.bv_val);
+		}
+		return -1;
+	}
+
+	return 0;
+}
+
+extern "C"
+ID ndb_tool_entry_next(
+	BackendDB *be )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	char *ptr;
+	ID id;
+	int i;
+
+	assert( be != NULL );
+	assert( slapMode & SLAP_TOOL_MODE );
+
+	if ( myScanOp->nextResult() ) {
+		myScanOp->close();
+		myScanOp = NULL;
+		myScanTxn->close();
+		myScanTxn = NULL;
+		return NOID;
+	}
+	id = myScanID->u_64_value();
+
+	if ( myOcList ) {
+		ber_bvarray_free( myOcList );
+	}
+	myOcList = ndb_ref2oclist( myOcbuf, NULL );
+	for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+		if ( myScanDN[i]->isNULL() || !myRdns.nr_buf[i][0] )
+			break;
+	}
+	myRdns.nr_num = i;
+	ptr = myDNbuf;
+	for ( --i; i>=0; i-- ) {
+		char *buf;
+		int len;
+		buf = myRdns.nr_buf[i];
+		len = *buf++;
+		ptr = lutil_strncopy( ptr, buf, len );
+		if ( i )
+			*ptr++ = ',';
+	}
+	*ptr = '\0';
+	myDn.bv_val = myDNbuf;
+	myDn.bv_len = ptr - myDNbuf;
+
+	return id;
+}
+
+extern "C"
+ID ndb_tool_entry_first(
+	BackendDB *be )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	int i;
+
+	myScanTxn = myNdb->startTransaction();
+	if ( !myScanTxn )
+		return NOID;
+
+	myScanOp = myScanTxn->getNdbIndexScanOperation( "PRIMARY", DN2ID_TABLE );
+	if ( !myScanOp )
+		return NOID;
+
+	if ( myScanOp->readTuples( NdbOperation::LM_CommittedRead, NdbScanOperation::SF_KeyInfo ))
+		return NOID;
+
+	myScanID = myScanOp->getValue( EID_COLUMN, myIdbuf );
+	myScanOC = myScanOp->getValue( OCS_COLUMN, myOcbuf );
+	for ( i=0; i<NDB_MAX_RDNS; i++ ) {
+		myScanDN[i] = myScanOp->getValue( i+RDN_COLUMN, myRdns.nr_buf[i] );
+	}
+	if ( myScanTxn->execute( NdbTransaction::NoCommit, NdbOperation::AbortOnError, 1 ))
+		return NOID;
+
+	return ndb_tool_entry_next( be );
+}
+
+extern "C"
+ID ndb_tool_dn2id_get(
+	Backend *be,
+	struct berval *dn
+)
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	NdbArgs NA;
+	NdbRdns rdns;
+	Entry e;
+	char text[1024];
+	Operation op = {0};
+	Opheader ohdr = {0};
+	int rc;
+
+	if ( BER_BVISEMPTY(dn) )
+		return 0;
+
+	NA.ndb = myNdb;
+	NA.txn = myNdb->startTransaction();
+	if ( !NA.txn ) {
+		snprintf( text, sizeof(text),
+			"startTransaction failed: %s (%d)",
+			myNdb->getNdbError().message, myNdb->getNdbError().code );
+		Debug( LDAP_DEBUG_ANY,
+			"=> " LDAP_XSTRING(ndb_tool_dn2id_get) ": %s\n",
+			 text, 0, 0 );
+		return NOID;
+	}
+	if ( myOcList ) {
+		ber_bvarray_free( myOcList );
+		myOcList = NULL;
+	}
+	op.o_hdr = &ohdr;
+	op.o_bd = be;
+	op.o_tmpmemctx = NULL;
+	op.o_tmpmfuncs = &ch_mfuncs;
+
+	NA.e = &e;
+	e.e_name = *dn;
+	NA.rdns = &rdns;
+	NA.ocs = NULL;
+	rc = ndb_entry_get_info( &op, &NA, 0, NULL );
+	myOcList = NA.ocs;
+	NA.txn->close();
+	if ( rc )
+		return NOID;
+	
+	myDn = *dn;
+
+	return e.e_id;
+}
+
+extern "C"
+Entry* ndb_tool_entry_get( BackendDB *be, ID id )
+{
+	NdbArgs NA;
+	int rc;
+	char text[1024];
+	Operation op = {0};
+	Opheader ohdr = {0};
+
+	assert( be != NULL );
+	assert( slapMode & SLAP_TOOL_MODE );
+
+	NA.txn = myNdb->startTransaction();
+	if ( !NA.txn ) {
+		snprintf( text, sizeof(text),
+			"start_transaction failed: %s (%d)",
+			myNdb->getNdbError().message, myNdb->getNdbError().code );
+		Debug( LDAP_DEBUG_ANY,
+			"=> " LDAP_XSTRING(ndb_tool_entry_get) ": %s\n",
+			 text, 0, 0 );
+		return NULL;
+	}
+
+	NA.e = entry_alloc();
+	NA.e->e_id = id;
+	ber_dupbv( &NA.e->e_name, &myDn );
+	dnNormalize( 0, NULL, NULL, &NA.e->e_name, &NA.e->e_nname, NULL );
+
+	op.o_hdr = &ohdr;
+	op.o_bd = be;
+	op.o_tmpmemctx = NULL;
+	op.o_tmpmfuncs = &ch_mfuncs;
+
+	NA.ndb = myNdb;
+	NA.ocs = myOcList;
+	rc = ndb_entry_get_data( &op, &NA, 0 );
+
+	if ( rc ) {
+		entry_free( NA.e );
+		NA.e = NULL;
+	}
+	NA.txn->close();
+
+	return NA.e;
+}
+
+static struct berval glueval[] = {
+	BER_BVC("glue"),
+	BER_BVNULL
+};
+
+static int ndb_dnid_cmp( const void *v1, const void *v2 )
+{
+	struct dn_id *dn1 = (struct dn_id *)v1,
+		*dn2 = (struct dn_id *)v2;
+	return ber_bvcmp( &dn1->dn, &dn2->dn );
+}
+
+static int ndb_tool_next_id(
+	Operation *op,
+	NdbArgs *NA,
+	struct berval *text,
+	int hole )
+{
+	struct berval ndn = NA->e->e_nname;
+	int rc;
+
+	if (ndn.bv_len == 0) {
+		NA->e->e_id = 0;
+		return 0;
+	}
+
+	rc = ndb_entry_get_info( op, NA, 0, NULL );
+	if ( rc ) {
+		Attribute *a, tmp = {0};
+		if ( !be_issuffix( op->o_bd, &ndn ) ) {
+			struct dn_id *dptr;
+			struct berval npdn;
+			dnParent( &ndn, &npdn );
+			NA->e->e_nname = npdn;
+			NA->rdns->nr_num--;
+			rc = ndb_tool_next_id( op, NA, text, 1 );
+			NA->e->e_nname = ndn;
+			NA->rdns->nr_num++;
+			if ( rc ) {
+				return rc;
+			}
+			/* If parent didn't exist, it was created just now
+			 * and its ID is now in e->e_id.
+			 */
+			dptr = (struct dn_id *)ch_malloc( sizeof( struct dn_id ) + npdn.bv_len + 1);
+			dptr->id = NA->e->e_id;
+			dptr->dn.bv_val = (char *)(dptr+1);
+			strcpy(dptr->dn.bv_val, npdn.bv_val );
+			dptr->dn.bv_len = npdn.bv_len;
+			if ( avl_insert( &myParents, dptr, ndb_dnid_cmp, avl_dup_error )) {
+				ch_free( dptr );
+			}
+		}
+		rc = ndb_next_id( op->o_bd, myNdb, &NA->e->e_id );
+		if ( rc ) {
+			snprintf( text->bv_val, text->bv_len,
+				"next_id failed: %s (%d)",
+				myNdb->getNdbError().message, myNdb->getNdbError().code );
+			Debug( LDAP_DEBUG_ANY,
+				"=> ndb_tool_next_id: %s\n", text->bv_val, 0, 0 );
+			return rc;
+		}
+		if ( hole ) {
+			a = NA->e->e_attrs;
+			NA->e->e_attrs = &tmp;
+			tmp.a_desc = slap_schema.si_ad_objectClass;
+			tmp.a_vals = glueval;
+			tmp.a_nvals = tmp.a_vals;
+			tmp.a_numvals = 1;
+		}
+		rc = ndb_entry_put_info( op->o_bd, NA, 0 );
+		if ( hole ) {
+			NA->e->e_attrs = a;
+		}
+		if ( rc ) {
+			snprintf( text->bv_val, text->bv_len, 
+				"ndb_entry_put_info failed: %s (%d)",
+				myNdb->getNdbError().message, myNdb->getNdbError().code );
+		Debug( LDAP_DEBUG_ANY,
+			"=> ndb_tool_next_id: %s\n", text->bv_val, 0, 0 );
+		} else if ( hole ) {
+			if ( nholes == nhmax - 1 ) {
+				if ( holes == hbuf ) {
+					holes = (dn_id *)ch_malloc( nhmax * sizeof(dn_id) * 2 );
+					AC_MEMCPY( holes, hbuf, sizeof(hbuf) );
+				} else {
+					holes = (dn_id *)ch_realloc( holes, nhmax * sizeof(dn_id) * 2 );
+				}
+				nhmax *= 2;
+			}
+			ber_dupbv( &holes[nholes].dn, &ndn );
+			holes[nholes++].id = NA->e->e_id;
+		}
+	} else if ( !hole ) {
+		unsigned i;
+
+		for ( i=0; i<nholes; i++) {
+			if ( holes[i].id == NA->e->e_id ) {
+				int j;
+				free(holes[i].dn.bv_val);
+				for (j=i;j<nholes;j++) holes[j] = holes[j+1];
+				holes[j].id = 0;
+				nholes--;
+				rc = ndb_entry_put_info( op->o_bd, NA, 1 );
+				break;
+			} else if ( holes[i].id > NA->e->e_id ) {
+				break;
+			}
+		}
+	}
+	return rc;
+}
+
+extern "C"
+ID ndb_tool_entry_put(
+	BackendDB *be,
+	Entry *e,
+	struct berval *text )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	struct dn_id dtmp, *dptr;
+	NdbArgs NA;
+	NdbRdns rdns;
+	int rc, slow = 0;
+	Operation op = {0};
+	Opheader ohdr = {0};
+
+	assert( be != NULL );
+	assert( slapMode & SLAP_TOOL_MODE );
+
+	assert( text != NULL );
+	assert( text->bv_val != NULL );
+	assert( text->bv_val[0] == '\0' );	/* overconservative? */
+
+	Debug( LDAP_DEBUG_TRACE, "=> " LDAP_XSTRING(ndb_tool_entry_put)
+		"( %ld, \"%s\" )\n", (long) e->e_id, e->e_dn, 0 );
+
+	if ( !be_issuffix( be, &e->e_nname )) {
+		dnParent( &e->e_nname, &dtmp.dn );
+		dptr = (struct dn_id *)avl_find( myParents, &dtmp, ndb_dnid_cmp );
+		if ( !dptr )
+			slow = 1;
+	}
+
+	rdns.nr_num = 0;
+
+	op.o_hdr = &ohdr;
+	op.o_bd = be;
+	op.o_tmpmemctx = NULL;
+	op.o_tmpmfuncs = &ch_mfuncs;
+
+	if ( !slow ) {
+		rc = ndb_next_id( be, myNdb, &e->e_id );
+		if ( rc ) {
+			snprintf( text->bv_val, text->bv_len,
+				"next_id failed: %s (%d)",
+				myNdb->getNdbError().message, myNdb->getNdbError().code );
+			Debug( LDAP_DEBUG_ANY,
+				"=> ndb_tool_next_id: %s\n", text->bv_val, 0, 0 );
+			return rc;
+		}
+	}
+
+	if ( !myPutTxn )
+		myPutTxn = myNdb->startTransaction();
+	if ( !myPutTxn ) {
+		snprintf( text->bv_val, text->bv_len,
+			"start_transaction failed: %s (%d)",
+			myNdb->getNdbError().message, myNdb->getNdbError().code );
+		Debug( LDAP_DEBUG_ANY,
+			"=> " LDAP_XSTRING(ndb_tool_entry_put) ": %s\n",
+			 text->bv_val, 0, 0 );
+		return NOID;
+	}
+
+	/* add dn2id indices */
+	ndb_dn2rdns( &e->e_name, &rdns );
+	NA.rdns = &rdns;
+	NA.e = e;
+	NA.ndb = myNdb;
+	NA.txn = myPutTxn;
+	if ( slow ) {
+		rc = ndb_tool_next_id( &op, &NA, text, 0 );
+		if( rc != 0 ) {
+			goto done;
+		}
+	} else {
+		rc = ndb_entry_put_info( be, &NA, 0 );
+		if ( rc != 0 ) {
+			goto done;
+		}
+	}
+
+	/* id2entry index */
+	rc = ndb_entry_put_data( be, &NA );
+	if( rc != 0 ) {
+		snprintf( text->bv_val, text->bv_len,
+				"ndb_entry_put_data failed: %s (%d)",
+				myNdb->getNdbError().message, myNdb->getNdbError().code );
+		Debug( LDAP_DEBUG_ANY,
+			"=> " LDAP_XSTRING(ndb_tool_entry_put) ": %s\n",
+			text->bv_val, 0, 0 );
+		goto done;
+	}
+
+done:
+	if( rc == 0 ) {
+		myPutCnt++;
+		if ( !( myPutCnt & 0x0f )) {
+			rc = myPutTxn->execute(NdbTransaction::Commit);
+			if( rc != 0 ) {
+				snprintf( text->bv_val, text->bv_len,
+					"txn_commit failed: %s (%d)",
+					myPutTxn->getNdbError().message, myPutTxn->getNdbError().code );
+				Debug( LDAP_DEBUG_ANY,
+					"=> " LDAP_XSTRING(ndb_tool_entry_put) ": %s\n",
+					text->bv_val, 0, 0 );
+				e->e_id = NOID;
+			}
+			myPutTxn->close();
+			myPutTxn = NULL;
+		}
+	} else {
+		snprintf( text->bv_val, text->bv_len,
+			"txn_aborted! %s (%d)",
+			myPutTxn->getNdbError().message, myPutTxn->getNdbError().code );
+		Debug( LDAP_DEBUG_ANY,
+			"=> " LDAP_XSTRING(ndb_tool_entry_put) ": %s\n",
+			text->bv_val, 0, 0 );
+		e->e_id = NOID;
+		myPutTxn->close();
+	}
+
+	return e->e_id;
+}
+
+extern "C"
+int ndb_tool_entry_reindex(
+	BackendDB *be,
+	ID id,
+	AttributeDescription **adv )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+
+	Debug( LDAP_DEBUG_ARGS,
+		"=> " LDAP_XSTRING(ndb_tool_entry_reindex) "( %ld )\n",
+		(long) id, 0, 0 );
+
+	return 0;
+}
+
+extern "C"
+ID ndb_tool_entry_modify(
+	BackendDB *be,
+	Entry *e,
+	struct berval *text )
+{
+	struct ndb_info *ni = (struct ndb_info *) be->be_private;
+	int rc;
+
+	Debug( LDAP_DEBUG_TRACE,
+		"=> " LDAP_XSTRING(ndb_tool_entry_modify) "( %ld, \"%s\" )\n",
+		(long) e->e_id, e->e_dn, 0 );
+
+done:
+	return e->e_id;
+}
+

Modified: openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-null/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-null
-# $OpenLDAP: pkg/ldap/servers/slapd/back-null/Makefile.in,v 1.9.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-null/Makefile.in,v 1.9.2.4 2009/01/22 00:01:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-null/null.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-null/null.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-null/null.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* null.c - the null backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-null/null.c,v 1.18.2.5 2008/02/12 00:58:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-null/null.c,v 1.18.2.8 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -50,22 +50,177 @@
 	return rs->sr_err;
 }
 
+
+static int
+null_back_respond( Operation *op, SlapReply *rs, int rc )
+{
+	LDAPControl ctrl[SLAP_MAX_RESPONSE_CONTROLS], *ctrls[SLAP_MAX_RESPONSE_CONTROLS];
+	int c = 0;
+
+	BerElementBuffer	ps_berbuf;
+	BerElement		*ps_ber = NULL;
+	LDAPControl		**preread_ctrl = NULL,
+				**postread_ctrl = NULL;
+
+	rs->sr_err = LDAP_OTHER;
+
+	/* this comes first, as in case of assertion failure
+	 * any further processing must stop */
+	if ( get_assert( op ) ) {
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto respond;
+	}
+
+	if ( op->o_preread ) {
+		Entry		e = { 0 };
+
+		switch ( op->o_tag ) {
+		case LDAP_REQ_MODIFY:
+		case LDAP_REQ_RENAME:
+		case LDAP_REQ_DELETE:
+			e.e_name = op->o_req_dn;
+			e.e_nname = op->o_req_ndn;
+
+			preread_ctrl = &ctrls[c];
+			*preread_ctrl = NULL;
+
+			if ( slap_read_controls( op, rs, &e,
+				&slap_pre_read_bv, preread_ctrl ) )
+			{
+				preread_ctrl = NULL;
+
+				Debug( LDAP_DEBUG_TRACE,
+					"<=- null_back_respond: pre-read "
+					"failed!\n", 0, 0, 0 );
+
+				if ( op->o_preread & SLAP_CONTROL_CRITICAL ) {
+					/* FIXME: is it correct to abort
+					 * operation if control fails? */
+					goto respond;
+				}
+
+			} else {
+				c++;
+			}
+			break;
+		}
+	}
+
+	if ( op->o_postread ) {
+		Entry		e = { 0 };
+
+		switch ( op->o_tag ) {
+		case LDAP_REQ_ADD:
+		case LDAP_REQ_MODIFY:
+		case LDAP_REQ_RENAME:
+			if ( op->o_tag == LDAP_REQ_ADD ) {
+				e.e_name = op->ora_e->e_name;
+				e.e_nname = op->ora_e->e_nname;
+
+			} else {
+				e.e_name = op->o_req_dn;
+				e.e_nname = op->o_req_ndn;
+			}
+
+			postread_ctrl = &ctrls[c];
+			*postread_ctrl = NULL;
+
+			if ( slap_read_controls( op, rs, &e,
+				&slap_post_read_bv, postread_ctrl ) )
+			{
+				postread_ctrl = NULL;
+
+				Debug( LDAP_DEBUG_TRACE,
+					"<=- null_back_respond: post-read "
+					"failed!\n", 0, 0, 0 );
+
+				if ( op->o_postread & SLAP_CONTROL_CRITICAL ) {
+					/* FIXME: is it correct to abort
+					 * operation if control fails? */
+					goto respond;
+				}
+
+			} else {
+				c++;
+			}
+			break;
+		}
+	}
+
+	if ( op->o_noop ) {
+		switch ( op->o_tag ) {
+		case LDAP_REQ_ADD:
+		case LDAP_REQ_MODIFY:
+		case LDAP_REQ_RENAME:
+		case LDAP_REQ_DELETE:
+		case LDAP_REQ_EXTENDED:
+			rc = LDAP_X_NO_OPERATION;
+			break;
+		}
+	}
+
+	if ( get_pagedresults( op ) > SLAP_CONTROL_IGNORED ) {
+		struct berval		cookie = BER_BVC( "" );
+
+		/* should not be here... */
+		assert( op->o_tag == LDAP_REQ_SEARCH );
+
+		ctrl[c].ldctl_oid = LDAP_CONTROL_PAGEDRESULTS;
+		ctrl[c].ldctl_iscritical = 0;
+
+		ps_ber = (BerElement *)&ps_berbuf;
+		ber_init2( ps_ber, NULL, LBER_USE_DER );
+
+		/* return size of 0 -- no estimate */
+		ber_printf( ps_ber, "{iO}", 0, &cookie ); 
+
+		if ( ber_flatten2( ps_ber, &ctrl[c].ldctl_value, 0 ) == -1 ) {
+			goto done;
+		}
+		
+		ctrls[c] = &ctrl[c];
+		c++;
+	}
+
+	/* terminate controls array */
+	ctrls[c] = NULL;
+	rs->sr_ctrls = ctrls;
+	rs->sr_err = rc;
+
+respond:;
+	send_ldap_result( op, rs );
+	rs->sr_ctrls = NULL;
+
+done:;
+	if ( ps_ber != NULL ) {
+		(void) ber_free_buf( ps_ber );
+	}
+
+	if( preread_ctrl != NULL && (*preread_ctrl) != NULL ) {
+		slap_sl_free( (*preread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *preread_ctrl, op->o_tmpmemctx );
+	}
+
+	if( postread_ctrl != NULL && (*postread_ctrl) != NULL ) {
+		slap_sl_free( (*postread_ctrl)->ldctl_value.bv_val, op->o_tmpmemctx );
+		slap_sl_free( *postread_ctrl, op->o_tmpmemctx );
+	}
+
+	return rs->sr_err;
+}
+
 /* add, delete, modify, modrdn, search */
 static int
 null_back_success( Operation *op, SlapReply *rs )
 {
-	rs->sr_err = LDAP_SUCCESS;
-	send_ldap_result( op, rs );
-	return 0;
+	return null_back_respond( op, rs, LDAP_SUCCESS );
 }
 
 /* compare */
 static int
 null_back_false( Operation *op, SlapReply *rs )
 {
-	rs->sr_err = LDAP_COMPARE_FALSE;
-	send_ldap_result( op, rs );
-	return 0;
+	return null_back_respond( op, rs, LDAP_COMPARE_FALSE );
 }
 
 
@@ -184,6 +339,29 @@
 int
 null_back_initialize( BackendInfo *bi )
 {
+	static char *controls[] = {
+		LDAP_CONTROL_ASSERT,
+		LDAP_CONTROL_MANAGEDSAIT,
+		LDAP_CONTROL_NOOP,
+		LDAP_CONTROL_PAGEDRESULTS,
+		LDAP_CONTROL_SUBENTRIES,
+		LDAP_CONTROL_PRE_READ,
+		LDAP_CONTROL_POST_READ,
+		LDAP_CONTROL_X_PERMISSIVE_MODIFY,
+		NULL
+	};
+
+	Debug( LDAP_DEBUG_TRACE,
+		"null_back_initialize: initialize null backend\n", 0, 0, 0 );
+
+	bi->bi_flags |=
+		SLAP_BFLAG_INCREMENT |
+		SLAP_BFLAG_SUBENTRIES |
+		SLAP_BFLAG_ALIASES |
+		SLAP_BFLAG_REFERRALS;
+
+	bi->bi_controls = controls;
+
 	bi->bi_open = 0;
 	bi->bi_close = 0;
 	bi->bi_config = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-passwd
-# $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/Makefile.in,v 1.20.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/Makefile.in,v 1.20.2.4 2009/01/22 00:01:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/back-passwd.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/back-passwd.h,v 1.7.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/back-passwd.h,v 1.7.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - passwd backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/config.c,v 1.14.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/config.c,v 1.14.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize passwd backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/init.c,v 1.32.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/init.c,v 1.32.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/proto-passwd.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/proto-passwd.h,v 1.5.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/proto-passwd.h,v 1.5.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-passwd/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - /etc/passwd backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/search.c,v 1.79.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-passwd/search.c,v 1.79.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-perl
-# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/Makefile.in,v 1.20.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/Makefile.in,v 1.20.2.4 2009/01/22 00:01:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## Portions Copyright 1999 John C. Quillan.
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/SampleLDAP.pm	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # This is a sample Perl module for the OpenLDAP server slapd.
-# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/SampleLDAP.pm,v 1.10.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-perl/SampleLDAP.pm,v 1.10.2.4 2009/01/22 00:01:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## Portions Copyright 1999 John C. Quillan.
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/add.c,v 1.20.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/add.c,v 1.20.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/asperl_undefs.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/asperl_undefs.h,v 1.7.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/asperl_undefs.h,v 1.7.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/bind.c,v 1.24.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/bind.c,v 1.24.2.5 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/close.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/close.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/close.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.17.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/close.c,v 1.17.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/compare.c,v 1.26.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/compare.c,v 1.26.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/config.c,v 1.22.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/config.c,v 1.22.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/delete.c,v 1.20.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/delete.c,v 1.20.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.44.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/init.c,v 1.44.2.5 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modify.c,v 1.23.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modify.c,v 1.23.2.5 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modrdn.c,v 1.22.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/modrdn.c,v 1.22.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/perl_back.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/perl_back.h,v 1.15.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/perl_back.h,v 1.15.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/proto-perl.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/proto-perl.h,v 1.5.2.4 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/proto-perl.h,v 1.5.2.5 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-perl/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-perl/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-perl/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/search.c,v 1.31.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-perl/search.c,v 1.31.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 John C. Quillan.
  * Portions Copyright 2002 myinternet Limited.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-relay
-# $OpenLDAP: pkg/ldap/servers/slapd/back-relay/Makefile.in,v 1.5.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-relay/Makefile.in,v 1.5.2.4 2009/01/22 00:01:09 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/back-relay.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* back-relay.h - relay backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/back-relay.h,v 1.6.2.3 2008/02/12 01:03:16 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/back-relay.h,v 1.6.2.4 2009/01/22 00:01:09 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize relay backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/init.c,v 1.19.2.4 2008/02/12 01:03:16 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/init.c,v 1.19.2.6 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -108,10 +108,8 @@
 				"of relay dn \"%s\" "
 				"in \"olcRelay <dn>\"\n",
 				c->value_dn.bv_val );
-			Log2( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			Log2( LDAP_DEBUG_CONFIG, LDAP_LEVEL_ERR,
 				"%s: %s.\n", c->log, c->cr_msg );
-			rc = 1;
-			goto relay_done;
 
 		} else if ( bd->be_private == c->be->be_private ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg),
@@ -213,8 +211,18 @@
 		ri->ri_bd = select_backend( &ri->ri_realsuffix, 1 );
 
 		/* must be there: it was during config! */
-		assert( ri->ri_bd != NULL );
+		if ( ri->ri_bd == NULL ) {
+			snprintf( cr->msg, sizeof( cr->msg),
+				"cannot find database "
+				"of relay dn \"%s\" "
+				"in \"olcRelay <dn>\"\n",
+				ri->ri_realsuffix.bv_val );
+			Log1( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+				"relay_back_db_open: %s.\n", cr->msg );
 
+			return 1;
+		}
+
 		/* inherit controls */
 		AC_MEMCPY( be->be_ctrls, ri->ri_bd->be_ctrls, sizeof( be->be_ctrls ) );
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/op.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/op.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/op.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* op.c - relay backend operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/op.c,v 1.15.2.6 2008/02/12 01:03:16 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/op.c,v 1.15.2.8 2009/02/13 02:57:29 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -74,7 +74,7 @@
 
 	if ( bd == NULL && !BER_BVISNULL( &op->o_req_ndn ) ) {
 		bd = select_backend( &op->o_req_ndn, 1 );
-		if ( bd == op->o_bd ) {
+		if ( bd->be_private == op->o_bd->be_private ) {
 			Debug( LDAP_DEBUG_ANY,
 				"%s: back-relay for DN=\"%s\" would call self.\n",
 				op->o_log_prefix, op->o_req_dn.bv_val, 0 );

Modified: openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-relay/proto-back-relay.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* proto-back-relay.h - relay backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/proto-back-relay.h,v 1.6.2.4 2008/02/12 01:03:16 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-relay/proto-back-relay.h,v 1.6.2.5 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-shell
-# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/Makefile.in,v 1.22.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/Makefile.in,v 1.22.2.4 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* add.c - shell backend add function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/add.c,v 1.27.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/add.c,v 1.27.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - shell backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/bind.c,v 1.27.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/bind.c,v 1.27.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* compare.c - shell backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/compare.c,v 1.28.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/compare.c,v 1.28.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - shell backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/config.c,v 1.18.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/config.c,v 1.18.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* delete.c - shell backend delete function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/delete.c,v 1.26.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/delete.c,v 1.26.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/fork.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* fork.c - fork and exec a process, connecting stdin/out w/pipes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/fork.c,v 1.18.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/fork.c,v 1.18.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize shell backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/init.c,v 1.37.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/init.c,v 1.37.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modify.c - shell backend modify function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modify.c,v 1.33.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modify.c,v 1.33.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modrdn.c - shell backend modrdn function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modrdn.c,v 1.28.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/modrdn.c,v 1.28.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/proto-shell.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/proto-shell.h,v 1.4.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/proto-shell.h,v 1.4.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/result.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/result.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/result.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* result.c - shell backend result reading function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/result.c,v 1.23.2.4 2008/07/08 21:06:12 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/result.c,v 1.23.2.5 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - shell backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/search.c,v 1.29.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/search.c,v 1.29.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.conf,v 1.10.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.conf,v 1.10.2.4 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/searchexample.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.sh,v 1.9.2.3 2008/02/11 23:26:47 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-shell/searchexample.sh,v 1.9.2.4 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/shell.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* shell.h - shell backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/shell.h,v 1.24.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/shell.h,v 1.24.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-shell/unbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* unbind.c - shell backend unbind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/unbind.c,v 1.23.2.3 2008/02/11 23:26:47 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-shell/unbind.c,v 1.23.2.4 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-sock
-# $OpenLDAP: pkg/ldap/servers/slapd/back-sock/Makefile.in,v 1.2.2.1 2008/02/09 00:46:09 quanah Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sock/Makefile.in,v 1.2.2.2 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2007-2008 The OpenLDAP Foundation.
+## Copyright 2007-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* add.c - sock backend add function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/add.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/add.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/back-sock.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/back-sock.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/back-sock.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* sock.h - socket backend header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/back-sock.h,v 1.4.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/back-sock.h,v 1.4.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - sock backend bind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/bind.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/bind.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* compare.c - sock backend compare function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/compare.c,v 1.4.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/compare.c,v 1.4.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - sock backend configuration file routine */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/config.c,v 1.5.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/config.c,v 1.5.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* delete.c - sock backend delete function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/delete.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/delete.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize sock backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/init.c,v 1.4.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/init.c,v 1.4.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modify.c - sock backend modify function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/modify.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/modify.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* modrdn.c - sock backend modrdn function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/modrdn.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/modrdn.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/opensock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/opensock.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/opensock.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* opensock.c - open a unix domain socket */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/opensock.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/opensock.c,v 1.3.2.3 2009/02/10 23:44:04 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -57,6 +57,7 @@
 	if ( connect( fd, (struct sockaddr *)&sockun, sizeof(sockun) ) < 0 ) {
 		Debug( LDAP_DEBUG_ANY, "socket connect(%s) failed\n",
 			sockpath ? sockpath : "<null>", 0, 0 );
+		close( fd );
 		return( NULL );
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/proto-sock.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/proto-sock.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/proto-sock.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/proto-sock.h,v 1.4.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/proto-sock.h,v 1.4.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/result.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/result.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/result.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* result.c - sock backend result reading function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/result.c,v 1.3.2.2 2008/07/08 21:05:03 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/result.c,v 1.3.2.3 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* search.c - sock backend search function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/search.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/search.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.conf
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/back-sock/searchexample.conf,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sock/searchexample.conf,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2007-2008 The OpenLDAP Foundation.
+## Copyright 2007-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.pl
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.pl	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/searchexample.pl	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #!/usr/bin/perl -w -T
-# $OpenLDAP: pkg/ldap/servers/slapd/back-sock/searchexample.pl,v 1.5.2.1 2008/02/09 00:46:09 quanah Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sock/searchexample.pl,v 1.5.2.2 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2007-2008 The OpenLDAP Foundation.
+## Copyright 2007-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sock/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sock/unbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sock/unbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* unbind.c - sock backend unbind function */
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/unbind.c,v 1.3.2.1 2008/02/09 00:46:09 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sock/unbind.c,v 1.3.2.2 2009/01/22 00:01:10 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2007-2008 The OpenLDAP Foundation.
+ * Copyright 2007-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for back-sql
-# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/Makefile.in,v 1.16.2.3 2008/02/11 23:26:48 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/Makefile.in,v 1.16.2.4 2009/01/22 00:01:10 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/add.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/add.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/add.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/add.c,v 1.50.2.6 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/add.c,v 1.50.2.9 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.
@@ -962,7 +962,7 @@
 	if ( BACKSQL_CHECK_SCHEMA( bi ) ) {
 		char		textbuf[ SLAP_TEXT_BUFLEN ] = { '\0' };
 
-		rs->sr_err = entry_schema_check( op, op->ora_e, NULL, 0, 1,
+		rs->sr_err = entry_schema_check( op, op->ora_e, NULL, 0, 1, NULL,
 			&rs->sr_text, textbuf, sizeof( textbuf ) );
 		if ( rs->sr_err != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
@@ -975,6 +975,17 @@
 
 	slap_add_opattrs( op, &rs->sr_text, textbuf, textlen, 1 );
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->ora_e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		Debug( LDAP_DEBUG_TRACE, "   backsql_add(\"%s\"): "
+			"assertion control failed -- aborting\n",
+			op->ora_e->e_name.bv_val, 0, 0 );
+		e = NULL;
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto done;
+	}
+
 	/* search structuralObjectClass */
 	for ( at = op->ora_e->e_attrs; at != NULL; at = at->a_next ) {
 		if ( at->a_desc == slap_schema.si_ad_structuralObjectClass ) {

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/api.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/api.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/api.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/back-sql.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/back-sql.h,v 1.49.2.4 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/back-sql.h,v 1.49.2.5 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Mararati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/bind.c,v 1.41.2.3 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/bind.c,v 1.41.2.4 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/compare.c,v 1.24.2.5 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/compare.c,v 1.24.2.6 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.32.2.5 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/config.c,v 1.32.2.6 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/delete.c,v 1.35.2.8 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/delete.c,v 1.35.2.9 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/entry-id.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/entry-id.c,v 1.67.2.6 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/entry-id.c,v 1.67.2.7 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.73.2.4 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/init.c,v 1.73.2.5 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modify.c,v 1.53.2.5 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modify.c,v 1.53.2.7 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.
@@ -152,7 +152,7 @@
 			goto do_transact;
 		}
 
-		rs->sr_err = entry_schema_check( op, &m, NULL, 0, 0,
+		rs->sr_err = entry_schema_check( op, &m, NULL, 0, 0, NULL,
 			&rs->sr_text, textbuf, sizeof( textbuf ) );
 		if ( rs->sr_err != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_TRACE, "   backsql_modify(\"%s\"): "

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modrdn.c,v 1.39.2.5 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/modrdn.c,v 1.39.2.7 2009/02/05 19:35:55 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.
@@ -455,7 +455,7 @@
 
 		e_id = bsi.bsi_base_id;
 
-		rs->sr_err = entry_schema_check( op, &r, NULL, 0, 0,
+		rs->sr_err = entry_schema_check( op, &r, NULL, 0, 0, NULL,
 			&rs->sr_text, textbuf, sizeof( textbuf ) );
 		if ( rs->sr_err != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_TRACE, "   backsql_modrdn(\"%s\"): "

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/operational.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/operational.c,v 1.21.2.5 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/operational.c,v 1.21.2.6 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/proto-sql.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Mararati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/Makefile	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-## Copyright 1997-2008 The OpenLDAP Foundation, All Rights Reserved.
+## Copyright 1997-2009 The OpenLDAP Foundation, All Rights Reserved.
 ##  COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 
 #

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/rdbms_depend/timesten/dnreverse/dnreverse.cpp	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-// Copyright 1997-2008 The OpenLDAP Foundation, All Rights Reserved.
+// Copyright 1997-2009 The OpenLDAP Foundation, All Rights Reserved.
 //  COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 
 // (c) Copyright 1999-2001 TimesTen Performance Software. All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/schema-map.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/schema-map.c,v 1.59.2.6 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/schema-map.c,v 1.59.2.9 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.
@@ -340,22 +340,52 @@
 		struct berbuf	bb = BB_NULL;
 		AttributeDescription *ad = NULL;
 
-		Debug( LDAP_DEBUG_TRACE, 
-			"attributeType:\n"
-			"\tname=\"%s\"\n"
-			"\tsel_expr=\"%s\"\n"
-			"\tfrom=\"%s\"\n",
-			at_row.cols[ 0 ], at_row.cols[ 1 ],
-			at_row.cols[ 2 ] );
-		Debug( LDAP_DEBUG_TRACE, 
-			"\tjoin_where=\"%s\"\n"
-			"\tadd_proc=\"%s\"\n"
-			"\tdelete_proc=\"%s\"\n",
-			at_row.cols[ 3 ], at_row.cols[ 4 ],
-			at_row.cols[ 5 ]);
-		/* TimesTen */
-		Debug( LDAP_DEBUG_TRACE, "\tsel_expr_u=\"%s\"\n",
-				at_row.cols[ 8 ], 0, 0 );
+		{
+			struct {
+				int idx;
+				char *name;
+			} required[] = {
+				{ 0, "name" },
+				{ 1, "sel_expr" },
+				{ 2, "from" },
+				{ -1, NULL },
+			};
+			int i;
+
+			for ( i = 0; required[ i ].name != NULL; i++ ) {
+				if ( at_row.value_len[ i ] <= 0 ) {
+					Debug( LDAP_DEBUG_ANY,
+						"backsql_oc_get_attr_mapping(): "
+						"required column #%d \"%s\" is empty\n",
+						required[ i ].idx, required[ i ].name, 0 );
+					bas->bas_rc = LDAP_OTHER;
+					return BACKSQL_AVL_STOP;
+				}
+			}
+		}
+
+		{
+			char		buf[ SLAP_TEXT_BUFLEN ];
+
+			snprintf( buf, sizeof( buf ),
+				"attributeType: "
+				"name=\"%s\" "
+				"sel_expr=\"%s\" "
+				"from=\"%s\" "
+				"join_where=\"%s\" "
+				"add_proc=\"%s\" "
+				"delete_proc=\"%s\" "
+				"sel_expr_u=\"%s\"",
+				at_row.cols[ 0 ],
+				at_row.cols[ 1 ],
+				at_row.cols[ 2 ],
+				at_row.cols[ 3 ] ? at_row.cols[ 3 ] : "",
+				at_row.cols[ 4 ] ? at_row.cols[ 4 ] : "",
+				at_row.cols[ 5 ] ? at_row.cols[ 5 ] : "",
+				at_row.cols[ 8 ] ? at_row.cols[ 8 ] : "");
+			Debug( LDAP_DEBUG_TRACE, "%s\n", buf, 0, 0 );
+		}
+
 		rc = slap_str2ad( at_row.cols[ 0 ], &ad, &text );
 		if ( rc != LDAP_SUCCESS ) {
 			Debug( LDAP_DEBUG_TRACE, "backsql_oc_get_attr_mapping(): "
@@ -373,7 +403,7 @@
 		if ( slap_syntax_is_binary( ad->ad_type->sat_syntax )
 			&& !slap_ad_is_binary( ad ) )
 		{
-			char		buf[ BUFSIZ ];
+			char		buf[ SLAP_TEXT_BUFLEN ];
 			struct berval	bv;
 			const char	*text = NULL;
 
@@ -411,7 +441,7 @@
 		}
 		at_map->bam_add_proc = NULL;
 		if ( at_row.value_len[ 4 ] > 0 ) {
-			at_map->bam_add_proc = ch_strdup( at_row.cols[4] );
+			at_map->bam_add_proc = ch_strdup( at_row.cols[ 4 ] );
 		}
 		at_map->bam_delete_proc = NULL;
 		if ( at_row.value_len[ 5 ] > 0 ) {
@@ -472,6 +502,9 @@
 	backsql_oc_map_rec		*oc_map;
 	struct backsql_attr_schema_info	bas;
 
+	int				delete_proc_idx = 5;
+	int				create_hint_idx = delete_proc_idx + 2;
+
 	Debug( LDAP_DEBUG_TRACE, "==>backsql_load_schema_map()\n", 0, 0, 0 );
 
 	/* 
@@ -515,9 +548,64 @@
 
 	backsql_BindRowAsStrings( sth, &oc_row );
 	rc = SQLFetch( sth );
+
+	if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
+		delete_proc_idx++;
+		create_hint_idx++;
+	}
+
 	for ( ; BACKSQL_SUCCESS( rc ); rc = SQLFetch( sth ) ) {
-		int	colnum;
+		{
+			struct {
+				int idx;
+				char *name;
+			} required[] = {
+				{ 0, "id" },
+				{ 1, "name" },
+				{ 2, "keytbl" },
+				{ 3, "keycol" },
+				{ delete_proc_idx + 1, "expect_return" },
+				{ -1, NULL },
+			};
+			int i;
 
+			for ( i = 0; required[ i ].name != NULL; i++ ) {
+				if ( oc_row.value_len[ required[ i ].idx ] <= 0 ) {
+					Debug( LDAP_DEBUG_ANY,
+						"backsql_load_schema_map(): "
+						"required column #%d \"%s\" is empty\n",
+						required[ i ].idx, required[ i ].name, 0 );
+					return LDAP_OTHER;
+				}
+			}
+		}
+
+		{
+			char		buf[ SLAP_TEXT_BUFLEN ];
+
+			snprintf( buf, sizeof( buf ),
+				"objectClass: "
+				"id=\"%s\" "
+				"name=\"%s\" "
+				"keytbl=\"%s\" "
+				"keycol=\"%s\" "
+				"create_proc=\"%s\" "
+				"create_keyval=\"%s\" "
+				"delete_proc=\"%s\" "
+				"expect_return=\"%s\""
+				"create_hint=\"%s\" ",
+				oc_row.cols[ 0 ],
+				oc_row.cols[ 1 ],
+				oc_row.cols[ 2 ],
+				oc_row.cols[ 3 ],
+				oc_row.cols[ 4 ] ? oc_row.cols[ 4 ] : "",
+				( BACKSQL_CREATE_NEEDS_SELECT( bi ) && oc_row.cols[ 5 ] ) ? oc_row.cols[ 5 ] : "",
+				oc_row.cols[ delete_proc_idx ] ? oc_row.cols[ delete_proc_idx ] : "",
+				oc_row.cols[ delete_proc_idx + 1 ],
+				( ( oc_row.ncols > create_hint_idx ) && oc_row.cols[ create_hint_idx ] ) ? oc_row.cols[ create_hint_idx ] : "" );
+			Debug( LDAP_DEBUG_TRACE, "%s\n", buf, 0, 0 );
+		}
+
 		oc_map = (backsql_oc_map_rec *)ch_calloc( 1,
 				sizeof( backsql_oc_map_rec ) );
 
@@ -541,36 +629,33 @@
 		oc_map->bom_create_proc = ( oc_row.value_len[ 4 ] <= 0 ) ? NULL 
 			: ch_strdup( oc_row.cols[ 4 ] );
 
-		colnum = 5;
 		if ( BACKSQL_CREATE_NEEDS_SELECT( bi ) ) {
-			colnum = 6;
 			oc_map->bom_create_keyval = ( oc_row.value_len[ 5 ] <= 0 ) 
 				? NULL : ch_strdup( oc_row.cols[ 5 ] );
 		}
-		oc_map->bom_delete_proc = ( oc_row.value_len[ colnum ] <= 0 ) ? NULL 
-			: ch_strdup( oc_row.cols[ colnum ] );
-		if ( lutil_atoix( &oc_map->bom_expect_return, oc_row.cols[ colnum + 1 ], 0 ) != 0 ) {
+		oc_map->bom_delete_proc = ( oc_row.value_len[ delete_proc_idx ] <= 0 ) ? NULL 
+			: ch_strdup( oc_row.cols[ delete_proc_idx ] );
+		if ( lutil_atoix( &oc_map->bom_expect_return, oc_row.cols[ delete_proc_idx + 1 ], 0 ) != 0 ) {
 			Debug( LDAP_DEBUG_TRACE, "backsql_load_schema_map(): "
 				"unable to parse expect_return=\"%s\" for objectClass \"%s\"\n", 
-				oc_row.cols[ colnum + 1 ], oc_row.cols[ 1 ], 0 );
+				oc_row.cols[ delete_proc_idx + 1 ], oc_row.cols[ 1 ], 0 );
 			return LDAP_OTHER;
 		}
 
-		colnum += 2;
-		if ( ( oc_row.ncols > colnum ) &&
-				( oc_row.value_len[ colnum ] > 0 ) )
+		if ( ( oc_row.ncols > create_hint_idx ) &&
+				( oc_row.value_len[ create_hint_idx ] > 0 ) )
 		{
 			const char	*text;
 
 			oc_map->bom_create_hint = NULL;
-			rc = slap_str2ad( oc_row.cols[ colnum ],
+			rc = slap_str2ad( oc_row.cols[ create_hint_idx ],
 					&oc_map->bom_create_hint, &text );
 			if ( rc != SQL_SUCCESS ) {
 				Debug( LDAP_DEBUG_TRACE, "load_schema_map(): "
 						"error matching "
 						"AttributeDescription %s "
 						"in create_hint: %s (%d)\n",
-						oc_row.cols[ colnum ],
+						oc_row.cols[ create_hint_idx ],
 						text, rc );
 				backsql_PrintErrors( bi->sql_db_env, dbh,
 						sth, rc );

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.117.2.8 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/search.c,v 1.117.2.9 2009/01/22 00:01:11 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/sql-wrap.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.43.2.5 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/sql-wrap.c,v 1.43.2.7 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * Portions Copyright 2004 Mark Adamson.
@@ -462,28 +462,31 @@
 	return LDAP_SUCCESS;
 }
 
+static void	*backsql_db_conn_dummy;
+
+static void
+backsql_db_conn_keyfree(
+	void		*key,
+	void		*data )
+{
+	(void)backsql_close_db_handle( (SQLHDBC)data );
+}
+
 int
 backsql_free_db_conn( Operation *op, SQLHDBC dbh )
 {
 	Debug( LDAP_DEBUG_TRACE, "==>backsql_free_db_conn()\n", 0, 0, 0 );
 
 	(void)backsql_close_db_handle( dbh );
+	ldap_pvt_thread_pool_setkey( op->o_threadctx,
+		&backsql_db_conn_dummy, (void *)SQL_NULL_HDBC,
+		backsql_db_conn_keyfree, NULL, NULL );
 
 	Debug( LDAP_DEBUG_TRACE, "<==backsql_free_db_conn()\n", 0, 0, 0 );
 
 	return LDAP_SUCCESS;
 }
 
-static void	*backsql_db_conn_dummy;
-
-static void
-backsql_db_conn_keyfree(
-	void		*key,
-	void		*data )
-{
-	backsql_close_db_handle( (SQLHDBC)data );
-}
-
 int
 backsql_get_db_conn( Operation *op, SQLHDBC *dbhp )
 {
@@ -514,9 +517,8 @@
 		}
 
 		if ( op->o_threadctx ) {
-			void		*data = NULL;
+			void		*data = (void *)dbh;
 
-			data = (void *)dbh;
 			ldap_pvt_thread_pool_setkey( op->o_threadctx,
 					&backsql_db_conn_dummy, data,
 					backsql_db_conn_keyfree, NULL, NULL );

Modified: openldap/vendor/openldap-release/servers/slapd/back-sql/util.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/back-sql/util.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/back-sql/util.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.45.2.4 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/back-sql/util.c,v 1.45.2.5 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 Dmitry Kovalev.
  * Portions Copyright 2002 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/backend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backend.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/backend.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* backend.c - routines for dealing with back-end databases */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.362.2.17 2008/04/24 08:13:39 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backend.c,v 1.362.2.26 2009/01/30 19:00:12 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -261,8 +261,6 @@
 				return rc;
 			}
 		}
-		/* append global access controls */
-		acl_append( &be->be_acl, frontendDB->be_acl, -1 );
 
 		return backend_startup_one( be, &cr );
 	}
@@ -310,8 +308,6 @@
 				"has no suffix\n",
 				i, be->bd_info->bi_type, 0 );
 		}
-		/* append global access controls */
-		acl_append( &be->be_acl, frontendDB->be_acl, -1 );
 
 		rc = backend_startup_one( be, &cr );
 
@@ -349,11 +345,13 @@
 		}
 
 		if ( be->bd_info->bi_db_close ) {
-			be->bd_info->bi_db_close( be, NULL );
+			rc = be->bd_info->bi_db_close( be, NULL );
+			if ( rc ) return rc;
 		}
 
 		if( be->bd_info->bi_close ) {
-			be->bd_info->bi_close( be->bd_info );
+			rc = be->bd_info->bi_close( be->bd_info );
+			if ( rc ) return rc;
 		}
 
 		return 0;
@@ -451,7 +449,7 @@
 	if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
 		free( bd->be_rootpw.bv_val );
 	}
-	acl_destroy( bd->be_acl, frontendDB->be_acl );
+	acl_destroy( bd->be_acl );
 	limits_destroy( bd->be_limits );
 	if ( !BER_BVISNULL( &bd->be_update_ndn ) ) {
 		ch_free( bd->be_update_ndn.bv_val );
@@ -502,7 +500,8 @@
 		if ( !BER_BVISNULL( &bd->be_rootpw ) ) {
 			free( bd->be_rootpw.bv_val );
 		}
-		acl_destroy( bd->be_acl, frontendDB->be_acl );
+		acl_destroy( bd->be_acl );
+		frontendDB = NULL;
 	}
 
 	return 0;
@@ -594,8 +593,7 @@
 	be->be_requires = frontendDB->be_requires;
 	be->be_ssf_set = frontendDB->be_ssf_set;
 
-	be->be_pcl_mutexp = &be->be_pcl_mutex;
-	ldap_pvt_thread_mutex_init( be->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_init( &be->be_pcl_mutex );
 
  	/* assign a default depth limit for alias deref */
 	be->be_max_deref_depth = SLAPD_DEFAULT_MAXDEREFDEPTH; 
@@ -614,6 +612,9 @@
 			nbackends--;
 		}
 	} else {
+		if ( !bi->bi_nDB ) {
+			backend_init_controls( bi );
+		}
 		bi->bi_nDB++;
 	}
 	return( be );
@@ -946,6 +947,14 @@
 
 			case LDAP_COMPARE_FALSE:
 				if ( !op->o_bd->be_ctrls[cid] && (*ctrls)->ldctl_iscritical ) {
+#ifdef SLAP_CONTROL_X_WHATFAILED
+					if ( get_whatFailed( op ) ) {
+						char *oids[ 2 ];
+						oids[ 0 ] = (*ctrls)->ldctl_oid;
+						oids[ 1 ] = NULL;
+						slap_ctrl_whatFailed_add( op, rs, oids );
+					}
+#endif
 					/* RFC 4511 allows unavailableCriticalExtension to be
 					 * returned when the server is unwilling to perform
 					 * an operation extended by a recognized critical
@@ -996,13 +1005,19 @@
 	slap_mask_t requires;
 	slap_mask_t opflag;
 	slap_mask_t exopflag = 0;
-	slap_ssf_set_t *ssf;
+	slap_ssf_set_t ssfs, *ssf;
 	int updateop = 0;
 	int starttls = 0;
 	int session = 0;
 
+	restrictops = frontendDB->be_restrictops;
+	requires = frontendDB->be_requires;
+	ssfs = frontendDB->be_ssf_set;
+	ssf = &ssfs;
+
 	if ( op->o_bd ) {
-		int	rc = SLAP_CB_CONTINUE;
+		slap_ssf_t *fssf, *bssf;
+		int	rc = SLAP_CB_CONTINUE, i;
 
 		if ( op->o_bd->be_chk_controls ) {
 			rc = ( *op->o_bd->be_chk_controls )( op, rs );
@@ -1016,14 +1031,13 @@
 			return rs->sr_err;
 		}
 
-		restrictops = op->o_bd->be_restrictops;
-		requires = op->o_bd->be_requires;
-		ssf = &op->o_bd->be_ssf_set;
-
-	} else {
-		restrictops = frontendDB->be_restrictops;
-		requires = frontendDB->be_requires;
-		ssf = &frontendDB->be_ssf_set;
+		restrictops |= op->o_bd->be_restrictops;
+		requires |= op->o_bd->be_requires;
+		bssf = &op->o_bd->be_ssf_set.sss_ssf;
+		fssf = &ssfs.sss_ssf;
+		for ( i=0; i<sizeof(ssfs)/sizeof(slap_ssf_t); i++ ) {
+			if ( bssf[i] ) fssf[i] = bssf[i];
+		}
 	}
 
 	switch( op->o_tag ) {
@@ -1496,7 +1510,7 @@
 						{
 							rc = 0;
 						}
-						filter_free_x( op, filter );
+						filter_free_x( op, filter, 1 );
 					}
 loopit:
 					ldap_free_urldesc( ludp );

Modified: openldap/vendor/openldap-release/servers/slapd/backglue.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backglue.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/backglue.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* backglue.c - backend glue */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.112.2.12 2008/06/02 18:00:53 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backglue.c,v 1.112.2.17 2009/02/11 00:49:55 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -435,16 +435,19 @@
 			if (scope0 == LDAP_SCOPE_ONELEVEL && 
 				dn_match(pdn, &ndn))
 			{
+				struct berval mdn, mndn;
 				op->ors_scope = LDAP_SCOPE_BASE;
-				op->o_req_dn = op->o_bd->be_suffix[0];
-				op->o_req_ndn = op->o_bd->be_nsuffix[0];
+				mdn = op->o_req_dn = op->o_bd->be_suffix[0];
+				mndn = op->o_req_ndn = op->o_bd->be_nsuffix[0];
 				rs->sr_err = op->o_bd->be_search(op, rs);
 				if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
 					gs.err = LDAP_SUCCESS;
 				}
 				op->ors_scope = LDAP_SCOPE_ONELEVEL;
-				op->o_req_dn = dn;
-				op->o_req_ndn = ndn;
+				if ( op->o_req_dn.bv_val == mdn.bv_val )
+					op->o_req_dn = dn;
+				if ( op->o_req_ndn.bv_val == mndn.bv_val )
+					op->o_req_ndn = ndn;
 
 			} else if (scope0 == LDAP_SCOPE_SUBTREE &&
 				dn_match(&op->o_bd->be_nsuffix[0], &ndn))
@@ -454,14 +457,17 @@
 			} else if (scope0 == LDAP_SCOPE_SUBTREE &&
 				dnIsSuffix(&op->o_bd->be_nsuffix[0], &ndn))
 			{
-				op->o_req_dn = op->o_bd->be_suffix[0];
-				op->o_req_ndn = op->o_bd->be_nsuffix[0];
+				struct berval mdn, mndn;
+				mdn = op->o_req_dn = op->o_bd->be_suffix[0];
+				mndn = op->o_req_ndn = op->o_bd->be_nsuffix[0];
 				rs->sr_err = glue_sub_search( op, rs, b0, on );
 				if ( rs->sr_err == LDAP_NO_SUCH_OBJECT ) {
 					gs.err = LDAP_SUCCESS;
 				}
-				op->o_req_dn = dn;
-				op->o_req_ndn = ndn;
+				if ( op->o_req_dn.bv_val == mdn.bv_val )
+					op->o_req_dn = dn;
+				if ( op->o_req_ndn.bv_val == mndn.bv_val )
+					op->o_req_ndn = ndn;
 
 			} else if (dnIsSuffix(&ndn, &op->o_bd->be_nsuffix[0])) {
 				rs->sr_err = glue_sub_search( op, rs, b0, on );
@@ -524,8 +530,6 @@
 		op->ors_scope = scope0;
 		op->ors_tlimit = tlimit0;
 		op->o_time = starttime;
-		op->o_req_dn = dn;
-		op->o_req_ndn = ndn;
 
 		break;
 	}
@@ -938,6 +942,15 @@
 	return 0;
 }
 
+typedef struct glue_Addrec {
+	struct glue_Addrec *ga_next;
+	BackendDB *ga_be;
+} glue_Addrec;
+
+/* List of added subordinates */
+static glue_Addrec *ga_list;
+static int ga_adding;
+
 static int
 glue_db_init(
 	BackendDB *be,
@@ -990,6 +1003,11 @@
 
 	SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_GLUE_INSTANCE;
 
+	if ( ga_list ) {
+		be->bd_info = (BackendInfo *)oi;
+		glue_sub_attach( 1 );
+	}
+
 	return 0;
 }
 
@@ -1064,21 +1082,19 @@
 	return rc;
 }
 
-typedef struct glue_Addrec {
-	struct glue_Addrec *ga_next;
-	BackendDB *ga_be;
-} glue_Addrec;
 
-/* List of added subordinates */
-static glue_Addrec *ga_list;
-
 /* Attach all the subordinate backends to their superior */
 int
-glue_sub_attach()
+glue_sub_attach( int online )
 {
 	glue_Addrec *ga, *gnext = NULL;
 	int rc = 0;
 
+	if ( ga_adding )
+		return 0;
+
+	ga_adding = 1;
+
 	/* For all the subordinate backends */
 	for ( ga=ga_list; ga != NULL; ga = gnext ) {
 		BackendDB *be;
@@ -1118,11 +1134,20 @@
 				&gi->gi_n[gi->gi_nodes].gn_pdn );
 			gi->gi_nodes++;
 			on->on_bi.bi_private = gi;
+			ga->ga_be->be_flags |= SLAP_DBFLAG_GLUE_LINKED;
 			break;
 		}
 		if ( !be ) {
 			Debug( LDAP_DEBUG_ANY, "glue: no superior found for sub %s!\n",
 				ga->ga_be->be_suffix[0].bv_val, 0, 0 );
+			/* allow this for now, assume a superior will
+			 * be added later
+			 */
+			if ( online ) {
+				rc = 0;
+				gnext = ga_list;
+				break;
+			}
 			rc = LDAP_NO_SUCH_OBJECT;
 		}
 		ch_free( ga );
@@ -1131,6 +1156,8 @@
 
 	ga_list = gnext;
 
+	ga_adding = 0;
+
 	return rc;
 }
 
@@ -1156,7 +1183,7 @@
 	ga_list = ga;
 
 	if ( online )
-		rc = glue_sub_attach();
+		rc = glue_sub_attach( online );
 
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/backover.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/backover.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/backover.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* backover.c - backend overlay routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.71.2.10 2008/07/08 19:25:38 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/backover.c,v 1.71.2.18 2009/02/13 03:16:59 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -103,6 +103,8 @@
 	ca.be = be;
 	snprintf( ca.log, sizeof( ca.log ), "%s: line %d",
 			ca.fname, ca.lineno );
+	ca.op = SLAP_CONFIG_ADD;
+	ca.valx = -1;
 
 	for (; on; on=on->on_next) {
 		rc = SLAP_CONF_UNKNOWN;
@@ -138,22 +140,25 @@
 {
 	slap_overinfo *oi = be->bd_info->bi_private;
 	slap_overinst *on = oi->oi_list;
-	BackendDB db = *be;
+	BackendInfo *bi_orig = be->bd_info;
 	int rc = 0;
 
-	db.be_flags |= SLAP_DBFLAG_OVERLAY;
-	db.bd_info = oi->oi_orig;
-	if ( db.bd_info->bi_db_open ) {
-		rc = db.bd_info->bi_db_open( &db, cr );
+	be->be_flags |= SLAP_DBFLAG_OVERLAY;
+	be->bd_info = oi->oi_orig;
+	if ( be->bd_info->bi_db_open ) {
+		rc = be->bd_info->bi_db_open( be, cr );
 	}
 
 	for (; on && rc == 0; on=on->on_next) {
-		db.bd_info = &on->on_bi;
-		if ( db.bd_info->bi_db_open ) {
-			rc = db.bd_info->bi_db_open( &db, cr );
+		be->bd_info = &on->on_bi;
+		if ( be->bd_info->bi_db_open ) {
+			rc = be->bd_info->bi_db_open( be, cr );
 		}
 	}
 
+	be->bd_info = bi_orig;
+	be->be_flags ^= SLAP_DBFLAG_OVERLAY;
+
 	return rc;
 }
 
@@ -193,7 +198,7 @@
 	slap_overinfo *oi = be->bd_info->bi_private;
 	slap_overinst *on = oi->oi_list, *next;
 	BackendInfo *bi_orig = be->bd_info;
-	int rc;
+	int rc = 0;
 
 	be->bd_info = oi->oi_orig;
 	if ( be->bd_info->bi_db_destroy ) {
@@ -597,6 +602,27 @@
 	return rc;
 }
 
+int
+overlay_callback_after_backover( Operation *op, slap_callback *sc, int append )
+{
+	slap_callback **scp;
+
+	for ( scp = &op->o_callback; *scp != NULL; scp = &(*scp)->sc_next ) {
+		if ( (*scp)->sc_response == over_back_response ) {
+			sc->sc_next = (*scp)->sc_next;
+			(*scp)->sc_next = sc;
+			return 0;
+		}
+	}
+
+	if ( append ) {
+		*scp = sc;
+		return 0;
+	}
+
+	return 1;
+}
+
 /*
  * default return code in case of missing backend function
  * and overlay stack returning SLAP_CB_CONTINUE
@@ -1042,7 +1068,7 @@
 		
 		/* add to all backends... */
 		LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
-			if ( be == bd ) {
+			if ( bd == be->bd_self ) {
 				gotit = 1;
 			}
 
@@ -1053,8 +1079,8 @@
 	}
 	
 	if ( !gotit ) {
-		be->be_ctrls[ cid ] = 1;
-		be->be_ctrls[ SLAP_MAX_CIDS ] = 1;
+		be->bd_self->be_ctrls[ cid ] = 1;
+		be->bd_self->be_ctrls[ SLAP_MAX_CIDS ] = 1;
 	}
 
 	return 0;
@@ -1086,14 +1112,15 @@
 overlay_remove( BackendDB *be, slap_overinst *on )
 {
 	slap_overinfo *oi = on->on_info;
-	slap_overinst **oidx, *on2;
+	slap_overinst **oidx;
+	BackendInfo *bi_orig;
 
 	/* remove overlay from oi_list an call db_close and db_destroy
 	 * handlers */
 	for ( oidx = &oi->oi_list; *oidx; oidx = &(*oidx)->on_next ) {
 		if ( *oidx == on ) {
 			*oidx = on->on_next;
-			BackendInfo *bi_orig = be->bd_info;
+			bi_orig = be->bd_info;
 			be->bd_info = (BackendInfo *)on;
 			if ( on->on_bi.bi_db_close ) {
 				on->on_bi.bi_db_close( be, NULL );

Modified: openldap/vendor/openldap-release/servers/slapd/bconfig.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/bconfig.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/bconfig.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bconfig.c - the config backend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.202.2.37 2008/07/09 23:52:27 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bconfig.c,v 1.202.2.59 2009/02/13 03:16:59 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -63,6 +63,7 @@
 	ContentRule *c_cr_head, *c_cr_tail;
 	ObjectClass *c_oc_head, *c_oc_tail;
 	OidMacro *c_om_head, *c_om_tail;
+	Syntax *c_syn_head, *c_syn_tail;
 	BerVarray c_dseFiles;
 } ConfigFile;
 
@@ -87,7 +88,7 @@
 
 /* Private state */
 static AttributeDescription *cfAd_backend, *cfAd_database, *cfAd_overlay,
-	*cfAd_include, *cfAd_attr, *cfAd_oc, *cfAd_om;
+	*cfAd_include, *cfAd_attr, *cfAd_oc, *cfAd_om, *cfAd_syntax;
 
 static ConfigFile *cfn;
 
@@ -97,9 +98,11 @@
 extern AttributeType *at_sys_tail;	/* at.c */
 extern ObjectClass *oc_sys_tail;	/* oc.c */
 extern OidMacro *om_sys_tail;	/* oidm.c */
+extern Syntax *syn_sys_tail;	/* syntax.c */
 static AttributeType *cf_at_tail;
 static ObjectClass *cf_oc_tail;
 static OidMacro *cf_om_tail;
+static Syntax *cf_syn_tail;
 
 static int config_add_internal( CfBackInfo *cfb, Entry *e, ConfigArgs *ca,
 	SlapReply *rs, int *renumber, Operation *op );
@@ -142,6 +145,7 @@
 	CFG_DATABASE,
 	CFG_TLS_RAND,
 	CFG_TLS_CIPHER,
+	CFG_TLS_PROTOCOL_MIN,
 	CFG_TLS_CERT_FILE,
 	CFG_TLS_CERT_KEY,
 	CFG_TLS_CA_PATH,
@@ -180,6 +184,8 @@
 	CFG_SERVERID,
 	CFG_SORTVALS,
 	CFG_IX_INTLEN,
+	CFG_SYNTAX,
+	CFG_ACL_ADD,
 
 	CFG_LAST
 };
@@ -254,6 +260,7 @@
  * OLcfgOv{Oc|At}:17			-> dyngroup
  * OLcfgOv{Oc|At}:18			-> memberof
  * OLcfgOv{Oc|At}:19			-> collect
+ * OLcfgOv{Oc|At}:20			-> retcode
  */
 
 /* alphabetical ordering */
@@ -275,6 +282,10 @@
 			"DESC 'Access Control List' "
 			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
+	{ "add_content_acl",	NULL, 0, 0, 0, ARG_MAY_DB|ARG_ON_OFF|ARG_MAGIC|CFG_ACL_ADD,
+		&config_generic, "( OLcfgGlAt:86 NAME 'olcAddContentAcl' "
+			"DESC 'Check ACLs against content of Add ops' "
+			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "allows",	"features", 2, 0, 5, ARG_PRE_DB|ARG_MAGIC,
 		&config_allows, "( OLcfgGlAt:2 NAME 'olcAllows' "
 			"DESC 'Allowed set of deprecated features' "
@@ -380,6 +391,13 @@
 	{ "lastmod", "on|off", 2, 2, 0, ARG_DB|ARG_ON_OFF|ARG_MAGIC|CFG_LASTMOD,
 		&config_generic, "( OLcfgDbAt:0.4 NAME 'olcLastMod' "
 			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ "ldapsyntax",	"syntax", 2, 0, 0,
+		ARG_PAREN|ARG_MAGIC|CFG_SYNTAX,
+		&config_generic, "( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' "
+			"DESC 'OpenLDAP ldapSyntax' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
+				NULL, NULL },
 	{ "limits", "limits", 2, 0, 0, ARG_DB|ARG_MAGIC|CFG_LIMITS,
 		&config_generic, "( OLcfgDbAt:0.5 NAME 'olcLimits' "
 			"EQUALITY caseIgnoreMatch "
@@ -668,6 +686,14 @@
 #endif
 		"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
 			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "TLSProtocolMin",	NULL, 0, 0, 0,
+#ifdef HAVE_TLS
+		CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
+#else
+		ARG_IGNORED, NULL,
+#endif
+		"( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
 	{ "tool-threads", "count", 2, 2, 0, ARG_INT|ARG_MAGIC|CFG_TTHREADS,
 		&config_generic, "( OLcfgGlAt:80 NAME 'olcToolThreads' "
 			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
@@ -684,6 +710,15 @@
 		NULL, NULL, NULL, NULL }
 };
 
+/* Need to no-op this keyword for dynamic config */
+ConfigTable olcDatabaseDummy[] = {
+	{ "", "", 0, 0, 0, ARG_IGNORED,
+		NULL, "( OLcfgGlAt:13 NAME 'olcDatabase' "
+			"DESC 'The backend type for a database instance' "
+			"SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
 /* Routines to check if a child can be added to this type */
 static ConfigLDAPadd cfAddSchema, cfAddInclude, cfAddDatabase,
 	cfAddBackend, cfAddModule, cfAddOverlay;
@@ -717,7 +752,7 @@
 		 "olcDisallows $ olcGentleHUP $ olcIdleTimeout $ "
 		 "olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ "
 		 "olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ "
-		 "olcLocalSSF $ olcLogLevel $ "
+		 "olcLocalSSF $ olcLogFile $ olcLogLevel $ "
 		 "olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ "
 		 "olcPluginLogFile $ olcReadOnly $ olcReferral $ "
 		 "olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ "
@@ -731,13 +766,13 @@
 		 "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
 		 "olcTLSCRLFile $ olcToolThreads $ "
 		 "olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
-		 "olcDitContentRules ) )", Cft_Global },
+		 "olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global },
 	{ "( OLcfgGlOc:2 "
 		"NAME 'olcSchemaConfig' "
 		"DESC 'OpenLDAP schema object' "
 		"SUP olcConfig STRUCTURAL "
 		"MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ "
-		 "olcObjectClasses $ olcDitContentRules ) )",
+		 "olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )",
 		 	Cft_Schema, NULL, cfAddSchema },
 	{ "( OLcfgGlOc:3 "
 		"NAME 'olcBackendConfig' "
@@ -750,7 +785,7 @@
 		"SUP olcConfig STRUCTURAL "
 		"MUST olcDatabase "
 		"MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ "
-		 "olcLastMod $ olcLimits $ "
+		 "olcAddContentAcl $ olcLastMod $ olcLimits $ "
 		 "olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ "
 		 "olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ "
 		 "olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ "
@@ -926,6 +961,17 @@
 				rc = 1;
 			}
 			break;
+		case CFG_SYNTAX: {
+			ConfigFile *cf = c->ca_private;
+			if ( !cf )
+				syn_unparse( &c->rvalue_vals, NULL, NULL, 1 );
+			else if ( cf->c_syn_head )
+				syn_unparse( &c->rvalue_vals, cf->c_syn_head,
+					cf->c_syn_tail, 0 );
+			if ( !c->rvalue_vals )
+				rc = 1;
+			}
+			break;
 		case CFG_DIT: {
 			ConfigFile *cf = c->ca_private;
 			if ( !cf )
@@ -942,12 +988,7 @@
 			AccessControl *a;
 			char *src, *dst, ibuf[11];
 			struct berval bv, abv;
-			AccessControl *end;
-			if ( c->be == frontendDB )
-				end = NULL;
-			else
-				end = frontendDB->be_acl;
-			for (i=0, a=c->be->be_acl; a && a != end; i++,a=a->acl_next) {
+			for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
 				abv.bv_len = snprintf( ibuf, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
 				if ( abv.bv_len >= sizeof( ibuf ) ) {
 					ber_bvarray_free_x( c->rvalue_vals, NULL );
@@ -974,6 +1015,9 @@
 			rc = (!i);
 			break;
 		}
+		case CFG_ACL_ADD:
+			c->value_int = (SLAP_DBACL_ADD(c->be) != 0);
+			break;
 		case CFG_ROOTDSE: {
 			ConfigFile *cf = c->ca_private;
 			if ( cf->c_dseFiles ) {
@@ -993,7 +1037,7 @@
 					if ( !BER_BVISEMPTY( &si->si_url )) {
 						bv.bv_len = si->si_url.bv_len + 6;
 						bv.bv_val = ch_malloc( bv.bv_len );
-						sprintf( bv.bv_val, "%d %s", si->si_num,
+						bv.bv_len = sprintf( bv.bv_val, "%d %s", si->si_num,
 							si->si_url.bv_val );
 						ber_bvarray_add( &c->rvalue_vals, &bv );
 					} else {
@@ -1127,6 +1171,7 @@
 		case CFG_SASLSECP:
 		case CFG_SSTR_IF_MAX:
 		case CFG_SSTR_IF_MIN:
+		case CFG_ACL_ADD:
 			break;
 
 		/* no-ops, requires slapd restart */
@@ -1179,13 +1224,8 @@
 
 		case CFG_ACL:
 			if ( c->valx < 0 ) {
-				AccessControl *end;
-				if ( c->be == frontendDB )
-					end = NULL;
-				else
-					end = frontendDB->be_acl;
-				acl_destroy( c->be->be_acl, end );
-				c->be->be_acl = end;
+				acl_destroy( c->be->be_acl );
+				c->be->be_acl = NULL;
 
 			} else {
 				AccessControl **prev, *a;
@@ -1276,6 +1316,44 @@
 				}
 			}
 			break;
+
+		case CFG_SYNTAX: {
+			CfEntryInfo *ce;
+			/* Can be NULL when undoing a failed add */
+			if ( c->ca_entry ) {
+				ce = c->ca_entry->e_private;
+				/* can't modify the hardcoded schema */
+				if ( ce->ce_parent->ce_type == Cft_Global )
+					return 1;
+				}
+			}
+			cfn = c->ca_private;
+			if ( c->valx < 0 ) {
+				Syntax *syn;
+
+				for( syn = cfn->c_syn_head; syn; syn_next( &syn )) {
+					syn_delete( syn );
+					if ( syn == cfn->c_syn_tail )
+						break;
+				}
+				cfn->c_syn_head = cfn->c_syn_tail = NULL;
+			} else {
+				Syntax *syn, *prev = NULL;
+
+				for ( i = 0, syn = cfn->c_syn_head; i < c->valx; i++) {
+					prev = syn;
+					syn_next( &syn );
+				}
+				syn_delete( syn );
+				if ( cfn->c_syn_tail == syn ) {
+					cfn->c_syn_tail = prev;
+				}
+				if ( cfn->c_syn_head == syn ) {
+					syn_next( &syn );
+					cfn->c_syn_head = syn;
+				}
+			}
+			break;
 		case CFG_SORTVALS:
 			if ( c->valx < 0 ) {
 				ADlist *sv;
@@ -1502,6 +1580,38 @@
 			}
 			break;
 
+		case CFG_SYNTAX: {
+			Syntax *syn, *prev;
+
+			if ( c->op == LDAP_MOD_ADD && c->ca_private && cfn != c->ca_private )
+				cfn = c->ca_private;
+			if ( c->valx < 0 ) {
+				prev = cfn->c_syn_tail;
+			} else {
+				prev = NULL;
+				/* If adding anything after the first, prev is easy */
+				if ( c->valx ) {
+					int i;
+					for ( i = 0, syn = cfn->c_syn_head; i < c->valx; i++ ) {
+						prev = syn;
+						syn_next( &syn );
+					}
+				} else
+				/* If adding the first, and head exists, find its prev */
+					if (cfn->c_syn_head) {
+					for ( syn_start( &syn ); syn != cfn->c_syn_head; ) {
+						prev = syn;
+						syn_next( &syn );
+					}
+				}
+				/* else prev is NULL, append to end of global list */
+			}
+			if ( parse_syn( c, &syn, prev ) ) return(1);
+			if ( !cfn->c_syn_head ) cfn->c_syn_head = syn;
+			if ( cfn->c_syn_tail == prev ) cfn->c_syn_tail = syn;
+			}
+			break;
+
 		case CFG_DIT: {
 			ContentRule *cr;
 
@@ -1580,11 +1690,10 @@
 		case CFG_ACL:
 			/* Don't append to the global ACL if we're on a specific DB */
 			i = c->valx;
-			if ( c->be != frontendDB && frontendDB->be_acl && c->valx == -1 ) {
+			if ( c->valx == -1 ) {
 				AccessControl *a;
 				i = 0;
-				for ( a=c->be->be_acl; a && a != frontendDB->be_acl;
-					a = a->acl_next )
+				for ( a=c->be->be_acl; a; a = a->acl_next )
 					i++;
 			}
 			if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) {
@@ -1592,6 +1701,13 @@
 			}
 			break;
 
+		case CFG_ACL_ADD:
+			if(c->value_int)
+				SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_ACL_ADD;
+			else
+				SLAP_DBFLAGS(c->be) &= ~SLAP_DBFLAG_ACL_ADD;
+			break;
+
 		case CFG_ROOTDSE:
 			if(root_dse_read_file(c->argv[1])) {
 				snprintf( c->cr_msg, sizeof( c->cr_msg ), "<%s> could not read file", c->argv[0] );
@@ -1667,20 +1783,28 @@
 				*sip = si;
 
 				if (( slapMode & SLAP_SERVER_MODE ) && c->argc > 2 ) {
+					Listener **l = slapd_get_listeners();
+					int i, isMe = 0;
+
+					/* Try a straight compare with Listener strings */
+					for ( i=0; l && l[i]; i++ ) {
+						if ( !strcasecmp( c->argv[2], l[i]->sl_url.bv_val )) {
+							isMe = 1;
+							break;
+						}
+					}
+
 					/* If hostname is empty, or is localhost, or matches
 					 * our hostname, this serverID refers to this host.
 					 * Compare it against listeners and ports.
 					 */
-					if ( !lud->lud_host || !lud->lud_host[0] ||
+					if ( !isMe && ( !lud->lud_host || !lud->lud_host[0] ||
 						!strncasecmp("localhost", lud->lud_host,
 							STRLENOF("localhost")) ||
-						!strcasecmp( global_host, lud->lud_host )) {
-						Listener **l = slapd_get_listeners();
-						int i;
+						!strcasecmp( global_host, lud->lud_host ))) {
 
 						for ( i=0; l && l[i]; i++ ) {
 							LDAPURLDesc *lu2;
-							int isMe = 0;
 							ldap_url_parse( l[i]->sl_url.bv_val, &lu2 );
 							do {
 								if ( strcasecmp( lud->lud_scheme,
@@ -1709,15 +1833,17 @@
 							} while(0);
 							ldap_free_urldesc( lu2 );
 							if ( isMe ) {
-								slap_serverID = si->si_num;
-								Debug( LDAP_DEBUG_CONFIG,
-									"%s: SID=%d (listener=%s)\n",
-									c->log, slap_serverID,
-									l[i]->sl_url.bv_val );
 								break;
 							}
 						}
 					}
+					if ( isMe ) {
+						slap_serverID = si->si_num;
+						Debug( LDAP_DEBUG_CONFIG,
+							"%s: SID=%d (listener=%s)\n",
+							c->log, slap_serverID,
+							l[i]->sl_url.bv_val );
+					}
 				}
 				if ( c->argc > 2 )
 					ldap_free_urldesc( lud );
@@ -2485,6 +2611,8 @@
 		{ BER_BVC("bind_simple"),	SLAP_DISALLOW_BIND_SIMPLE },
 		{ BER_BVC("tls_2_anon"),		SLAP_DISALLOW_TLS_2_ANON },
 		{ BER_BVC("tls_authc"),		SLAP_DISALLOW_TLS_AUTHC },
+		{ BER_BVC("proxy_authz_non_critical"),	SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT },
+		{ BER_BVC("dontusecopy_non_critical"),	SLAP_DISALLOW_DONTUSECOPY_N_CRIT },
 		{ BER_BVNULL, 0 }
 	};
 	if (c->op == SLAP_CONFIG_EMIT) {
@@ -2960,8 +3088,17 @@
 		return 1;
 	}
 
-	SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SINGLE_SHADOW | flag);
+	if ( SLAP_SHADOW(c->be) ) {
+		/* if already shadow, only check consistency */
+		if ( ( SLAP_DBFLAGS(c->be) & flag ) != flag ) {
+			Debug( LDAP_DEBUG_ANY, "%s: inconsistent shadow flag 0x%x.\n", c->log, flag, 0 );
+			return 1;
+		}
 
+	} else {
+		SLAP_DBFLAGS(c->be) |= (SLAP_DBFLAG_SHADOW | SLAP_DBFLAG_SINGLE_SHADOW | flag);
+	}
+
 	return 0;
 }
 
@@ -3089,6 +3226,7 @@
 	switch(c->type) {
 	case CFG_TLS_CRLCHECK:	flag = LDAP_OPT_X_TLS_CRLCHECK; break;
 	case CFG_TLS_VERIFY:	flag = LDAP_OPT_X_TLS_REQUIRE_CERT; break;
+	case CFG_TLS_PROTOCOL_MIN: flag = LDAP_OPT_X_TLS_PROTOCOL_MIN; break;
 	default:
 		Debug(LDAP_DEBUG_ANY, "%s: "
 				"unknown tls_option <0x%x>\n",
@@ -3160,7 +3298,7 @@
 	ConfigArgs *ca;
 	Entry *frontend;
 	Entry *config;
-	int	got_frontend;
+	int got_frontend;
 	int got_config;
 } setup_cookie;
 
@@ -3169,15 +3307,18 @@
 {
 	if ( rs->sr_type == REP_SEARCH ) {
 		setup_cookie *sc = op->o_callback->sc_private;
+		struct berval pdn;
 
 		sc->cfb->cb_got_ldif = 1;
 		/* Does the frontend exist? */
 		if ( !sc->got_frontend ) {
 			if ( !strncmp( rs->sr_entry->e_nname.bv_val,
-				"olcDatabase", STRLENOF( "olcDatabase" ))) {
+				"olcDatabase", STRLENOF( "olcDatabase" )))
+			{
 				if ( strncmp( rs->sr_entry->e_nname.bv_val +
 					STRLENOF( "olcDatabase" ), "={-1}frontend",
-					STRLENOF( "={-1}frontend" ))) {
+					STRLENOF( "={-1}frontend" )))
+				{
 					struct berval rdn;
 					int i = op->o_noop;
 					sc->ca->be = frontendDB;
@@ -3200,13 +3341,19 @@
 				}
 			}
 		}
+
+		dnParent( &rs->sr_entry->e_nname, &pdn );
+
 		/* Does the configDB exist? */
 		if ( sc->got_frontend && !sc->got_config &&
 			!strncmp( rs->sr_entry->e_nname.bv_val,
-			"olcDatabase", STRLENOF( "olcDatabase" ))) {
+			"olcDatabase", STRLENOF( "olcDatabase" )) &&
+			dn_match( &config_rdn, &pdn ) )
+		{
 			if ( strncmp( rs->sr_entry->e_nname.bv_val +
 				STRLENOF( "olcDatabase" ), "={0}config",
-				STRLENOF( "={0}config" ))) {
+				STRLENOF( "={0}config" )))
+			{
 				struct berval rdn;
 				int i = op->o_noop;
 				sc->ca->be = LDAP_STAILQ_FIRST( &backendDB );
@@ -3507,6 +3654,9 @@
 		rs->sr_entry = ce->ce_entry;
 		rs->sr_flags = 0;
 		rc = send_search_entry( op, rs );
+		if ( rc != LDAP_SUCCESS ) {
+			return rc;
+		}
 	}
 	if ( op->ors_scope == LDAP_SCOPE_SUBTREE ) {
 		if ( ce->ce_kids ) {
@@ -3669,14 +3819,15 @@
 	struct berval rdn, nrdn;
 
 	for (ce2 = ce->ce_kids; ce2; ce2 = ce2->ce_sibs) {
+		struct berval newdn, newndn;
 		dnRdn ( &ce2->ce_entry->e_name, &rdn );
 		dnRdn ( &ce2->ce_entry->e_nname, &nrdn );
+		build_new_dn( &newdn, &ce->ce_entry->e_name, &rdn, NULL );
+		build_new_dn( &newndn, &ce->ce_entry->e_nname, &nrdn, NULL );
 		free( ce2->ce_entry->e_name.bv_val );
 		free( ce2->ce_entry->e_nname.bv_val );
-		build_new_dn( &ce2->ce_entry->e_name, &ce->ce_entry->e_name,
-			&rdn, NULL );
-		build_new_dn( &ce2->ce_entry->e_nname, &ce->ce_entry->e_nname,
-			&nrdn, NULL );
+		ce2->ce_entry->e_name = newdn;
+		ce2->ce_entry->e_nname = newndn;
 		config_rename_kids( ce2 );
 	}
 }
@@ -3837,10 +3988,10 @@
 			isconfig = 1;
 	}
 	ptr1 = ber_bvchr( &e->e_name, '{' );
-	if ( ptr1 && ptr1 - e->e_name.bv_val < rdn.bv_len ) {
+	if ( ptr1 && ptr1 < &e->e_name.bv_val[ rdn.bv_len ] ) {
 		char	*next;
 		ptr2 = strchr( ptr1, '}' );
-		if (!ptr2 || ptr2 - e->e_name.bv_val > rdn.bv_len)
+		if ( !ptr2 || ptr2 > &e->e_name.bv_val[ rdn.bv_len ] )
 			return LDAP_NAMING_VIOLATION;
 		if ( ptr2-ptr1 == 1)
 			return LDAP_NAMING_VIOLATION;
@@ -3881,7 +4032,7 @@
 		if ( isconfig && index == -1 ) {
 			index = 0;
 		}
-		if ( !isfrontend && index == -1 ) {
+		if (( !isfrontend && index == -1 ) || ( index > nsibs ) ){
 			index = nsibs;
 		}
 
@@ -4061,6 +4212,13 @@
 		ct = config_find_table( colst, nocs, ad, ca );
 		config_del_vals( ct, ca );
 	}
+	if ( cfn->c_syn_head ) {
+		struct berval bv = BER_BVC("olcLdapSyntaxes");
+		ad = NULL;
+		slap_bv2ad( &bv, &ad, &text );
+		ct = config_find_table( colst, nocs, ad, ca );
+		config_del_vals( ct, ca );
+	}
 	if ( cfn->c_om_head ) {
 		struct berval bv = BER_BVC("olcObjectIdentifier");
 		ad = NULL;
@@ -4330,6 +4488,7 @@
 		if ( !ct ) continue;	/* user data? */
 		for (i=0; a->a_vals[i].bv_val; i++) {
 			char *iptr = NULL;
+			ca->valx = -1;
 			ca->line = a->a_vals[i].bv_val;
 			if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED ) {
 				ptr = strchr( ca->line, '}' );
@@ -4341,8 +4500,6 @@
 			if ( a->a_desc->ad_type->sat_flags & SLAP_AT_ORDERED_SIB ) {
 				if ( iptr ) {
 					ca->valx = strtol( iptr+1, NULL, 0 );
-				} else {
-					ca->valx = -1;
 				}
 			} else {
 				ca->valx = i;
@@ -4533,13 +4690,22 @@
 		goto out;
 	}
 
+	/*
+	 * Check for attribute ACL
+	 */
+	if ( !acl_check_modlist( op, op->ora_e, op->orm_modlist )) {
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		rs->sr_text = "no write access to attribute";
+		goto out;
+	}
+
 	cfb = (CfBackInfo *)op->o_bd->be_private;
 
 	/* add opattrs for syncprov */
 	{
 		char textbuf[SLAP_TEXT_BUFLEN];
 		size_t textlen = sizeof textbuf;
-		rs->sr_err = entry_schema_check(op, op->ora_e, NULL, 0, 1,
+		rs->sr_err = entry_schema_check(op, op->ora_e, NULL, 0, 1, NULL,
 			&rs->sr_text, textbuf, sizeof( textbuf ) );
 		if ( rs->sr_err != LDAP_SUCCESS )
 			goto out;
@@ -4622,6 +4788,7 @@
 {
 	int rc;
 
+	ca->valx = -1;
 	if (ad->ad_type->sat_flags & SLAP_AT_ORDERED &&
 		ca->line[0] == '{' )
 	{
@@ -4785,7 +4952,7 @@
 	
 	if ( rc == LDAP_SUCCESS) {
 		/* check that the entry still obeys the schema */
-		rc = entry_schema_check(op, e, NULL, 0, 0,
+		rc = entry_schema_check(op, e, NULL, 0, 0, NULL,
 			&rs->sr_text, ca->cr_msg, sizeof(ca->cr_msg) );
 	}
 	if ( rc ) goto out_noop;
@@ -5236,8 +5403,6 @@
 	CfBackInfo *cfb;
 	CfEntryInfo *ce, *last, *ce2;
 
-	slap_mask_t mask;
-
 	cfb = (CfBackInfo *)op->o_bd->be_private;
 
 	ce = config_find_base( cfb->cb_root, &op->o_req_ndn, &last );
@@ -5245,11 +5410,11 @@
 		if ( last )
 			rs->sr_matched = last->ce_entry->e_name.bv_val;
 		rs->sr_err = LDAP_NO_SUCH_OBJECT;
-	} if ( ce->ce_kids ) {
+	} else if ( ce->ce_kids ) {
 		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
 	} else if ( ce->ce_type == Cft_Overlay ){
 		char *iptr;
-		int count, ixold, rc;
+		int count, ixold;
 
 		ldap_pvt_thread_pool_pause( &connection_pool );
 		
@@ -5348,20 +5513,22 @@
 	switch ( op->ors_scope ) {
 	case LDAP_SCOPE_BASE:
 	case LDAP_SCOPE_SUBTREE:
-		config_send( op, rs, ce, 0 );
+		rs->sr_err = config_send( op, rs, ce, 0 );
 		break;
 		
 	case LDAP_SCOPE_ONELEVEL:
 		for (ce = ce->ce_kids; ce; ce=ce->ce_sibs) {
-			config_send( op, rs, ce, 1 );
+			rs->sr_err = config_send( op, rs, ce, 1 );
+			if ( rs->sr_err ) {
+				break;
+			}
 		}
 		break;
 	}
-		
-	rs->sr_err = LDAP_SUCCESS;
+
 out:
 	send_ldap_result( op, rs );
-	return 0;
+	return rs->sr_err;
 }
 
 /* no-op, we never free entries */
@@ -5407,7 +5574,7 @@
 	return rc;
 }
 
-static void
+static int
 config_build_attrs( Entry *e, AttributeType **at, AttributeDescription *ad,
 	ConfigTable *ct, ConfigArgs *c )
 {
@@ -5424,18 +5591,42 @@
 				 * returns success with no values */
 				if (rc == LDAP_SUCCESS && c->rvalue_vals != NULL ) {
 					if ( c->rvalue_nvals )
-						attr_merge(e, ct[i].ad, c->rvalue_vals,
+						rc = attr_merge(e, ct[i].ad, c->rvalue_vals,
 							c->rvalue_nvals);
-					else
-						attr_merge_normalize(e, ct[i].ad,
+					else {
+						slap_syntax_validate_func *validate =
+							ct[i].ad->ad_type->sat_syntax->ssyn_validate;
+						if ( validate ) {
+							int j;
+							for ( j=0; c->rvalue_vals[j].bv_val; j++ ) {
+								rc = ordered_value_validate( ct[i].ad,
+									&c->rvalue_vals[j], LDAP_MOD_ADD );
+								if ( rc ) {
+									Debug( LDAP_DEBUG_ANY,
+										"config_build_attrs: error %d on %s value #%d\n",
+										rc, ct[i].ad->ad_cname.bv_val, j );
+									return rc;
+								}
+							}
+						}
+							
+						rc = attr_merge_normalize(e, ct[i].ad,
 							c->rvalue_vals, NULL);
+					}
 					ber_bvarray_free( c->rvalue_nvals );
 					ber_bvarray_free( c->rvalue_vals );
+					if ( rc ) {
+						Debug( LDAP_DEBUG_ANY,
+							"config_build_attrs: error %d on %s\n",
+							rc, ct[i].ad->ad_cname.bv_val, 0 );
+						return rc;
+					}
 				}
 				break;
 			}
 		}
 	}
+	return 0;
 }
 
 Entry *
@@ -5449,7 +5640,7 @@
 	AttributeDescription *ad = NULL;
 	int rc;
 	char *ptr;
-	const char *text;
+	const char *text = "";
 	Attribute *oc_at;
 	struct berval pdn;
 	ObjectClass *oc;
@@ -5487,7 +5678,7 @@
 	ad_name.bv_len = ptr - rdn->bv_val;
 	rc = slap_bv2ad( &ad_name, &ad, &text );
 	if ( rc ) {
-		return NULL;
+		goto fail;
 	}
 	val.bv_val = ptr+1;
 	val.bv_len = rdn->bv_len - (val.bv_val - rdn->bv_val);
@@ -5495,26 +5686,35 @@
 
 	oc = main->co_oc;
 	c->table = main->co_type;
-	if ( oc->soc_required )
-		config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
+	if ( oc->soc_required ) {
+		rc = config_build_attrs( e, oc->soc_required, ad, main->co_table, c );
+		if ( rc ) goto fail;
+	}
 
-	if ( oc->soc_allowed )
-		config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
+	if ( oc->soc_allowed ) {
+		rc = config_build_attrs( e, oc->soc_allowed, ad, main->co_table, c );
+		if ( rc ) goto fail;
+	}
 
 	if ( extra ) {
 		oc = extra->co_oc;
 		c->table = extra->co_type;
-		if ( oc->soc_required )
-			config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
+		if ( oc->soc_required ) {
+			rc = config_build_attrs( e, oc->soc_required, ad, extra->co_table, c );
+			if ( rc ) goto fail;
+		}
 
-		if ( oc->soc_allowed )
-			config_build_attrs( e, oc->soc_allowed, ad, extra->co_table, c );
+		if ( oc->soc_allowed ) {
+			rc = config_build_attrs( e, oc->soc_allowed, ad, extra->co_table, c );
+			if ( rc ) goto fail;
+		}
 	}
 
 	oc_at = attr_find( e->e_attrs, slap_schema.si_ad_objectClass );
 	rc = structural_class(oc_at->a_vals, &oc, NULL, &text, c->cr_msg,
 		sizeof(c->cr_msg), op ? op->o_tmpmemctx : NULL );
 	if ( rc != LDAP_SUCCESS ) {
+fail:
 		Debug( LDAP_DEBUG_ANY,
 			"config_build_entry: build \"%s\" failed: \"%s\"\n",
 			rdn->bv_val, text, 0);
@@ -5529,7 +5729,7 @@
 			op->o_bd->be_add( op, rs );
 			if ( ( rs->sr_err != LDAP_SUCCESS ) 
 					&& (rs->sr_err != LDAP_ALREADY_EXISTS) ) {
-				return NULL;
+				goto fail;
 			}
 		}
 	}
@@ -5551,11 +5751,11 @@
 	Entry *e;
 	ConfigFile *cf = c->ca_private;
 	char *ptr;
-	struct berval bv;
+	struct berval bv, rdn;
 
 	for (; cf; cf=cf->c_sibs, c->depth++) {
 		if ( !cf->c_at_head && !cf->c_cr_head && !cf->c_oc_head &&
-			!cf->c_om_head ) continue;
+			!cf->c_om_head && !cf->c_syn_head ) continue;
 		c->value_dn.bv_val = c->log;
 		LUTIL_SLASHPATH( cf->c_file.bv_val );
 		bv.bv_val = strrchr(cf->c_file.bv_val, LDAP_DIRSEP[0]);
@@ -5577,9 +5777,10 @@
 			bv.bv_len );
 		c->value_dn.bv_len += bv.bv_len;
 		c->value_dn.bv_val[c->value_dn.bv_len] ='\0';
+		rdn = c->value_dn;
 
 		c->ca_private = cf;
-		e = config_build_entry( op, rs, ceparent, c, &c->value_dn,
+		e = config_build_entry( op, rs, ceparent, c, &rdn,
 			&CFOC_SCHEMA, NULL );
 		if ( !e ) {
 			return -1;
@@ -5684,6 +5885,21 @@
 			ber_bvarray_free( bv );
 			cf_oc_tail = oc_sys_tail;
 		}
+		if ( cf_syn_tail != syn_sys_tail ) {
+			a = attr_find( e->e_attrs, cfAd_syntax );
+			if ( a ) {
+				if ( a->a_nvals != a->a_vals )
+					ber_bvarray_free( a->a_nvals );
+				ber_bvarray_free( a->a_vals );
+				a->a_vals = NULL;
+				a->a_nvals = NULL;
+				a->a_numvals = 0;
+			}
+			syn_unparse( &bv, NULL, NULL, 1 );
+			attr_merge_normalize( e, cfAd_syntax, bv, NULL );
+			ber_bvarray_free( bv );
+			cf_syn_tail = syn_sys_tail;
+		}
 	} else {
 		SlapReply rs = {REP_RESULT};
 		c.ca_private = NULL;
@@ -5697,6 +5913,7 @@
 		cf_at_tail = at_sys_tail;
 		cf_oc_tail = oc_sys_tail;
 		cf_om_tail = om_sys_tail;
+		cf_syn_tail = syn_sys_tail;
 	}
 	return 0;
 }
@@ -5727,7 +5944,7 @@
 	/* If we have no explicitly configured ACLs, don't just use
 	 * the global ACLs. Explicitly deny access to everything.
 	 */
-	if ( frontendDB->be_acl && be->be_acl == frontendDB->be_acl ) {
+	if ( !be->be_acl ) {
 		parse_acl(be, "config_back_db_open", 0, 6, (char **)defacl, 0 );
 	}
 
@@ -5788,6 +6005,7 @@
 	cf_at_tail = at_sys_tail;
 	cf_oc_tail = oc_sys_tail;
 	cf_om_tail = om_sys_tail;
+	cf_syn_tail = syn_sys_tail;
 
 	/* Create schema nodes for included schema... */
 	if ( cfb->cb_config->c_kids ) {
@@ -6015,6 +6233,9 @@
 	/* Hide from namingContexts */
 	SLAP_BFLAGS(be) |= SLAP_BFLAG_CONFIG;
 
+	/* Check ACLs on content of Adds by default */
+	SLAP_DBFLAGS(be) |= SLAP_DBFLAG_ACL_ADD;
+
 	return 0;
 }
 
@@ -6221,6 +6442,7 @@
 	{ "backend", &cfAd_backend },
 	{ "database", &cfAd_database },
 	{ "include", &cfAd_include },
+	{ "ldapsyntax", &cfAd_syntax },
 	{ "objectclass", &cfAd_oc },
 	{ "objectidentifier", &cfAd_om },
 	{ "overlay", &cfAd_overlay },
@@ -6327,6 +6549,9 @@
 	i = config_register_schema( ct, cf_ocs );
 	if ( i ) return i;
 
+	i = slap_str2ad( "olcDatabase", &olcDatabaseDummy[0].ad, &text );
+	if ( i ) return i;
+
 	/* setup olcRootPW to be base64-encoded when written in LDIF form;
 	 * basically, we don't care if it fails */
 	i = slap_str2ad( "olcRootPW", &ad, &text );

Modified: openldap/vendor/openldap-release/servers/slapd/bind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* bind.c - decode an ldap bind operation and pass it to a backend db */
-/* $OpenLDAP: pkg/ldap/servers/slapd/bind.c,v 1.201.2.4 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/bind.c,v 1.201.2.5 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/cancel.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/cancel.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/cancel.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* cancel.c - LDAP cancel extended operation */
-/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.23.2.4 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cancel.c,v 1.23.2.5 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/ch_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ch_malloc.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/ch_malloc.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ch_malloc.c - malloc routines that test returns from malloc and friends */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ch_malloc.c,v 1.28.2.3 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ch_malloc.c,v 1.28.2.4 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/compare.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/compare.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/compare.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/compare.c,v 1.136.2.8 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/compare.c,v 1.136.2.9 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/component.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/component.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/component.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* component.c -- Component Filter Match Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/component.c,v 1.31.2.3 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/component.c,v 1.31.2.6 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 by IBM Corporation.
  * All rights reserved.
  *
@@ -212,7 +212,7 @@
 int
 get_len_of_next_assert_value ( struct berval* bv, char separator )
 {
-	int i = 0;
+	ber_len_t i = 0;
 	while (1) {
 		if ( (bv->bv_val[ i ] == separator) || ( i >= bv->bv_len) )
 			break;
@@ -491,8 +491,11 @@
 	if ( op ) {
 		*cid = op->o_tmpalloc( sizeof( ComponentId ), op->o_tmpmemctx );
 	} else {
-		*cid = malloc( sizeof( ComponentId ) );
+		*cid = SLAP_MALLOC( sizeof( ComponentId ) );
 	}
+	if (*cid == NULL) {
+		return LDAP_NO_MEMORY;
+	}
 	**cid = _cid;
 	return LDAP_SUCCESS;
 }
@@ -564,7 +567,7 @@
 		ca_comp_ref = op->o_tmpalloc( sizeof( ComponentReference ),
 			op->o_tmpmemctx );
 	} else {
-		ca_comp_ref = malloc( sizeof( ComponentReference ) );
+		ca_comp_ref = SLAP_MALLOC( sizeof( ComponentReference ) );
 	}
 
 	if ( !ca_comp_ref ) return LDAP_NO_MEMORY;
@@ -951,7 +954,7 @@
 	if ( op )
 		_ca = op->o_tmpalloc( sizeof( ComponentAssertion ), op->o_tmpmemctx );
 	else
-		_ca = malloc( sizeof( ComponentAssertion ) );
+		_ca = SLAP_MALLOC( sizeof( ComponentAssertion ) );
 
 	if ( !_ca ) return LDAP_NO_MEMORY;
 
@@ -1170,8 +1173,11 @@
 		if ( op ) {
 			*filt = op->o_tmpalloc( sizeof(f), op->o_tmpmemctx );
 		} else {
-			*filt = malloc( sizeof(f) );
+			*filt = SLAP_MALLOC( sizeof(f) );
 		}
+		if ( *filt == NULL ) {
+			return LDAP_NO_MEMORY;
+		}
 		**filt = f;
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/component.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/component.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/component.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* component.h */
-/* $OpenLDAP: pkg/ldap/servers/slapd/component.h,v 1.4.2.3 2008/02/11 23:26:43 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/component.h,v 1.4.2.4 2009/01/22 00:01:00 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 by IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/config.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/config.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.c - configuration file handling routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.441.2.16 2008/04/14 22:20:28 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.c,v 1.441.2.20 2009/02/13 03:16:59 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -86,7 +86,6 @@
 
 static int fp_getline(FILE *fp, ConfigArgs *c);
 static void fp_getline_init(ConfigArgs *c);
-static int fp_parse_line(ConfigArgs *c);
 
 static char	*strtok_quote(char *line, char *sep, char **quote_ptr);
 static char *strtok_quote_ldif(char **line);
@@ -716,7 +715,7 @@
 
 		c->argc = 0;
 		ch_free( c->tline );
-		if ( fp_parse_line( c ) ) {
+		if ( config_fp_parse_line( c ) ) {
 			rc = 1;
 			goto done;
 		}
@@ -1200,6 +1199,7 @@
 	{ BER_BVC("tls_cacertdir="), offsetof(slap_bindconf, sb_tls_cacertdir), 's', 1, NULL },
 	{ BER_BVC("tls_reqcert="), offsetof(slap_bindconf, sb_tls_reqcert), 's', 1, NULL },
 	{ BER_BVC("tls_cipher_suite="), offsetof(slap_bindconf, sb_tls_cipher_suite), 's', 1, NULL },
+	{ BER_BVC("tls_protocol_min="), offsetof(slap_bindconf, sb_tls_protocol_min), 's', 1, NULL },
 #ifdef HAVE_OPENSSL_CRL
 	{ BER_BVC("tls_crlcheck="), offsetof(slap_bindconf, sb_tls_crlcheck), 's', 1, NULL },
 #endif
@@ -1408,6 +1408,14 @@
 	case LDAP_OPT_X_TLS_REQUIRE_CERT:
 		keys = vfykeys;
 		break;
+	case LDAP_OPT_X_TLS_PROTOCOL_MIN: {
+		char buf[8];
+		ldap_pvt_tls_get_option( ld, opt, &ival );
+		snprintf( buf, sizeof( buf ), "%d.%d",
+			( ival >> 8 ) & 0xff, ival & 0xff );
+		*val = ch_strdup( buf );
+		return 0;
+		}
 	default:
 		return -1;
 	}
@@ -1519,6 +1527,10 @@
 		ch_free( bc->sb_tls_cipher_suite );
 		bc->sb_tls_cipher_suite = NULL;
 	}
+	if ( bc->sb_tls_protocol_min ) {
+		ch_free( bc->sb_tls_protocol_min );
+		bc->sb_tls_protocol_min = NULL;
+	}
 #ifdef HAVE_OPENSSL_CRL
 	if ( bc->sb_tls_crlcheck ) {
 		ch_free( bc->sb_tls_crlcheck );
@@ -1570,6 +1582,7 @@
 	{ "tls_cacert", offsetof(slap_bindconf, sb_tls_cacert), LDAP_OPT_X_TLS_CACERTFILE },
 	{ "tls_cacertdir", offsetof(slap_bindconf, sb_tls_cacertdir), LDAP_OPT_X_TLS_CACERTDIR },
 	{ "tls_cipher_suite", offsetof(slap_bindconf, sb_tls_cipher_suite), LDAP_OPT_X_TLS_CIPHER_SUITE },
+	{ "tls_protocol_min", offsetof(slap_bindconf, sb_tls_protocol_min), LDAP_OPT_X_TLS_PROTOCOL_MIN },
 	{0, 0}
 };
 
@@ -1604,6 +1617,17 @@
 		} else
 			newctx = 1;
 	}
+	if ( bc->sb_tls_protocol_min ) {
+		rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
+			bc->sb_tls_protocol_min );
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY,
+				"bindconf_tls_set: failed to set tls_protocol_min to %s\n",
+					bc->sb_tls_protocol_min, 0, 0 );
+			res = -1;
+		} else
+			newctx = 1;
+	}
 #ifdef HAVE_OPENSSL_CRL
 	if ( bc->sb_tls_crlcheck ) {
 		rc = ldap_int_tls_config( ld, LDAP_OPT_X_TLS_CRLCHECK,
@@ -1930,8 +1954,8 @@
 	return(line[0] ? 1 : 0);
 }
 
-static int
-fp_parse_line(ConfigArgs *c)
+int
+config_fp_parse_line(ConfigArgs *c)
 {
 	char *token;
 	static char *const hide[] = {
@@ -1984,7 +2008,7 @@
 		if ( frontendDB->be_schemadn.bv_val )
 			free( frontendDB->be_schemadn.bv_val );
 		if ( frontendDB->be_acl )
-			acl_destroy( frontendDB->be_acl, NULL );
+			acl_destroy( frontendDB->be_acl );
 	}
 	free( line );
 	if ( slapd_args_file )

Modified: openldap/vendor/openldap-release/servers/slapd/config.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/config.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/config.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* config.h - configuration abstraction structure */
-/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.34.2.11 2008/04/14 18:25:54 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/config.h,v 1.34.2.14 2009/02/13 03:16:59 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -171,6 +171,8 @@
 #define value_dn values.v_dn.vdn_dn
 #define value_ndn values.v_dn.vdn_ndn
 
+int config_fp_parse_line(ConfigArgs *c);
+
 int config_register_schema(ConfigTable *ct, ConfigOCs *co);
 int config_del_vals(ConfigTable *cf, ConfigArgs *c);
 int config_get_vals(ConfigTable *ct, ConfigArgs *c);
@@ -201,6 +203,8 @@
 extern slap_verbmasks *slap_ldap_response_code;
 extern int slap_ldap_response_code_register( struct berval *bv, int err );
 
+extern ConfigTable olcDatabaseDummy[];
+
 LDAP_END_DECL
 
 #endif /* CONFIG_H */

Modified: openldap/vendor/openldap-release/servers/slapd/connection.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/connection.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/connection.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.358.2.16 2008/04/21 18:51:10 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/connection.c,v 1.358.2.24 2009/01/30 18:51:16 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -163,8 +163,10 @@
 		if( connections[i].c_struct_state != SLAP_C_UNINITIALIZED ) {
 			ber_sockbuf_free( connections[i].c_sb );
 			ldap_pvt_thread_mutex_destroy( &connections[i].c_mutex );
-			ldap_pvt_thread_mutex_destroy( &connections[i].c_write_mutex );
-			ldap_pvt_thread_cond_destroy( &connections[i].c_write_cv );
+			ldap_pvt_thread_mutex_destroy( &connections[i].c_write1_mutex );
+			ldap_pvt_thread_mutex_destroy( &connections[i].c_write2_mutex );
+			ldap_pvt_thread_cond_destroy( &connections[i].c_write1_cv );
+			ldap_pvt_thread_cond_destroy( &connections[i].c_write2_cv );
 #ifdef LDAP_SLAPI
 			if ( slapi_plugins_used ) {
 				slapi_int_free_object_extensions( SLAPI_X_EXT_CONNECTION,
@@ -268,7 +270,7 @@
 			assert( c->c_conn_state == SLAP_C_INVALID );
 			assert( c->c_sd == AC_SOCKET_INVALID );
 
-			Debug( LDAP_DEBUG_TRACE,
+			Debug( LDAP_DEBUG_CONNS,
 				"connection_get(%d): connection not used\n",
 				s, 0, 0 );
 
@@ -384,8 +386,10 @@
 
 		/* should check status of thread calls */
 		ldap_pvt_thread_mutex_init( &c->c_mutex );
-		ldap_pvt_thread_mutex_init( &c->c_write_mutex );
-		ldap_pvt_thread_cond_init( &c->c_write_cv );
+		ldap_pvt_thread_mutex_init( &c->c_write1_mutex );
+		ldap_pvt_thread_mutex_init( &c->c_write2_mutex );
+		ldap_pvt_thread_cond_init( &c->c_write1_cv );
+		ldap_pvt_thread_cond_init( &c->c_write2_cv );
 
 #ifdef LDAP_SLAPI
 		if ( slapi_plugins_used ) {
@@ -417,14 +421,17 @@
 	assert( c->c_sasl_bindop == NULL );
 	assert( c->c_currentber == NULL );
 	assert( c->c_writewaiter == 0);
+	assert( c->c_writers == 0);
 
 	c->c_listener = listener;
 	c->c_sd = s;
 
 	if ( flags & CONN_IS_CLIENT ) {
 		c->c_connid = 0;
+		ldap_pvt_thread_mutex_lock( &connections_mutex );
 		c->c_conn_state = SLAP_C_CLIENT;
 		c->c_struct_state = SLAP_C_USED;
+		ldap_pvt_thread_mutex_unlock( &connections_mutex );
 		c->c_close_reason = "?";			/* should never be needed */
 		ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_SET_FD, &sfd );
 		ldap_pvt_thread_mutex_unlock( &c->c_mutex );
@@ -508,8 +515,10 @@
 	id = c->c_connid = conn_nextid++;
 	ldap_pvt_thread_mutex_unlock( &conn_nextid_mutex );
 
+	ldap_pvt_thread_mutex_lock( &connections_mutex );
 	c->c_conn_state = SLAP_C_INACTIVE;
 	c->c_struct_state = SLAP_C_USED;
+	ldap_pvt_thread_mutex_unlock( &connections_mutex );
 	c->c_close_reason = "?";			/* should never be needed */
 
 	c->c_ssf = c->c_transport_ssf = ssf;
@@ -589,6 +598,7 @@
 	assert( LDAP_STAILQ_EMPTY(&c->c_txn_ops) );
 #endif
 	assert( c->c_writewaiter == 0);
+	assert( c->c_writers == 0);
 
 	/* only for stats (print -1 as "%lu" may give unexpected results ;) */
 	connid = c->c_connid;
@@ -734,7 +744,7 @@
 	/* c_mutex must be locked by caller */
 
 	if( c->c_conn_state != SLAP_C_CLOSING ) {
-		Debug( LDAP_DEBUG_TRACE,
+		Debug( LDAP_DEBUG_CONNS,
 			"connection_closing: readying conn=%lu sd=%d for close\n",
 			c->c_connid, c->c_sd, 0 );
 		/* update state to closing */
@@ -748,18 +758,24 @@
 		connection_abandon( c );
 
 		/* wake write blocked operations */
-		if ( c->c_writewaiter ) {
-			ldap_pvt_thread_cond_signal( &c->c_write_cv );
-			/* ITS#4667 this may allow another thread to drop into
-			 * connection_resched / connection_close before we
-			 * finish, but that's OK.
-			 */
-			slapd_clr_write( c->c_sd, 1 );
-			ldap_pvt_thread_mutex_unlock( &c->c_mutex );
-			ldap_pvt_thread_mutex_lock( &c->c_write_mutex );
-			ldap_pvt_thread_mutex_lock( &c->c_mutex );
-			ldap_pvt_thread_mutex_unlock( &c->c_write_mutex );
+		ldap_pvt_thread_mutex_lock( &c->c_write1_mutex );
+		if ( c->c_writers > 0 ) {
+			c->c_writers = -c->c_writers;
+			ldap_pvt_thread_cond_broadcast( &c->c_write1_cv );
+			ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex );
+			if ( c->c_writewaiter ) {
+				ldap_pvt_thread_mutex_lock( &c->c_write2_mutex );
+				ldap_pvt_thread_cond_signal( &c->c_write2_cv );
+				slapd_clr_write( c->c_sd, 1 );
+				ldap_pvt_thread_mutex_unlock( &c->c_write2_mutex );
+			}
+			ldap_pvt_thread_mutex_lock( &c->c_write1_mutex );
+			while ( c->c_writers ) {
+				ldap_pvt_thread_cond_wait( &c->c_write1_cv, &c->c_write1_mutex );
+			}
+			ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex );
 		} else {
+			ldap_pvt_thread_mutex_unlock( &c->c_write1_mutex );
 			slapd_clr_write( c->c_sd, 1 );
 		}
 
@@ -774,11 +790,6 @@
 {
 	assert( connections != NULL );
 	assert( c != NULL );
-
-	/* ITS#4667 we may have gotten here twice */
-	if ( c->c_conn_state == SLAP_C_INVALID )
-		return;
-
 	assert( c->c_struct_state == SLAP_C_USED );
 	assert( c->c_conn_state == SLAP_C_CLOSING );
 
@@ -787,7 +798,7 @@
 	if ( !LDAP_STAILQ_EMPTY(&c->c_ops) ||
 		!LDAP_STAILQ_EMPTY(&c->c_pending_ops) )
 	{
-		Debug( LDAP_DEBUG_TRACE,
+		Debug( LDAP_DEBUG_CONNS,
 			"connection_close: deferring conn=%lu sd=%d\n",
 			c->c_connid, c->c_sd, 0 );
 		return;
@@ -843,12 +854,12 @@
 	for(; *index < dtblsize; (*index)++) {
 		int c_struct;
 		if( connections[*index].c_struct_state == SLAP_C_UNINITIALIZED ) {
+			/* FIXME: accessing c_conn_state without locking c_mutex */
 			assert( connections[*index].c_conn_state == SLAP_C_INVALID );
 			continue;
 		}
 
 		if( connections[*index].c_struct_state == SLAP_C_USED ) {
-			assert( connections[*index].c_conn_state != SLAP_C_INVALID );
 			c = &connections[(*index)++];
 			if ( ldap_pvt_thread_mutex_trylock( &c->c_mutex )) {
 				/* avoid deadlock */
@@ -861,6 +872,7 @@
 					continue;
 				}
 			}
+			assert( c->c_conn_state != SLAP_C_INVALID );
 			break;
 		}
 
@@ -868,6 +880,7 @@
 		if ( c_struct == SLAP_C_PENDING )
 			continue;
 		assert( c_struct == SLAP_C_UNUSED );
+		/* FIXME: accessing c_conn_state without locking c_mutex */
 		assert( connections[*index].c_conn_state == SLAP_C_INVALID );
 	}
 
@@ -1150,7 +1163,6 @@
 		c->c_clientarg = arg;
 
 		slapd_add_internal( sfd, 0 );
-		slapd_set_read( sfd, 1 );
 	}
 	return c;
 }
@@ -1169,7 +1181,7 @@
 
 	/* get (locked) connection */
 	c = connection_get( s );
-	
+
 	assert( c->c_conn_state == SLAP_C_CLIENT );
 
 	c->c_listener = NULL;
@@ -1241,6 +1253,24 @@
 	return rc;
 }
 
+void
+connection_hangup( ber_socket_t s )
+{
+	Connection *c;
+
+	c = connection_get( s );
+	if ( c ) {
+		if ( c->c_conn_state == SLAP_C_CLIENT ) {
+			connection_return( c );
+			connection_read_activate( s );
+		} else {
+			connection_closing( c, "connection lost" );
+			connection_close( c );
+			connection_return( c );
+		}
+	}
+}
+
 static int
 connection_read( ber_socket_t s, conn_readinfo *cri )
 {
@@ -1263,7 +1293,7 @@
 	c->c_n_read++;
 
 	if( c->c_conn_state == SLAP_C_CLOSING ) {
-		Debug( LDAP_DEBUG_TRACE,
+		Debug( LDAP_DEBUG_CONNS,
 			"connection_read(%d): closing, ignoring input for id=%lu\n",
 			s, c->c_connid, 0 );
 		connection_return( c );
@@ -1625,7 +1655,7 @@
 		return 0;
 
 	if( conn->c_conn_state == SLAP_C_CLOSING ) {
-		Debug( LDAP_DEBUG_TRACE, "connection_resched: "
+		Debug( LDAP_DEBUG_CONNS, "connection_resched: "
 			"attempting closing conn=%lu sd=%d\n",
 			conn->c_connid, conn->c_sd, 0 );
 		connection_close( conn );
@@ -1826,7 +1856,9 @@
 	Debug( LDAP_DEBUG_TRACE,
 		"connection_write(%d): waking output for id=%lu\n",
 		s, c->c_connid, 0 );
-	ldap_pvt_thread_cond_signal( &c->c_write_cv );
+	ldap_pvt_thread_mutex_lock( &c->c_write2_mutex );
+	ldap_pvt_thread_cond_signal( &c->c_write2_cv );
+	ldap_pvt_thread_mutex_unlock( &c->c_write2_mutex );
 
 	if ( ber_sockbuf_ctrl( c->c_sb, LBER_SB_OPT_NEEDS_READ, NULL ) ) {
 		slapd_set_read( s, 1 );

Modified: openldap/vendor/openldap-release/servers/slapd/controls.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/controls.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/controls.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.174.2.10 2008/04/14 22:15:21 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/controls.c,v 1.174.2.18 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -48,6 +48,9 @@
 #ifdef SLAP_CONTROL_X_SESSION_TRACKING
 static SLAP_CTRL_PARSE_FN parseSessionTracking;
 #endif
+#ifdef SLAP_CONTROL_X_WHATFAILED
+static SLAP_CTRL_PARSE_FN parseWhatFailed;
+#endif
 
 #undef sc_mask /* avoid conflict with Irix 6.5 <sys/signal.h> */
 
@@ -120,8 +123,7 @@
 static struct slap_control control_defs[] = {
 	{  LDAP_CONTROL_ASSERT,
  		(int)offsetof(struct slap_control_ids, sc_assert),
-		SLAP_CTRL_DELETE|SLAP_CTRL_MODIFY|SLAP_CTRL_RENAME|
-			SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
+		SLAP_CTRL_UPDATE|SLAP_CTRL_COMPARE|SLAP_CTRL_SEARCH,
 		NULL, NULL,
 		parseAssert, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 	{ LDAP_CONTROL_PRE_READ,
@@ -217,6 +219,14 @@
 		session_tracking_extops, NULL,
 		parseSessionTracking, LDAP_SLIST_ENTRY_INITIALIZER(next) },
 #endif
+#ifdef SLAP_CONTROL_X_WHATFAILED
+	{ LDAP_CONTROL_X_WHATFAILED,
+ 		(int)offsetof(struct slap_control_ids, sc_whatFailed),
+		SLAP_CTRL_GLOBAL|SLAP_CTRL_ACCESS|SLAP_CTRL_HIDE,
+		NULL, NULL,
+		parseWhatFailed, LDAP_SLIST_ENTRY_INITIALIZER(next) },
+#endif
+
 	{ NULL, 0, 0, NULL, 0, NULL, LDAP_SLIST_ENTRY_INITIALIZER(next) }
 };
 
@@ -536,6 +546,7 @@
 	const char **text )
 {
 	struct slap_control *sc;
+	int rc = LDAP_SUCCESS;
 
 	sc = find_ctrl( control->ldctl_oid );
 	if( sc != NULL ) {
@@ -591,31 +602,29 @@
 
 		if (( sc->sc_mask & tagmask ) == tagmask ) {
 			/* available extension */
-			int	rc;
+			if ( sc->sc_parse ) {
+				rc = sc->sc_parse( op, rs, control );
+				assert( rc != LDAP_UNAVAILABLE_CRITICAL_EXTENSION );
 
-			if( !sc->sc_parse ) {
+			} else if ( control->ldctl_iscritical ) {
 				*text = "not yet implemented";
-				return LDAP_OTHER;
+				rc = LDAP_OTHER;
 			}
 
-			rc = sc->sc_parse( op, rs, control );
-			if ( rc ) {
-				assert( rc != LDAP_UNAVAILABLE_CRITICAL_EXTENSION );
-				return rc;
-			}
 
-		} else if( control->ldctl_iscritical ) {
+		} else if ( control->ldctl_iscritical ) {
 			/* unavailable CRITICAL control */
 			*text = "critical extension is unavailable";
-			return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+			rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
 		}
-	} else if( control->ldctl_iscritical ) {
+
+	} else if ( control->ldctl_iscritical ) {
 		/* unrecognized CRITICAL control */
 		*text = "critical extension is not recognized";
-		return LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
+		rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION;
 	}
 
-	return LDAP_SUCCESS;
+	return rc;
 }
 
 int get_ctrls(
@@ -629,6 +638,15 @@
 	char *opaque;
 	BerElement *ber = op->o_ber;
 	struct berval bv;
+#ifdef SLAP_CONTROL_X_WHATFAILED
+	/* NOTE: right now, slapd checks the validity of each control
+	 * while parsing.  As a consequence, it can only detect one
+	 * cause of failure at a time.  This results in returning
+	 * exactly one OID with the whatFailed control, or no control
+	 * at all.
+	 */
+	char *failed_oid = NULL;
+#endif
 
 	len = ber_pvt_ber_remaining(ber);
 
@@ -769,6 +787,9 @@
 
 		rs->sr_err = slap_parse_ctrl( op, rs, c, &rs->sr_text );
 		if ( rs->sr_err != LDAP_SUCCESS ) {
+#ifdef SLAP_CONTROL_X_WHATFAILED
+			failed_oid = c->ldctl_oid;
+#endif
 			goto return_results;
 		}
 	}
@@ -784,6 +805,71 @@
 			send_ldap_disconnect( op, rs );
 			rs->sr_err = SLAPD_DISCONNECT;
 		} else {
+#ifdef SLAP_CONTROL_X_WHATFAILED
+			/* might have not been parsed yet? */
+			if ( failed_oid != NULL ) {
+				if ( !get_whatFailed( op ) ) {
+					/* look it up */
+
+					/* step through each remaining element */
+					for ( ; tag != LBER_ERROR; tag = ber_next_element( ber, &len, opaque ) )
+					{
+						LDAPControl c = { 0 };
+
+						tag = ber_scanf( ber, "{m" /*}*/, &bv );
+						c.ldctl_oid = bv.bv_val;
+
+						if ( tag == LBER_ERROR ) {
+							slap_free_ctrls( op, op->o_ctrls );
+							op->o_ctrls = NULL;
+							break;
+
+						} else if ( c.ldctl_oid == NULL ) {
+							slap_free_ctrls( op, op->o_ctrls );
+							op->o_ctrls = NULL;
+							break;
+						}
+
+						tag = ber_peek_tag( ber, &len );
+						if ( tag == LBER_BOOLEAN ) {
+							ber_int_t crit;
+							tag = ber_scanf( ber, "b", &crit );
+							if( tag == LBER_ERROR ) {
+								slap_free_ctrls( op, op->o_ctrls );
+								op->o_ctrls = NULL;
+								break;
+							}
+
+							tag = ber_peek_tag( ber, &len );
+						}
+
+						if ( tag == LBER_OCTETSTRING ) {
+							tag = ber_scanf( ber, "m", &c.ldctl_value );
+
+							if( tag == LBER_ERROR ) {
+								slap_free_ctrls( op, op->o_ctrls );
+								op->o_ctrls = NULL;
+								break;
+							}
+						}
+
+						if ( strcmp( c.ldctl_oid, LDAP_CONTROL_X_WHATFAILED ) == 0 ) {
+							const char *text;
+							slap_parse_ctrl( op, rs, &c, &text );
+							break;
+						}
+					}
+				}
+
+				if ( get_whatFailed( op ) ) {
+					char *oids[ 2 ];
+					oids[ 0 ] = failed_oid;
+					oids[ 1 ] = NULL;
+					slap_ctrl_whatFailed_add( op, rs, oids );
+				}
+			}
+#endif
+
 			send_ldap_result( op, rs );
 		}
 	}
@@ -875,12 +961,17 @@
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( !ctrl->ldctl_iscritical ) {
+	if ( ( global_disallows & SLAP_DISALLOW_DONTUSECOPY_N_CRIT )
+		&& !ctrl->ldctl_iscritical )
+	{
 		rs->sr_text = "dontUseCopy criticality of FALSE not allowed";
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	op->o_dontUseCopy = SLAP_CONTROL_CRITICAL;
+	op->o_dontUseCopy = ctrl->ldctl_iscritical
+		? SLAP_CONTROL_CRITICAL
+		: SLAP_CONTROL_NONCRITICAL;
+
 	return LDAP_SUCCESS;
 }
 
@@ -946,6 +1037,13 @@
 		return LDAP_PROTOCOL_ERROR;
 	}
 
+	if ( ( global_disallows & SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT )
+		&& !ctrl->ldctl_iscritical )
+	{
+		rs->sr_text = "proxied authorization criticality of FALSE not allowed";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
 	if ( !( global_allows & SLAP_ALLOW_PROXY_AUTHZ_ANON )
 		&& BER_BVISEMPTY( &op->o_ndn ) )
 	{
@@ -1112,11 +1210,11 @@
     If the page size is greater than or equal to the sizeLimit value, the
     server should ignore the control as the request can be satisfied in a
     single page.
-	 
+
 	 * NOTE: this assumes that the op->ors_slimit be set
 	 * before the controls are parsed.     
 	 */
-		
+
 	if ( op->ors_slimit > 0 && size >= op->ors_slimit ) {
 		op->o_pagedresults = SLAP_CONTROL_IGNORED;
 
@@ -1192,7 +1290,7 @@
 		rs->sr_text = "assert control: internal error";
 		return LDAP_OTHER;
 	}
-	
+
 	rs->sr_err = get_filter( op, ber, (Filter **)&(op->o_assertion),
 		&rs->sr_text);
 	(void) ber_free( ber, 1 );
@@ -1205,7 +1303,7 @@
 			send_ldap_result( op, rs );
 		}
 		if( op->o_assertion != NULL ) {
-			filter_free_x( op, op->o_assertion );
+			filter_free_x( op, op->o_assertion, 1 );
 		}
 		return rs->sr_err;
 	}
@@ -1226,113 +1324,47 @@
 	return LDAP_SUCCESS;
 }
 
-static int parsePreRead (
-	Operation *op,
-	SlapReply *rs,
-	LDAPControl *ctrl )
-{
-	ber_len_t siz, off, i;
-	AttributeName *an = NULL;
-	BerElement	*ber;
+#define READMSG(post, msg) \
+	( post ? "postread control: " msg : "preread control: " msg )
 
-	if ( op->o_preread != SLAP_CONTROL_NONE ) {
-		rs->sr_text = "preread control specified multiple times";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
-		rs->sr_text = "preread control value is absent";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
-		rs->sr_text = "preread control value is empty";
-		return LDAP_PROTOCOL_ERROR;
-	}
-
-#ifdef LDAP_X_TXN
-	if ( op->o_txnSpec ) { /* temporary limitation */
-		rs->sr_text = "cannot perform pre-read in transaction";
-		return LDAP_UNWILLING_TO_PERFORM;
-	}
-#endif
-
-	ber = ber_init( &(ctrl->ldctl_value) );
-	if (ber == NULL) {
-		rs->sr_text = "preread control: internal error";
-		return LDAP_OTHER;
-	}
-
-	rs->sr_err = LDAP_SUCCESS;
-
-	siz = sizeof( AttributeName );
-	off = offsetof( AttributeName, an_name );
-	if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
-		rs->sr_text = "preread control: decoding error";
-		rs->sr_err = LDAP_PROTOCOL_ERROR;
-		goto done;
-	}
-
-	for( i=0; i<siz; i++ ) {
-		const char	*dummy = NULL;
-
-		an[i].an_desc = NULL;
-		an[i].an_oc = NULL;
-		an[i].an_oc_exclude = 0;
-		rs->sr_err = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
-		if ( rs->sr_err != LDAP_SUCCESS && ctrl->ldctl_iscritical ) {
-			rs->sr_text = dummy
-				? dummy
-				: "postread control: unknown attributeType";
-			goto done;
-		}
-	}
-
-	op->o_preread = ctrl->ldctl_iscritical
-		? SLAP_CONTROL_CRITICAL
-		: SLAP_CONTROL_NONCRITICAL;
-
-	op->o_preread_attrs = an;
-
-done:
-	(void) ber_free( ber, 1 );
-	return rs->sr_err;
-}
-
-static int parsePostRead (
+static int
+parseReadAttrs(
 	Operation *op,
 	SlapReply *rs,
-	LDAPControl *ctrl )
+	LDAPControl *ctrl,
+	int post )
 {
-	ber_len_t siz, off, i;
-	AttributeName *an = NULL;
+	ber_len_t	siz, off, i;
 	BerElement	*ber;
+	AttributeName	*an = NULL;
 
-	if ( op->o_postread != SLAP_CONTROL_NONE ) {
-		rs->sr_text = "postread control specified multiple times";
+	if ( ( post && op->o_postread != SLAP_CONTROL_NONE ) ||
+		( !post && op->o_preread != SLAP_CONTROL_NONE ) )
+	{
+		rs->sr_text = READMSG( post, "specified multiple times" );
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( BER_BVISNULL( &ctrl->ldctl_value )) {
-		rs->sr_text = "postread control value is absent";
+	if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = READMSG( post, "value is absent" );
 		return LDAP_PROTOCOL_ERROR;
 	}
 
-	if ( BER_BVISEMPTY( &ctrl->ldctl_value )) {
-		rs->sr_text = "postread control value is empty";
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+		rs->sr_text = READMSG( post, "value is empty" );
 		return LDAP_PROTOCOL_ERROR;
 	}
 
 #ifdef LDAP_X_TXN
 	if ( op->o_txnSpec ) { /* temporary limitation */
-		rs->sr_text = "cannot perform post-read in transaction";
+		rs->sr_text = READMSG( post, "cannot perform in transaction" );
 		return LDAP_UNWILLING_TO_PERFORM;
 	}
 #endif
 
-	ber = ber_init( &(ctrl->ldctl_value) );
-	if (ber == NULL) {
-		rs->sr_text = "postread control: internal error";
+	ber = ber_init( &ctrl->ldctl_value );
+	if ( ber == NULL ) {
+		rs->sr_text = READMSG( post, "internal error" );
 		return LDAP_OTHER;
 	}
 
@@ -1340,7 +1372,7 @@
 	siz = sizeof( AttributeName );
 	off = offsetof( AttributeName, an_name );
 	if ( ber_scanf( ber, "{M}", &an, &siz, off ) == LBER_ERROR ) {
-		rs->sr_text = "postread control: decoding error";
+		rs->sr_text = READMSG( post, "decoding error" );
 		rs->sr_err = LDAP_PROTOCOL_ERROR;
 		goto done;
 	}
@@ -1353,8 +1385,11 @@
 		an[i].an_oc = NULL;
 		an[i].an_oc_exclude = 0;
 		rc = slap_bv2ad( &an[i].an_name, &an[i].an_desc, &dummy );
-		if ( rc != LDAP_SUCCESS ) {
-			int			i;
+		if ( rc == LDAP_SUCCESS ) {
+			an[i].an_name = an[i].an_desc->ad_cname;
+
+		} else {
+			int			j;
 			static struct berval	special_attrs[] = {
 				BER_BVC( LDAP_NO_ATTRS ),
 				BER_BVC( LDAP_ALL_USER_ATTRIBUTES ),
@@ -1363,33 +1398,55 @@
 			};
 
 			/* deal with special attribute types */
-			for ( i = 0; !BER_BVISNULL( &special_attrs[ i ] ); i++ ) {
-				if ( bvmatch( &an[i].an_name, &special_attrs[ i ] ) ) {
+			for ( j = 0; !BER_BVISNULL( &special_attrs[ j ] ); j++ ) {
+				if ( bvmatch( &an[i].an_name, &special_attrs[ j ] ) ) {
+					an[i].an_name = special_attrs[ j ];
 					break;
 				}
 			}
 
-			if ( BER_BVISNULL( &special_attrs[ i ] ) && ctrl->ldctl_iscritical ) {
+			if ( BER_BVISNULL( &special_attrs[ j ] ) && ctrl->ldctl_iscritical ) {
 				rs->sr_err = rc;
-				rs->sr_text = dummy
-					? dummy
-					: "postread control: unknown attributeType";
+				rs->sr_text = dummy ? dummy
+					: READMSG( post, "unknown attributeType" );
 				goto done;
 			}
 		}
 	}
 
-	op->o_postread = ctrl->ldctl_iscritical
-		? SLAP_CONTROL_CRITICAL
-		: SLAP_CONTROL_NONCRITICAL;
+	if ( post ) {
+		op->o_postread_attrs = an;
+		op->o_postread = ctrl->ldctl_iscritical
+			? SLAP_CONTROL_CRITICAL
+			: SLAP_CONTROL_NONCRITICAL;
+	} else {
+		op->o_preread_attrs = an;
+		op->o_preread = ctrl->ldctl_iscritical
+			? SLAP_CONTROL_CRITICAL
+			: SLAP_CONTROL_NONCRITICAL;
+	}
 
-	op->o_postread_attrs = an;
-
 done:
 	(void) ber_free( ber, 1 );
 	return rs->sr_err;
 }
 
+static int parsePreRead (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	return parseReadAttrs( op, rs, ctrl, 0 );
+}
+
+static int parsePostRead (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	return parseReadAttrs( op, rs, ctrl, 1 );
+}
+
 static int parseValuesReturnFilter (
 	Operation *op,
 	SlapReply *rs,
@@ -1418,7 +1475,7 @@
 		rs->sr_text = "internal error";
 		return LDAP_OTHER;
 	}
-	
+
 	rs->sr_err = get_vrFilter( op, ber,
 		(ValuesReturnFilter **)&(op->o_vrFilter), &rs->sr_text);
 
@@ -1906,3 +1963,87 @@
 	return slap_ctrl_session_tracking_add( op, rs, &ip, &name, &id, ctrl );
 }
 #endif
+
+#ifdef SLAP_CONTROL_X_WHATFAILED
+static int parseWhatFailed(
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	if ( op->o_whatFailed != SLAP_CONTROL_NONE ) {
+		rs->sr_text = "\"WHat Failed?\" control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( !BER_BVISNULL( &ctrl->ldctl_value )) {
+		rs->sr_text = "\"What Failed?\" control value not absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	op->o_whatFailed = ctrl->ldctl_iscritical
+		? SLAP_CONTROL_CRITICAL
+		: SLAP_CONTROL_NONCRITICAL;
+
+	return LDAP_SUCCESS;
+}
+
+int
+slap_ctrl_whatFailed_add(
+	Operation *op,
+	SlapReply *rs,
+	char **oids )
+{
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *) &berbuf;
+	LDAPControl **ctrls = NULL;
+	struct berval ctrlval;
+	int i, rc = LDAP_SUCCESS;
+
+	ber_init2( ber, NULL, LBER_USE_DER );
+	ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+	ber_printf( ber, "[" /*]*/ );
+	for ( i = 0; oids[ i ] != NULL; i++ ) {
+		ber_printf( ber, "s", oids[ i ] );
+	}
+	ber_printf( ber, /*[*/ "]" );
+
+	if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
+		rc = LDAP_OTHER;
+		goto done;
+	}
+
+	i = 0;
+	if ( rs->sr_ctrls != NULL ) {
+		for ( ; rs->sr_ctrls[ i ] != NULL; i++ ) {
+			if ( strcmp( rs->sr_ctrls[ i ]->ldctl_oid, LDAP_CONTROL_X_WHATFAILED ) != 0 ) {
+				/* TODO: add */
+				assert( 0 );
+			}
+		}
+	}
+
+	ctrls = op->o_tmprealloc( rs->sr_ctrls,
+			sizeof(LDAPControl *)*( i + 2 )
+			+ sizeof(LDAPControl)
+			+ ctrlval.bv_len + 1,
+			op->o_tmpmemctx );
+	if ( ctrls == NULL ) {
+		rc = LDAP_OTHER;
+		goto done;
+	}
+	ctrls[ i + 1 ] = NULL;
+	ctrls[ i ] = (LDAPControl *)&ctrls[ i + 2 ];
+	ctrls[ i ]->ldctl_oid = LDAP_CONTROL_X_WHATFAILED;
+	ctrls[ i ]->ldctl_iscritical = 0;
+	ctrls[ i ]->ldctl_value.bv_val = (char *)&ctrls[ i ][ 1 ];
+	AC_MEMCPY( ctrls[ i ]->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len + 1 );
+	ctrls[ i ]->ldctl_value.bv_len = ctrlval.bv_len;
+
+	ber_free_buf( ber );
+
+	rs->sr_ctrls = ctrls;
+
+done:;
+	return rc;
+}
+#endif

Modified: openldap/vendor/openldap-release/servers/slapd/cr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/cr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/cr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* cr.c - content rule routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/cr.c,v 1.22.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/cr.c,v 1.22.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/ctxcsn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ctxcsn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/ctxcsn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ctxcsn.c -- Context CSN Management Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.40.2.6 2008/02/12 00:44:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ctxcsn.c,v 1.40.2.11 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *
@@ -33,71 +33,72 @@
 void
 slap_get_commit_csn(
 	Operation *op,
-	struct berval *maxcsn
+	struct berval *maxcsn,
+	int *foundit
 )
 {
 	struct slap_csn_entry *csne, *committed_csne = NULL;
+	BackendDB *be = op->o_bd->bd_self;
 
 	if ( maxcsn ) {
 		BER_BVZERO( maxcsn );
 	}
+	if ( foundit ) {
+		*foundit = 0;
+	}
 
-	ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
 
-	LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
 		if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
 			csne->ce_state = SLAP_CSN_COMMIT;
+			if ( foundit ) *foundit = 1;
 			break;
 		}
 	}
 
-	LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
 		if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
 		if ( csne->ce_state == SLAP_CSN_PENDING ) break;
 	}
 
 	if ( committed_csne && maxcsn ) *maxcsn = committed_csne->ce_csn;
-	ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
 }
 
 void
 slap_rewind_commit_csn( Operation *op )
 {
 	struct slap_csn_entry *csne;
+	BackendDB *be = op->o_bd->bd_self;
 
-	ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
 
-	LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
 		if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
 			csne->ce_state = SLAP_CSN_PENDING;
 			break;
 		}
 	}
 
-	ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
 }
 
 void
 slap_graduate_commit_csn( Operation *op )
 {
 	struct slap_csn_entry *csne;
+	BackendDB *be;
 
 	if ( op == NULL ) return;
 	if ( op->o_bd == NULL ) return;
+	be = op->o_bd->bd_self;
 
-#if 0
-	/* it is NULL when we get here from the frontendDB;
-	 * alternate fix: initialize frontendDB like all other backends */
-	assert( op->o_bd->be_pcl_mutexp != NULL );
-#endif
-	
-	if ( op->o_bd->be_pcl_mutexp == NULL ) return;
+	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
 
-	ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
-
-	LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
+	LDAP_TAILQ_FOREACH( csne, be->be_pending_csn_list, ce_csn_link ) {
 		if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
-			LDAP_TAILQ_REMOVE( op->o_bd->be_pending_csn_list,
+			LDAP_TAILQ_REMOVE( be->be_pending_csn_list,
 				csne, ce_csn_link );
 			Debug( LDAP_DEBUG_SYNC, "slap_graduate_commit_csn: removing %p %s\n",
 				csne->ce_csn.bv_val, csne->ce_csn.bv_val, 0 );
@@ -110,7 +111,7 @@
 		}
 	}
 
-	ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
 
 	return;
 }
@@ -161,22 +162,23 @@
 	struct berval *csn )
 {
 	struct slap_csn_entry *pending;
+	BackendDB *be = op->o_bd->bd_self;
 
 	pending = (struct slap_csn_entry *) ch_calloc( 1,
 			sizeof( struct slap_csn_entry ));
 
 	Debug( LDAP_DEBUG_SYNC, "slap_queue_csn: queing %p %s\n", csn->bv_val, csn->bv_val, 0 );
 
-	ldap_pvt_thread_mutex_lock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_lock( &be->be_pcl_mutex );
 
 	ber_dupbv( &pending->ce_csn, csn );
 	ber_bvreplace_x( &op->o_csn, &pending->ce_csn, op->o_tmpmemctx );
 	pending->ce_connid = op->o_connid;
 	pending->ce_opid = op->o_opid;
 	pending->ce_state = SLAP_CSN_PENDING;
-	LDAP_TAILQ_INSERT_TAIL( op->o_bd->be_pending_csn_list,
+	LDAP_TAILQ_INSERT_TAIL( be->be_pending_csn_list,
 		pending, ce_csn_link );
-	ldap_pvt_thread_mutex_unlock( op->o_bd->be_pcl_mutexp );
+	ldap_pvt_thread_mutex_unlock( &be->be_pcl_mutex );
 }
 
 int
@@ -190,10 +192,10 @@
 	/* gmtime doesn't always need a mutex, but lutil_csnstr does */
 	ldap_pvt_thread_mutex_lock( &gmtime_mutex );
 	csn->bv_len = lutil_csnstr( csn->bv_val, csn->bv_len, slap_serverID, 0 );
-	ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
-
 	if ( manage_ctxcsn )
 		slap_queue_csn( op, csn );
 
+	ldap_pvt_thread_mutex_unlock( &gmtime_mutex );
+
 	return LDAP_SUCCESS;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/daemon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/daemon.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/daemon.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.380.2.12 2008/05/27 20:12:44 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/daemon.c,v 1.380.2.22 2009/02/13 02:35:39 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 2007 by Howard Chu, Symas Corporation.
  * All rights reserved.
  *
@@ -79,7 +79,11 @@
 #define SLAPD_LISTEN_BACKLOG 1024
 #endif /* ! SLAPD_LISTEN_BACKLOG */
 
-static ber_socket_t wake_sds[2];
+static ber_socket_t wake_sds[2]
+#ifdef HAVE_WINSOCK
+	= { INVALID_SOCKET, INVALID_SOCKET }
+#endif /* HAVE_WINSOCK */
+	;
 static int emfile;
 
 static volatile int waking;
@@ -1641,8 +1645,14 @@
 slapd_daemon_destroy( void )
 {
 	connections_destroy();
-	tcp_close( SLAP_FD2SOCK(wake_sds[1]) );
-	tcp_close( SLAP_FD2SOCK(wake_sds[0]) );
+#ifdef HAVE_WINSOCK
+	if ( wake_sds[1] != INVALID_SOCKET && wake_sds[1] != wake_sds[0] )
+#endif /* HAVE_WINSOCK */
+		tcp_close( SLAP_FD2SOCK(wake_sds[1]) );
+#ifdef HAVE_WINSOCK
+	if ( wake_sds[0] != INVALID_SOCKET )
+#endif /* HAVE_WINSOCK */
+		tcp_close( SLAP_FD2SOCK(wake_sds[0]) );
 	sockdestroy();
 
 #ifdef HAVE_SLP
@@ -2291,7 +2301,7 @@
 						Debug( LDAP_DEBUG_ANY,
 							"daemon: "
 							SLAP_EVENT_FNAME
-							"failed count %d "
+							" failed count %d "
 							"err (%d): %s\n",
 							ebadf, err,
 							sock_errstr( err ) );
@@ -2485,7 +2495,7 @@
 #endif /* LDAP_DEBUG */
 
 		for ( i = 0; i < ns; i++ ) {
-			int rc = 1, fd;
+			int rc = 1, fd, w = 0;
 
 			if ( SLAP_EVENT_IS_LISTENER( i ) ) {
 				rc = slap_listener_activate( SLAP_EVENT_LISTENER( i ) );
@@ -2503,7 +2513,7 @@
 					char c[BUFSIZ];
 					waking = 0;
 					tcp_read( SLAP_FD2SOCK(wake_sds[0]), c, sizeof(c) );
-					break;
+					continue;
 				}
 
 				if ( SLAP_EVENT_IS_WRITE( i ) ) {
@@ -2512,6 +2522,7 @@
 						fd, 0, 0 );
 
 					SLAP_EVENT_CLR_WRITE( i );
+					w = 1;
 
 					/*
 					 * NOTE: it is possible that the connection was closed
@@ -2531,9 +2542,17 @@
 
 					SLAP_EVENT_CLR_READ( i );
 					connection_read_activate( fd );
-				} else {
+				} else if ( !w ) {
 					Debug( LDAP_DEBUG_CONNS,
 						"daemon: hangup on %d\n", fd, 0, 0 );
+					if ( SLAP_SOCK_IS_ACTIVE( fd )) {
+#ifdef HAVE_EPOLL
+						/* Don't keep reporting the hangup
+						 */
+						SLAP_EPOLL_SOCK_SET( fd, EPOLLET );
+#endif
+						connection_hangup( fd );
+					}
 				}
 			}
 		}
@@ -2572,9 +2591,12 @@
 		connections_shutdown();
 	}
 
-	Debug( LDAP_DEBUG_ANY,
-		"slapd shutdown: waiting for %d threads to terminate\n",
-		ldap_pvt_thread_pool_backload( &connection_pool ), 0, 0 );
+	if ( LogTest( LDAP_DEBUG_ANY )) {
+		int t = ldap_pvt_thread_pool_backload( &connection_pool );
+		Debug( LDAP_DEBUG_ANY,
+			"slapd shutdown: waiting for %d operations/tasks to finish\n",
+			t, 0, 0 );
+	}
 	ldap_pvt_thread_pool_destroy( &connection_pool, 1 );
 
 	free( slap_listeners );

Modified: openldap/vendor/openldap-release/servers/slapd/delete.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/delete.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/delete.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/delete.c,v 1.138.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/delete.c,v 1.138.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/dn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/dn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/dn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dn.c - routines for dealing with distinguished names */
-/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.8 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/dn.c,v 1.182.2.10 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1077,7 +1077,7 @@
 
 	p = ber_bvchr( dn_in, ',' );
 
-	return p ? p - dn_in->bv_val : dn_in->bv_len;
+	return p ? (ber_len_t) (p - dn_in->bv_val) : dn_in->bv_len;
 }
 
 

Modified: openldap/vendor/openldap-release/servers/slapd/entry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/entry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/entry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* entry.c - routines for dealing with entries */
-/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.148.2.7 2008/02/11 23:43:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/entry.c,v 1.148.2.9 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -725,8 +725,8 @@
  */
 int entry_encode(Entry *e, struct berval *bv)
 {
-	ber_len_t len, dnlen, ndnlen;
-	int i, nattrs, nvals;
+	ber_len_t len, dnlen, ndnlen, i;
+	int nattrs, nvals;
 	Attribute *a;
 	unsigned char *ptr;
 

Modified: openldap/vendor/openldap-release/servers/slapd/extended.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/extended.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/extended.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/extended.c,v 1.92.2.5 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/extended.c,v 1.92.2.6 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/filter.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/filter.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/filter.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* filter.c - routines for parsing and dealing with filters */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.134.2.12 2008/02/18 22:25:47 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filter.c,v 1.134.2.16 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -385,6 +385,19 @@
 
 	rc = LDAP_PROTOCOL_ERROR;
 
+	if ( ssa.sa_desc->ad_type->sat_substr == NULL ) {
+		for ( tag = ber_first_element( ber, &len, &last );
+			tag != LBER_DEFAULT;
+			tag = ber_next_element( ber, &len, last ) )
+		{
+			/* eat all */
+			rc = ber_scanf( ber, "x" );
+		}
+
+		rc = LDAP_INVALID_SYNTAX;
+		goto return_error;
+	}
+
 	for ( tag = ber_first_element( ber, &len, &last );
 		tag != LBER_DEFAULT;
 		tag = ber_next_element( ber, &len, last ) )
@@ -478,6 +491,7 @@
 			return rc;
 		}
 
+		*text = NULL;
 		rc = LDAP_SUCCESS;
 	}
 
@@ -491,7 +505,7 @@
 }
 
 void
-filter_free_x( Operation *op, Filter *f )
+filter_free_x( Operation *op, Filter *f, int freeme )
 {
 	Filter	*p, *next;
 
@@ -530,7 +544,7 @@
 	case LDAP_FILTER_NOT:
 		for ( p = f->f_list; p != NULL; p = next ) {
 			next = p->f_next;
-			filter_free_x( op, p );
+			filter_free_x( op, p, 1 );
 		}
 		break;
 
@@ -547,7 +561,9 @@
 		break;
 	}
 
-	op->o_tmpfree( f, op->o_tmpmemctx );
+	if ( freeme ) {
+		op->o_tmpfree( f, op->o_tmpmemctx );
+	}
 }
 
 void
@@ -559,7 +575,7 @@
 	op.o_hdr = &ohdr;
 	op.o_tmpmemctx = slap_sl_context( f );
 	op.o_tmpmfuncs = &slap_sl_mfuncs;
-	filter_free_x( &op, f );
+	filter_free_x( &op, f, 1 );
 }
 
 void

Modified: openldap/vendor/openldap-release/servers/slapd/filterentry.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/filterentry.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/filterentry.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* filterentry.c - apply a filter to an entry */
-/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.104.2.4 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/filterentry.c,v 1.104.2.6 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -220,7 +220,7 @@
 					num_attr_vals++;
 
 					/* following malloced will be freed by comp_tree_free () */
-					a->a_comp_data = malloc( sizeof( ComponentData ) +
+					a->a_comp_data = SLAP_MALLOC( sizeof( ComponentData ) +
 						sizeof( ComponentSyntaxInfo* )*num_attr_vals );
 
 					if ( !a->a_comp_data ) return LDAP_NO_MEMORY;
@@ -716,7 +716,7 @@
 			num_attr_vals++;/* for NULL termination */
 
 			/* following malloced will be freed by comp_tree_free () */
-			a->a_comp_data = malloc( sizeof( ComponentData ) + sizeof( ComponentSyntaxInfo* )*num_attr_vals );
+			a->a_comp_data = SLAP_MALLOC( sizeof( ComponentData ) + sizeof( ComponentSyntaxInfo* )*num_attr_vals );
 
 			if ( !a->a_comp_data ) {
 				return LDAP_NO_MEMORY;

Modified: openldap/vendor/openldap-release/servers/slapd/frontend.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/frontend.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/frontend.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* frontend.c - routines for dealing with frontend */
-/* $OpenLDAP: pkg/ldap/servers/slapd/frontend.c,v 1.19.2.6 2008/04/24 08:13:39 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/frontend.c,v 1.19.2.9 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -108,11 +108,7 @@
 	frontendDB->be_def_limit.lms_s_pr_hide = 0;			/* don't hide number of entries left */
 	frontendDB->be_def_limit.lms_s_pr_total = 0;			/* number of total entries returned by pagedResults equal to hard limit */
 
-#if 0
-	/* FIXME: do we need this? */
-	frontendDB->be_pcl_mutexp = &frontendDB->be_pcl_mutex;
-	ldap_pvt_thread_mutex_init( frontendDB->be_pcl_mutexp );
-#endif
+	ldap_pvt_thread_mutex_init( &frontendDB->be_pcl_mutex );
 
 	/* suffix */
 	frontendDB->be_suffix = ch_calloc( 2, sizeof( struct berval ) );
@@ -131,7 +127,7 @@
 	frontendDB->bd_info->bi_type = "frontend";
 
 	/* known controls */
-	if ( slap_known_controls ) {
+	{
 		int	i;
 
 		frontendDB->bd_info->bi_controls = slap_known_controls;

Modified: openldap/vendor/openldap-release/servers/slapd/globals.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/globals.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/globals.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* globals.c - various global variables */
-/* $OpenLDAP: pkg/ldap/servers/slapd/globals.c,v 1.15.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/globals.c,v 1.15.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/index.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/index.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/index.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* index.c - index utilities */
-/* $OpenLDAP: pkg/ldap/servers/slapd/index.c,v 1.17.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/index.c,v 1.17.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* init.c - initialize various things */
-/* $OpenLDAP: pkg/ldap/servers/slapd/init.c,v 1.97.2.9 2008/02/12 00:46:46 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/init.c,v 1.97.2.10 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/ldapsync.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/ldapsync.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/ldapsync.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* ldapsync.c -- LDAP Content Sync Routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.32.2.7 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/ldapsync.c,v 1.32.2.8 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/limits.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/limits.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/limits.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* limits.c - routines to handle regex-based size and time limits */
-/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.73.2.6 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/limits.c,v 1.73.2.10 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -18,6 +18,7 @@
 
 #include <stdio.h>
 
+#include <ac/ctype.h>
 #include <ac/regex.h>
 #include <ac/string.h>
 
@@ -27,57 +28,60 @@
 /* define to get an error if requesting limit higher than hard */
 #undef ABOVE_HARD_LIMIT_IS_ERROR
 
-static char *
-limits2str( unsigned i )
-{
-	switch ( i ) {
-	case SLAP_LIMITS_UNDEFINED:
-		return "UNDEFINED";
+static const struct berval lmpats[] = {
+	BER_BVC( "base" ),
+	BER_BVC( "base" ),
+	BER_BVC( "onelevel" ),
+	BER_BVC( "subtree" ),
+	BER_BVC( "children" ),
+	BER_BVC( "regex" ),
+	BER_BVC( "anonymous" ),
+	BER_BVC( "users" ),
+	BER_BVC( "*" )
+};
 
-	case SLAP_LIMITS_EXACT:
-		return "EXACT";
-			
-	case SLAP_LIMITS_ONE:
-		return "ONELEVEL";	
+#ifdef LDAP_DEBUG
+static const char *const dn_source[2] = { "DN", "DN.THIS" };
+static const char *const lmpats_out[] = {
+	"UNDEFINED",
+	"EXACT",
+	"ONELEVEL",
+	"SUBTREE",
+	"CHILDREN",
+	"REGEX",
+	"ANONYMOUS",
+	"USERS",
+	"ANY"
+};
 
-	case SLAP_LIMITS_SUBTREE:
-		return "SUBTREE";
-
-	case SLAP_LIMITS_CHILDREN:
-		return "CHILDREN";
-
-	case SLAP_LIMITS_REGEX:
-		return "REGEX";
-
-	case SLAP_LIMITS_ANONYMOUS:
-		return "ANONYMOUS";
-		
-	case SLAP_LIMITS_USERS:
-		return "USERS";
-		
-	case SLAP_LIMITS_ANY:
-		return "ANY";
-
-	default:
-		return "UNKNOWN";
-	}
+static const char *
+limits2str( unsigned i )
+{
+	return i < (sizeof( lmpats_out ) / sizeof( lmpats_out[0] ))
+		? lmpats_out[i] : "UNKNOWN";
 }
+#endif /* LDAP_DEBUG */
 
-int
+static int
 limits_get( 
 	Operation		*op,
-	struct berval		*ndn, 
 	struct slap_limits_set 	**limit
 )
 {
+	static struct berval empty_dn = BER_BVC( "" );
 	struct slap_limits **lm;
+	struct berval		*ndns[2];
 
 	assert( op != NULL );
 	assert( limit != NULL );
 
-	Debug( LDAP_DEBUG_TRACE, "==> limits_get: %s dn=\"%s\"\n",
+	ndns[0] = &op->o_ndn;
+	ndns[1] = &op->o_req_ndn;
+
+	Debug( LDAP_DEBUG_TRACE, "==> limits_get: %s self=\"%s\" this=\"%s\"\n",
 			op->o_log_prefix,
-			BER_BVISNULL( ndn ) ? "[anonymous]" : ndn->bv_val, 0 );
+			BER_BVISNULL( ndns[0] ) ? "[anonymous]" : ndns[0]->bv_val,
+			BER_BVISNULL( ndns[1] ) ? "" : ndns[1]->bv_val );
 	/*
 	 * default values
 	 */
@@ -90,37 +94,33 @@
 	for ( lm = op->o_bd->be_limits; lm[0] != NULL; lm++ ) {
 		unsigned	style = lm[0]->lm_flags & SLAP_LIMITS_MASK;
 		unsigned	type = lm[0]->lm_flags & SLAP_LIMITS_TYPE_MASK;
+		unsigned	isthis = type == SLAP_LIMITS_TYPE_THIS;
+		struct berval *ndn = ndns[isthis];
 
+		if ( style == SLAP_LIMITS_ANY )
+			goto found_any;
+
+		if ( BER_BVISEMPTY( ndn ) ) {
+			if ( style == SLAP_LIMITS_ANONYMOUS )
+				goto found_nodn;
+			if ( !isthis )
+				continue;
+			ndn = &empty_dn;
+		}
+
 		switch ( style ) {
 		case SLAP_LIMITS_EXACT:
-			if ( BER_BVISEMPTY( ndn ) ) {
-				break;
-			}
-
 			if ( type == SLAP_LIMITS_TYPE_GROUP ) {
-				int	rc;
-
-				rc = backend_group( op, NULL,
+				int	rc = backend_group( op, NULL,
 						&lm[0]->lm_pat, ndn,
 						lm[0]->lm_group_oc,
 						lm[0]->lm_group_ad );
 				if ( rc == 0 ) {
-					*limit = &lm[0]->lm_limits;
-					Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=GROUP match=EXACT "
-							"dn=\"%s\" oc=\"%s\" ad=\"%s\"\n",
-							lm[0]->lm_pat.bv_val,
-							lm[0]->lm_group_oc->soc_cname.bv_val,
-							lm[0]->lm_group_ad->ad_cname.bv_val );
-
-					return( 0 );
+					goto found_group;
 				}
 			} else {
-			
 				if ( dn_match( &lm[0]->lm_pat, ndn ) ) {
-					*limit = &lm[0]->lm_limits;
-					Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=EXACT dn=\"%s\"\n",
-							lm[0]->lm_pat.bv_val, 0, 0 );
-					return( 0 );
+					goto found_dn;
 				}
 			}
 			break;
@@ -128,20 +128,16 @@
 		case SLAP_LIMITS_ONE:
 		case SLAP_LIMITS_SUBTREE:
 		case SLAP_LIMITS_CHILDREN: {
-			size_t d;
+			ber_len_t d;
 			
-			if ( BER_BVISEMPTY( ndn ) ) {
-				break;
-			}
-
-			/* ndn shorter than dn_pat */
+			/* ndn shorter than lm_pat */
 			if ( ndn->bv_len < lm[0]->lm_pat.bv_len ) {
 				break;
 			}
 			d = ndn->bv_len - lm[0]->lm_pat.bv_len;
 
-			/* allow exact match for SUBTREE only */
 			if ( d == 0 ) {
+				/* allow exact match for SUBTREE only */
 				if ( style != SLAP_LIMITS_SUBTREE ) {
 					break;
 				}
@@ -152,69 +148,54 @@
 				}
 			}
 
-			/* in case of (sub)match ... */
-			if ( lm[0]->lm_pat.bv_len == ( ndn->bv_len - d )
-					&& strcmp( lm[0]->lm_pat.bv_val,
-						&ndn->bv_val[d] ) == 0 )
-			{
-				/* check for exactly one rdn in case of ONE */
-				if ( style == SLAP_LIMITS_ONE ) {
-					/*
-					 * if ndn is more that one rdn
-					 * below dn_pat, continue
-					 */
-					if ( (size_t) dn_rdnlen( NULL, ndn )
-							!= d - 1 )
-					{
-						break;
-					}
-				}
+			/* check that ndn ends with lm_pat */
+			if ( strcmp( lm[0]->lm_pat.bv_val, &ndn->bv_val[d] ) != 0 ) {
+				break;
+			}
 
-				*limit = &lm[0]->lm_limits;
-				Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s dn=\"%s\"\n",
-						limits2str( style ), lm[0]->lm_pat.bv_val, 0 );
-				return( 0 );
+			/* in case of ONE, require exactly one rdn below lm_pat */
+			if ( style == SLAP_LIMITS_ONE ) {
+				if ( dn_rdnlen( NULL, ndn ) != d - 1 ) {
+					break;
+				}
 			}
 
-			break;
+			goto found_dn;
 		}
 
 		case SLAP_LIMITS_REGEX:
-			if ( BER_BVISEMPTY( ndn ) ) {
-				break;
+			if ( regexec( &lm[0]->lm_regex, ndn->bv_val, 0, NULL, 0 ) == 0 ) {
+				goto found_dn;
 			}
-			if ( regexec( &lm[0]->lm_regex, ndn->bv_val,
-						0, NULL, 0 ) == 0 )
-			{
-				*limit = &lm[0]->lm_limits;
-				Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s dn=\"%s\"\n",
-						limits2str( style ), lm[0]->lm_pat.bv_val, 0 );
-				return( 0 );
-			}
 			break;
 
 		case SLAP_LIMITS_ANONYMOUS:
-			if ( BER_BVISEMPTY( ndn ) ) {
-				Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s\n",
-						limits2str( style ), 0, 0 );
-				*limit = &lm[0]->lm_limits;
-				return( 0 );
-			}
 			break;
 
 		case SLAP_LIMITS_USERS:
-			if ( !BER_BVISEMPTY( ndn ) ) {
-				*limit = &lm[0]->lm_limits;
-				Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=DN match=%s\n",
-						limits2str( style ), 0, 0 );
-				return( 0 );
-			}
-			break;
+		found_nodn:
+			Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=%s match=%s\n",
+				dn_source[isthis], limits2str( style ), 0 );
+		found_any:
+			*limit = &lm[0]->lm_limits;
+			return( 0 );
 
-		case SLAP_LIMITS_ANY:
+		found_dn:
+			Debug( LDAP_DEBUG_TRACE,
+				"<== limits_get: type=%s match=%s dn=\"%s\"\n",
+				dn_source[isthis], limits2str( style ), lm[0]->lm_pat.bv_val );
 			*limit = &lm[0]->lm_limits;
 			return( 0 );
 
+		found_group:
+			Debug( LDAP_DEBUG_TRACE, "<== limits_get: type=GROUP match=EXACT "
+				"dn=\"%s\" oc=\"%s\" ad=\"%s\"\n",
+				lm[0]->lm_pat.bv_val,
+				lm[0]->lm_group_oc->soc_cname.bv_val,
+				lm[0]->lm_group_ad->ad_cname.bv_val );
+			*limit = &lm[0]->lm_limits;
+			return( 0 );
+
 		default:
 			assert( 0 );	/* unreachable */
 			return( -1 );
@@ -248,6 +229,7 @@
 	case SLAP_LIMITS_ANONYMOUS:
 	case SLAP_LIMITS_USERS:
 	case SLAP_LIMITS_ANY:
+		/* For these styles, type == 0 (SLAP_LIMITS_TYPE_SELF). */
 		for ( i = 0; be->be_limits && be->be_limits[ i ]; i++ ) {
 			if ( be->be_limits[ i ]->lm_flags == style ) {
 				return( -1 );
@@ -267,7 +249,6 @@
 	case SLAP_LIMITS_ONE:
 	case SLAP_LIMITS_SUBTREE:
 	case SLAP_LIMITS_CHILDREN:
-		lm->lm_flags = style | type;
 		{
 			int rc;
 			struct berval bv;
@@ -283,7 +264,6 @@
 		break;
 		
 	case SLAP_LIMITS_REGEX:
-		lm->lm_flags = style | type;
 		ber_str2bv( pattern, 0, 1, &lm->lm_pat );
 		if ( regcomp( &lm->lm_regex, lm->lm_pat.bv_val, 
 					REG_EXTENDED | REG_ICASE ) ) {
@@ -296,7 +276,6 @@
 	case SLAP_LIMITS_ANONYMOUS:
 	case SLAP_LIMITS_USERS:
 	case SLAP_LIMITS_ANY:
-		lm->lm_flags = style | type;
 		BER_BVZERO( &lm->lm_pat );
 		break;
 	}
@@ -310,6 +289,7 @@
 		break;
 	}
 
+	lm->lm_flags = style | type;
 	lm->lm_limits = *limit;
 
 	i = 0;
@@ -325,6 +305,8 @@
 	return( 0 );
 }
 
+#define STRSTART( s, m ) (strncasecmp( s, m, STRLENOF( "" m "" )) == 0)
+
 int
 limits_parse(
 	Backend     *be,
@@ -363,10 +345,12 @@
 	 * 
 	 * "anonymous"
 	 * "users"
-	 * [ "dn" [ "." { "exact" | "base" | "onelevel" | "subtree" | children"
-	 *	| "regex" | "anonymous" } ] "=" ] <dn pattern>
+	 * [ "dn" [ "." { "this" | "self" } ] [ "." { "exact" | "base" |
+	 *	"onelevel" | "subtree" | "children" | "regex" | "anonymous" } ]
+	 *	"=" ] <dn pattern>
 	 *
 	 * Note:
+	 *	"this" is the baseobject, "self" (the default) is the bound DN
 	 *	"exact" and "base" are the same (exact match);
 	 *	"onelevel" means exactly one rdn below, NOT including pattern
 	 *	"subtree" means any rdn below, including pattern
@@ -394,22 +378,35 @@
 	} else if ( strcasecmp( pattern, "users" ) == 0 ) {
 		flags = SLAP_LIMITS_USERS;
 		
-	} else if ( strncasecmp( pattern, "dn", STRLENOF( "dn" ) ) == 0 ) {
+	} else if ( STRSTART( pattern, "dn" ) ) {
 		pattern += STRLENOF( "dn" );
+		flags = SLAP_LIMITS_TYPE_SELF;
 		if ( pattern[0] == '.' ) {
 			pattern++;
-			if ( strncasecmp( pattern, "exact", STRLENOF( "exact" )) == 0 ) {
-				flags = SLAP_LIMITS_EXACT;
+			if ( STRSTART( pattern, "this" ) ) {
+				flags = SLAP_LIMITS_TYPE_THIS;
+				pattern += STRLENOF( "this" );
+			} else if ( STRSTART( pattern, "self" ) ) {
+				pattern += STRLENOF( "self" );
+			} else {
+				goto got_dn_dot;
+			}
+		}
+		if ( pattern[0] == '.' ) {
+			pattern++;
+		got_dn_dot:
+			if ( STRSTART( pattern, "exact" ) ) {
+				flags |= SLAP_LIMITS_EXACT;
 				pattern += STRLENOF( "exact" );
 
-			} else if ( strncasecmp( pattern, "base", STRLENOF( "base" ) ) == 0 ) {
-				flags = SLAP_LIMITS_BASE;
+			} else if ( STRSTART( pattern, "base" ) ) {
+				flags |= SLAP_LIMITS_BASE;
 				pattern += STRLENOF( "base" );
 
-			} else if ( strncasecmp( pattern, "one", STRLENOF( "one" ) ) == 0 ) {
-				flags = SLAP_LIMITS_ONE;
+			} else if ( STRSTART( pattern, "one" ) ) {
+				flags |= SLAP_LIMITS_ONE;
 				pattern += STRLENOF( "one" );
-				if ( strncasecmp( pattern, "level", STRLENOF( "level" ) ) == 0 ) {
+				if ( STRSTART( pattern, "level" ) ) {
 					pattern += STRLENOF( "level" );
 
 				} else {
@@ -419,10 +416,10 @@
 						"use \"onelevel\" instead.\n", fname, lineno, 0 );
 				}
 
-			} else if ( strncasecmp( pattern, "sub", STRLENOF( "sub" ) ) == 0 ) {
-				flags = SLAP_LIMITS_SUBTREE;
+			} else if ( STRSTART( pattern, "sub" ) ) {
+				flags |= SLAP_LIMITS_SUBTREE;
 				pattern += STRLENOF( "sub" );
-				if ( strncasecmp( pattern, "tree", STRLENOF( "tree" ) ) == 0 ) {
+				if ( STRSTART( pattern, "tree" ) ) {
 					pattern += STRLENOF( "tree" );
 
 				} else {
@@ -432,43 +429,43 @@
 						"use \"subtree\" instead.\n", fname, lineno, 0 );
 				}
 
-			} else if ( strncasecmp( pattern, "children", STRLENOF( "children" ) ) == 0 ) {
-				flags = SLAP_LIMITS_CHILDREN;
+			} else if ( STRSTART( pattern, "children" ) ) {
+				flags |= SLAP_LIMITS_CHILDREN;
 				pattern += STRLENOF( "children" );
 
-			} else if ( strncasecmp( pattern, "regex", STRLENOF( "regex" ) ) == 0 ) {
-				flags = SLAP_LIMITS_REGEX;
+			} else if ( STRSTART( pattern, "regex" ) ) {
+				flags |= SLAP_LIMITS_REGEX;
 				pattern += STRLENOF( "regex" );
 
 			/* 
 			 * this could be deprecated in favour
 			 * of the pattern = "anonymous" form
 			 */
-			} else if ( strncasecmp( pattern, "anonymous", STRLENOF( "anonymous" ) ) == 0 ) {
+			} else if ( STRSTART( pattern, "anonymous" )
+					&& flags == SLAP_LIMITS_TYPE_SELF )
+			{
 				flags = SLAP_LIMITS_ANONYMOUS;
 				pattern = NULL;
+
+			} else {
+				/* force error below */
+				if ( *pattern == '=' )
+					--pattern;
 			}
 		}
 
 		/* pre-check the data */
-		switch ( flags ) {
-		case SLAP_LIMITS_ANONYMOUS:
-		case SLAP_LIMITS_USERS:
-
-			/* no need for pattern */
-			pattern = NULL;
-			break;
-
-		default:
+		if ( pattern != NULL ) {
 			if ( pattern[0] != '=' ) {
 				Debug( LDAP_DEBUG_ANY,
-					"%s : line %d: missing '=' in "
-					"\"dn[.{exact|base|onelevel|subtree"
-					"|children|regex|anonymous}]"
-					"=<pattern>\" in "
-					"\"limits <pattern> <limits>\" "
-					"line.\n%s",
-					fname, lineno, "" );
+					"%s : line %d: %s in "
+					"\"dn[.{this|self}][.{exact|base"
+					"|onelevel|subtree|children|regex"
+					"|anonymous}]=<pattern>\" in "
+					"\"limits <pattern> <limits>\" line.\n",
+					fname, lineno,
+					isalnum( (unsigned char)pattern[0] )
+					? "unknown DN modifier" : "missing '='" );
 				return( -1 );
 			}
 
@@ -480,14 +477,14 @@
 				flags = SLAP_LIMITS_ANY;
 				pattern = NULL;
 
-			} else if ( flags == SLAP_LIMITS_REGEX
+			} else if ( (flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX
 					&& strcmp( pattern, ".*" ) == 0 ) {
 				flags = SLAP_LIMITS_ANY;
 				pattern = NULL;
 			}
 		}
 
-	} else if (strncasecmp( pattern, "group", STRLENOF( "group" ) ) == 0 ) {
+	} else if (STRSTART( pattern, "group" ) ) {
 		pattern += STRLENOF( "group" );
 
 		if ( pattern[0] == '/' ) {
@@ -637,14 +634,16 @@
 	assert( arg != NULL );
 	assert( limit != NULL );
 
-	if ( strncasecmp( arg, "time", STRLENOF( "time" ) ) == 0 ) {
+	if ( STRSTART( arg, "time" ) ) {
 		arg += STRLENOF( "time" );
 
 		if ( arg[0] == '.' ) {
 			arg++;
-			if ( strncasecmp( arg, "soft=", STRLENOF( "soft=" ) ) == 0 ) {
+			if ( STRSTART( arg, "soft=" ) ) {
 				arg += STRLENOF( "soft=" );
-				if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				if ( strcasecmp( arg, "unlimited" ) == 0
+					|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_t_soft = -1;
 
 				} else {
@@ -661,12 +660,14 @@
 					limit->lms_t_soft = soft;
 				}
 				
-			} else if ( strncasecmp( arg, "hard=", STRLENOF( "hard=" ) ) == 0 ) {
+			} else if ( STRSTART( arg, "hard=" ) ) {
 				arg += STRLENOF( "hard=" );
 				if ( strcasecmp( arg, "soft" ) == 0 ) {
 					limit->lms_t_hard = 0;
 
-				} else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				} else if ( strcasecmp( arg, "unlimited" ) == 0
+						|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_t_hard = -1;
 
 				} else {
@@ -693,7 +694,9 @@
 			
 		} else if ( arg[0] == '=' ) {
 			arg++;
-			if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+			if ( strcasecmp( arg, "unlimited" ) == 0
+				|| strcasecmp( arg, "none" ) == 0 )
+			{
 				limit->lms_t_soft = -1;
 
 			} else {
@@ -709,14 +712,16 @@
 			return( 1 );
 		}
 
-	} else if ( strncasecmp( arg, "size", STRLENOF( "size" ) ) == 0 ) {
+	} else if ( STRSTART( arg, "size" ) ) {
 		arg += STRLENOF( "size" );
 		
 		if ( arg[0] == '.' ) {
 			arg++;
-			if ( strncasecmp( arg, "soft=", STRLENOF( "soft=" ) ) == 0 ) {
+			if ( STRSTART( arg, "soft=" ) ) {
 				arg += STRLENOF( "soft=" );
-				if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				if ( strcasecmp( arg, "unlimited" ) == 0
+					|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_s_soft = -1;
 
 				} else {
@@ -733,12 +738,14 @@
 					limit->lms_s_soft = soft;
 				}
 				
-			} else if ( strncasecmp( arg, "hard=", STRLENOF( "hard=" ) ) == 0 ) {
+			} else if ( STRSTART( arg, "hard=" ) ) {
 				arg += STRLENOF( "hard=" );
 				if ( strcasecmp( arg, "soft" ) == 0 ) {
 					limit->lms_s_hard = 0;
 
-				} else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				} else if ( strcasecmp( arg, "unlimited" ) == 0
+						|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_s_hard = -1;
 
 				} else {
@@ -759,9 +766,11 @@
 					limit->lms_s_hard = hard;
 				}
 				
-			} else if ( strncasecmp( arg, "unchecked=", STRLENOF( "unchecked=" ) ) == 0 ) {
+			} else if ( STRSTART( arg, "unchecked=" ) ) {
 				arg += STRLENOF( "unchecked=" );
-				if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				if ( strcasecmp( arg, "unlimited" ) == 0
+					|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_s_unchecked = -1;
 
 				} else if ( strcasecmp( arg, "disabled" ) == 0 ) {
@@ -781,12 +790,14 @@
 					limit->lms_s_unchecked = unchecked;
 				}
 
-			} else if ( strncasecmp( arg, "pr=", STRLENOF( "pr=" ) ) == 0 ) {
+			} else if ( STRSTART( arg, "pr=" ) ) {
 				arg += STRLENOF( "pr=" );
 				if ( strcasecmp( arg, "noEstimate" ) == 0 ) {
 					limit->lms_s_pr_hide = 1;
 
-				} else if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				} else if ( strcasecmp( arg, "unlimited" ) == 0
+						|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_s_pr = -1;
 
 				} else {
@@ -803,10 +814,12 @@
 					limit->lms_s_pr = pr;
 				}
 
-			} else if ( strncasecmp( arg, "prtotal=", STRLENOF( "prtotal=" ) ) == 0 ) {
+			} else if ( STRSTART( arg, "prtotal=" ) ) {
 				arg += STRLENOF( "prtotal=" );
 
-				if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+				if ( strcasecmp( arg, "unlimited" ) == 0
+					|| strcasecmp( arg, "none" ) == 0 )
+				{
 					limit->lms_s_pr_total = -1;
 
 				} else if ( strcasecmp( arg, "disabled" ) == 0 ) {
@@ -839,7 +852,9 @@
 			
 		} else if ( arg[0] == '=' ) {
 			arg++;
-			if ( strcasecmp( arg, "unlimited" ) == 0 || strcasecmp( arg, "none" ) == 0 ) {
+			if ( strcasecmp( arg, "unlimited" ) == 0
+				|| strcasecmp( arg, "none" ) == 0 )
+			{
 				limit->lms_s_soft = -1;
 
 			} else {
@@ -859,53 +874,49 @@
 	return 0;
 }
 
-static const char *lmpats[] = {
-	"base",
-	"base",
-	"onelevel",
-	"subtree",
-	"children",
-	"regex",
-	"anonymous",
-	"users",
-	"*"
-};
+/* Helper macros for limits_unparse() and limits_unparse_one():
+ * Write to ptr, but not past bufEnd.  Move ptr past the new text.
+ * Return (success && enough room ? 0 : -1).
+ */
+#define ptr_APPEND_BV(bv) /* Append a \0-terminated berval */ \
+	(WHATSLEFT <= (bv).bv_len ? -1 : \
+	 ((void) (ptr = lutil_strcopy( ptr, (bv).bv_val )), 0))
+#define ptr_APPEND_LIT(str) /* Append a string literal */ \
+	(WHATSLEFT <= STRLENOF( "" str "" ) ? -1 : \
+	 ((void) (ptr = lutil_strcopy( ptr, str )), 0))
+#define ptr_APPEND_FMT(args) /* Append formatted text */ \
+	(WHATSLEFT <= (tmpLen = snprintf args) ? -1 : ((void) (ptr += tmpLen), 0))
+#define ptr_APPEND_FMT1(fmt, arg) ptr_APPEND_FMT(( ptr, WHATSLEFT, fmt, arg ))
+#define WHATSLEFT ((ber_len_t) (bufEnd - ptr))
 
-#define WHATSLEFT	( buflen - ( ptr - bv->bv_val ) )
-
 /* Caller must provide an adequately sized buffer in bv */
 int
 limits_unparse( struct slap_limits *lim, struct berval *bv, ber_len_t buflen )
 {
 	struct berval btmp;
-	char *ptr;
-	int lm;
+	char *ptr, *bufEnd;			/* Updated/used by ptr_APPEND_*()/WHATSLEFT */
+	ber_len_t tmpLen;			/* Used by ptr_APPEND_FMT*() */
+	unsigned type, style;
+	int rc = 0;
 
 	if ( !bv || !bv->bv_val ) return -1;
 
 	ptr = bv->bv_val;
+	bufEnd = ptr + buflen;
+	type = lim->lm_flags & SLAP_LIMITS_TYPE_MASK;
 
-	if (( lim->lm_flags & SLAP_LIMITS_TYPE_MASK ) == SLAP_LIMITS_TYPE_GROUP ) {
-		if ( WHATSLEFT <= STRLENOF( "group/" "/" "=\"" "\"" )
-				+ lim->lm_group_oc->soc_cname.bv_len
-				+ lim->lm_group_ad->ad_cname.bv_len
-				+ lim->lm_pat.bv_len ) return -1;
-
-		ptr = lutil_strcopy( ptr, "group/" );
-		ptr = lutil_strcopy( ptr, lim->lm_group_oc->soc_cname.bv_val );
-		*ptr++ = '/';
-		ptr = lutil_strcopy( ptr, lim->lm_group_ad->ad_cname.bv_val );
-		ptr = lutil_strcopy( ptr, "=\"" );
-		ptr = lutil_strcopy( ptr, lim->lm_pat.bv_val );
-		*ptr++ = '"';
+	if ( type == SLAP_LIMITS_TYPE_GROUP ) {
+		rc = ptr_APPEND_FMT(( ptr, WHATSLEFT, "group/%s/%s=\"%s\"",
+			lim->lm_group_oc->soc_cname.bv_val,
+			lim->lm_group_ad->ad_cname.bv_val,
+			lim->lm_pat.bv_val ));
 	} else {
-		lm = lim->lm_flags & SLAP_LIMITS_MASK;
-		switch( lm ) {
+		style = lim->lm_flags & SLAP_LIMITS_MASK;
+		switch( style ) {
 		case SLAP_LIMITS_ANONYMOUS:
 		case SLAP_LIMITS_USERS:
 		case SLAP_LIMITS_ANY:
-			if ( WHATSLEFT <= strlen( lmpats[lm] ) ) return -1;
-			ptr = lutil_strcopy( ptr, lmpats[lm] );
+			rc = ptr_APPEND_BV( lmpats[style] );
 			break;
 		case SLAP_LIMITS_UNDEFINED:
 		case SLAP_LIMITS_EXACT:
@@ -913,39 +924,40 @@
 		case SLAP_LIMITS_SUBTREE:
 		case SLAP_LIMITS_CHILDREN:
 		case SLAP_LIMITS_REGEX:
-			if ( WHATSLEFT <= STRLENOF( "dn." "=" "\"" "\"" )
-					+ strlen( lmpats[lm] ) + lim->lm_pat.bv_len ) return -1;
-			ptr = lutil_strcopy( ptr, "dn." );
-			ptr = lutil_strcopy( ptr, lmpats[lm] );
-			*ptr++ = '=';
-			*ptr++ = '"';
-			ptr = lutil_strcopy( ptr, lim->lm_pat.bv_val );
-			*ptr++ = '"';
+			rc = ptr_APPEND_FMT(( ptr, WHATSLEFT, "dn.%s%s=\"%s\"",
+				type == SLAP_LIMITS_TYPE_SELF ? "" : "this.",
+				lmpats[style].bv_val, lim->lm_pat.bv_val ));
 			break;
 		}
 	}
-	bv->bv_len = ptr - bv->bv_val;
-	btmp.bv_val = ptr;
-	btmp.bv_len = 0;
-	if ( limits_unparse_one( &lim->lm_limits,
-			SLAP_LIMIT_SIZE|SLAP_LIMIT_TIME,
-			&btmp, WHATSLEFT ) )
-	{
-		return -1;
+	if ( rc == 0 ) {
+		bv->bv_len = ptr - bv->bv_val;
+		btmp.bv_val = ptr;
+		btmp.bv_len = 0;
+		rc = limits_unparse_one( &lim->lm_limits,
+			SLAP_LIMIT_SIZE | SLAP_LIMIT_TIME,
+			&btmp, WHATSLEFT );
+		if ( rc == 0 )
+			bv->bv_len += btmp.bv_len;
 	}
-	bv->bv_len += btmp.bv_len;
-	return 0;
+	return rc;
 }
 
 /* Caller must provide an adequately sized buffer in bv */
 int
-limits_unparse_one( struct slap_limits_set *lim, int which, struct berval *bv, ber_len_t buflen )
+limits_unparse_one(
+	struct slap_limits_set	*lim,
+	int				which,
+	struct berval	*bv,
+	ber_len_t		buflen )
 {
-	char *ptr;
+	char *ptr, *bufEnd;			/* Updated/used by ptr_APPEND_*()/WHATSLEFT */
+	ber_len_t tmpLen;			/* Used by ptr_APPEND_FMT*() */
 
 	if ( !bv || !bv->bv_val ) return -1;
 
 	ptr = bv->bv_val;
+	bufEnd = ptr + buflen;
 
 	if ( which & SLAP_LIMIT_SIZE ) {
 		if ( lim->lms_s_soft != SLAPD_DEFAULT_SIZELIMIT ) {
@@ -957,79 +969,49 @@
 				goto s_hard;
 			/* If there's also a hard limit, fully qualify this one */
 			} else if ( lim->lms_s_hard ) {
-				if ( WHATSLEFT <= STRLENOF( " size.soft=" ) ) return -1;
-				ptr = lutil_strcopy( ptr, " size.soft=" );
+				if ( ptr_APPEND_LIT( " size.soft=" ) ) return -1;
 
 			/* If doing both size & time, qualify this */
 			} else if ( which & SLAP_LIMIT_TIME ) {
-				if ( WHATSLEFT <= STRLENOF( " size=" ) ) return -1;
-				ptr = lutil_strcopy( ptr, " size=" );
+				if ( ptr_APPEND_LIT( " size=" ) ) return -1;
 			}
 
-			if ( lim->lms_s_soft == -1 ) {
-				if ( WHATSLEFT <= STRLENOF( "unlimited" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "unlimited" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_s_soft );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( lim->lms_s_soft == -1
+					? ptr_APPEND_LIT( "unlimited " )
+					: ptr_APPEND_FMT1( "%d ", lim->lms_s_soft ) )
+				return -1;
 		}
 s_hard:
 		if ( lim->lms_s_hard ) {
-			if ( WHATSLEFT <= STRLENOF( " size.hard=" ) ) return -1;
-			ptr = lutil_strcopy( ptr, " size.hard=" );
-			if ( lim->lms_s_hard == -1 ) {
-				if ( WHATSLEFT <= STRLENOF( "unlimited" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "unlimited" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_s_hard );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( ptr_APPEND_LIT( " size.hard=" ) ) return -1;
+			if ( lim->lms_s_hard == -1
+					? ptr_APPEND_LIT( "unlimited " )
+					: ptr_APPEND_FMT1( "%d ", lim->lms_s_hard ) )
+				return -1;
 		}
 		if ( lim->lms_s_unchecked != -1 ) {
-			if ( WHATSLEFT <= STRLENOF( " size.unchecked=" ) ) return -1;
-			ptr = lutil_strcopy( ptr, " size.unchecked=" );
-			if ( lim->lms_s_unchecked == 0 ) {
-				if ( WHATSLEFT <= STRLENOF( "disabled" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "disabled" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_s_unchecked );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( ptr_APPEND_LIT( " size.unchecked=" ) ) return -1;
+			if ( lim->lms_s_unchecked == 0
+					? ptr_APPEND_LIT( "disabled " )
+					: ptr_APPEND_FMT1( "%d ", lim->lms_s_unchecked ) )
+				return -1;
 		}
 		if ( lim->lms_s_pr_hide ) {
-			if ( WHATSLEFT <= STRLENOF( " size.pr=noEstimate " ) ) return -1;
-			ptr = lutil_strcopy( ptr, " size.pr=noEstimate " );
+			if ( ptr_APPEND_LIT( " size.pr=noEstimate " ) ) return -1;
 		}
 		if ( lim->lms_s_pr ) {
-			if ( WHATSLEFT <= STRLENOF( " size.pr=" ) ) return -1;
-			ptr = lutil_strcopy( ptr, " size.pr=" );
-			if ( lim->lms_s_pr == -1 ) {
-				if ( WHATSLEFT <= STRLENOF( "unlimited" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "unlimited" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_s_pr );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( ptr_APPEND_LIT( " size.pr=" ) ) return -1;
+			if ( lim->lms_s_pr == -1
+					? ptr_APPEND_LIT( "unlimited " )
+					: ptr_APPEND_FMT1( "%d ", lim->lms_s_pr ) )
+				return -1;
 		}
 		if ( lim->lms_s_pr_total ) {
-			if ( WHATSLEFT <= STRLENOF( " size.prtotal=" ) ) return -1;
-			ptr = lutil_strcopy( ptr, " size.prtotal=" );
-			if ( lim->lms_s_pr_total == -1 ) {
-				if ( WHATSLEFT <= STRLENOF( "unlimited" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "unlimited" );
-			} else if ( lim->lms_s_pr_total == -2 ) {
-				if ( WHATSLEFT <= STRLENOF( "disabled" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "disabled" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_s_pr_total );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( ptr_APPEND_LIT( " size.prtotal=" ) ) return -1;
+			if ( lim->lms_s_pr_total  == -1 ? ptr_APPEND_LIT( "unlimited " )
+				: lim->lms_s_pr_total == -2 ? ptr_APPEND_LIT( "disabled " )
+				: ptr_APPEND_FMT1( "%d ", lim->lms_s_pr_total ) )
+				return -1;
 		}
 	}
 
@@ -1044,36 +1026,25 @@
 
 			/* If there's also a hard limit, fully qualify this one */
 			} else if ( lim->lms_t_hard ) {
-				if ( WHATSLEFT <= STRLENOF( " time.soft=" ) ) return -1;
-				ptr = lutil_strcopy( ptr, " time.soft=" );
+				if ( ptr_APPEND_LIT( " time.soft=" ) ) return -1;
 
 			/* If doing both size & time, qualify this */
 			} else if ( which & SLAP_LIMIT_SIZE ) {
-				if ( WHATSLEFT <= STRLENOF( " time=" ) ) return -1;
-				ptr = lutil_strcopy( ptr, " time=" );
+				if ( ptr_APPEND_LIT( " time=" ) ) return -1;
 			}
 
-			if ( lim->lms_t_soft == -1 ) {
-				if ( WHATSLEFT <= STRLENOF( "unlimited" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "unlimited" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_t_soft );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( lim->lms_t_soft == -1
+					? ptr_APPEND_LIT( "unlimited " )
+					: ptr_APPEND_FMT1( "%d ", lim->lms_t_soft ) )
+				return -1;
 		}
 t_hard:
 		if ( lim->lms_t_hard ) {
-			if ( WHATSLEFT <= STRLENOF( " time.hard=" ) ) return -1;
-			ptr = lutil_strcopy( ptr, " time.hard=" );
-			if ( lim->lms_t_hard == -1 ) {
-				if ( WHATSLEFT <= STRLENOF( "unlimited" ) ) return -1;
-				ptr = lutil_strcopy( ptr, "unlimited" );
-			} else {
-				ptr += snprintf( ptr, WHATSLEFT, "%d", lim->lms_t_hard );
-				if ( WHATSLEFT < 0 ) return -1;
-			}
-			*ptr++ = ' ';
+			if ( ptr_APPEND_LIT( " time.hard=" ) ) return -1;
+			if ( lim->lms_t_hard == -1
+					? ptr_APPEND_LIT( "unlimited " )
+					: ptr_APPEND_FMT1( "%d ", lim->lms_t_hard ) )
+				return -1;
 		}
 	}
 	if ( ptr != bv->bv_val ) {
@@ -1132,7 +1103,7 @@
 
 	/* if not root, get appropriate limits */
 	} else {
-		( void ) limits_get( op, &op->o_ndn, &op->ors_limit );
+		( void ) limits_get( op, &op->ors_limit );
 
 		assert( op->ors_limit != NULL );
 
@@ -1194,7 +1165,9 @@
 				return -1;
 			}
 			
-			if ( op->ors_limit->lms_s_pr > 0 && ps->ps_size > op->ors_limit->lms_s_pr ) {
+			if ( op->ors_limit->lms_s_pr > 0
+				&& ps->ps_size > op->ors_limit->lms_s_pr )
+			{
 				rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
 				rs->sr_text = "illegal pagedResults page size";
 				send_ldap_result( op, rs );
@@ -1223,7 +1196,8 @@
 
 #ifdef ABOVE_HARD_LIMIT_IS_ERROR
 			} else if ( pr_total > 0 && op->ors_slimit != SLAP_MAX_LIMIT
-					&& ( op->ors_slimit == SLAP_NO_LIMIT || op->ors_slimit > pr_total ) )
+					&& ( op->ors_slimit == SLAP_NO_LIMIT
+						|| op->ors_slimit > pr_total ) )
 			{
 				rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
 				send_ldap_result( op, rs );
@@ -1236,16 +1210,19 @@
 				int	total;
 				int	slimit2;
 
-				/* first round of pagedResults: set count to any appropriate limit */
+				/* first round of pagedResults:
+				 * set count to any appropriate limit */
 
-				/* if the limit is set, check that it does not violate any server-side limit */
+				/* if the limit is set, check that it does
+				 * not violate any server-side limit */
 #ifdef ABOVE_HARD_LIMIT_IS_ERROR
-				if ( op->ors_slimit == SLAP_MAX_LIMIT ) {
-					slimit2 = op->ors_slimit = pr_total;
+				if ( op->ors_slimit == SLAP_MAX_LIMIT )
 #else /* ! ABOVE_HARD_LIMIT_IS_ERROR */
-				if ( op->ors_slimit == SLAP_MAX_LIMIT || op->ors_slimit > pr_total ) {
-					slimit2 = op->ors_slimit = pr_total;
+				if ( op->ors_slimit == SLAP_MAX_LIMIT
+					|| op->ors_slimit > pr_total )
 #endif /* ! ABOVE_HARD_LIMIT_IS_ERROR */
+				{
+					slimit2 = op->ors_slimit = pr_total;
 
 				} else if ( op->ors_slimit == 0 ) {
 					slimit2 = pr_total;
@@ -1264,7 +1241,7 @@
 	
 						} else {
 							/* use the perpage limit if any 
-							 * NOTE: + 1 because the given value must be legal */
+							 * NOTE: + 1 because given value must be legal */
 							slimit = op->ors_limit->lms_s_pr + 1;
 						}
 
@@ -1358,24 +1335,12 @@
 	}
 
 	for ( i = 0; lm[ i ]; i++ ) {
-		switch ( lm[ i ]->lm_flags & SLAP_LIMITS_MASK ) {
-		case SLAP_LIMITS_REGEX:
+		if ( (lm[ i ]->lm_flags & SLAP_LIMITS_MASK) == SLAP_LIMITS_REGEX )
 			regfree( &lm[ i ]->lm_regex );
-			break;
 
-		case SLAP_LIMITS_EXACT:
-		case SLAP_LIMITS_ONE:
-		case SLAP_LIMITS_SUBTREE:
-		case SLAP_LIMITS_CHILDREN:
-			if ( !BER_BVISNULL( &lm[ i ]->lm_pat ) ) {
-				ch_free( lm[ i ]->lm_pat.bv_val );
-			}
-			break;
+		if ( !BER_BVISNULL( &lm[ i ]->lm_pat ) )
+			ch_free( lm[ i ]->lm_pat.bv_val );
 
-		default:
-			break;
-		}
-
 		ch_free( lm[ i ] );
 	}
 

Modified: openldap/vendor/openldap-release/servers/slapd/lock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/lock.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/lock.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* lock.c - routines to open and apply an advisory lock to a file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/lock.c,v 1.32.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/lock.c,v 1.32.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/main.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/main.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/main.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.239.2.13 2008/05/20 00:10:40 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/main.c,v 1.239.2.16 2009/02/06 01:03:12 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -792,7 +792,7 @@
 		}
 	}
 
-	if ( glue_sub_attach( ) != 0 ) {
+	if ( glue_sub_attach( 0 ) != 0 ) {
 		Debug( LDAP_DEBUG_ANY,
 		    "subordinate config error\n",
 		    0, 0, 0 );
@@ -1030,6 +1030,8 @@
 		ch_free( configdir );
 	if ( urls )
 		ch_free( urls );
+	if ( global_host )
+		ch_free( global_host );
 
 	/* kludge, get symbols referenced */
 	tavl_free( NULL, NULL );

Modified: openldap/vendor/openldap-release/servers/slapd/matchedValues.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/matchedValues.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/matchedValues.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/matchedValues.c,v 1.28.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/matchedValues.c,v 1.28.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/modify.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.276.2.9 2008/04/14 22:05:06 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modify.c,v 1.276.2.11 2009/01/30 19:07:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -268,6 +268,7 @@
 	if ( op->orm_increment && !SLAP_INCREMENT( op->o_bd ) ) {
 		send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
 			"modify/increment not supported in context" );
+		goto cleanup;
 	}
 
 	/*

Modified: openldap/vendor/openldap-release/servers/slapd/modrdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.170.2.5 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/modrdn.c,v 1.170.2.6 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/mods.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/mods.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/mods.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/mods.c,v 1.59.2.5 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mods.c,v 1.59.2.8 2009/02/11 00:57:40 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -59,7 +59,7 @@
 	/* FIXME: Catch old code that doesn't set sm_numvals.
 	 */
 	if ( !BER_BVISNULL( &mod->sm_values[mod->sm_numvals] )) {
-		int i;
+		unsigned i;
 		for ( i = 0; !BER_BVISNULL( &mod->sm_values[i] ); i++ );
 		assert( mod->sm_numvals == i );
 	}
@@ -69,8 +69,8 @@
 	if ( a != NULL ) {
 		MatchingRule	*mr;
 		struct berval *cvals;
-		int		rc, i, p;
-		unsigned flags;
+		int		rc;
+		unsigned i, p, flags;
 
 		mr = mod->sm_desc->ad_type->sat_equality;
 		if( mr == NULL || !mr->smr_match ) {
@@ -99,7 +99,13 @@
 		 * server (whether from LDAP or from the underlying
 		 * database).
 		 */
-		flags = SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX;
+		if ( a->a_desc == slap_schema.si_ad_objectClass ) {
+			/* Needed by ITS#5517 */
+			flags = SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX;
+
+		} else {
+			flags = SLAP_MR_EQUALITY | SLAP_MR_VALUE_OF_ASSERTION_SYNTAX;
+		}
 		if ( mod->sm_nvalues ) {
 			flags |= SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH |
 				SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH;
@@ -116,7 +122,7 @@
 					/* value already exists */
 					*text = textbuf;
 					snprintf( textbuf, textlen,
-						"modify/%s: %s: value #%d already exists",
+						"modify/%s: %s: value #%u already exists",
 						op, mod->sm_desc->ad_cname.bv_val, i );
 					return LDAP_TYPE_OR_VALUE_EXISTS;
 				}
@@ -196,8 +202,8 @@
 	MatchingRule 	*mr = mod->sm_desc->ad_type->sat_equality;
 	struct berval *cvals;
 	int		*id2 = NULL;
-	int		i, j, rc = 0;
-	unsigned flags;
+	int		rc = 0;
+	unsigned i, j, flags;
 	char		dummy = '\0';
 
 	/*

Modified: openldap/vendor/openldap-release/servers/slapd/module.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/module.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/module.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.29.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/module.c,v 1.29.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/mr.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/mr.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/mr.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* mr.c - routines to manage matching rule definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/mr.c,v 1.64.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mr.c,v 1.64.2.5 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -377,7 +377,7 @@
 
 	LDAP_SLIST_FOREACH( mr, &mr_list, smr_next ) {
 		AttributeType	*at;
-		MatchingRuleUse	mru_storage = { 0 },
+		MatchingRuleUse	mru_storage = {{ 0 }},
 				*mru = &mru_storage;
 
 		char		**applies_oids = NULL;

Modified: openldap/vendor/openldap-release/servers/slapd/mra.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/mra.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/mra.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* mra.c - routines for dealing with extensible matching rule assertions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/mra.c,v 1.45.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/mra.c,v 1.45.2.4 2009/01/22 00:01:01 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/nt_svc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/nt_svc.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/nt_svc.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/nt_svc.c,v 1.27.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/nt_svc.c,v 1.27.2.4 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/oc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/oc.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/oc.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* oc.c - object class routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/oc.c,v 1.77.2.6 2008/04/14 22:08:32 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/oc.c,v 1.77.2.10 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -92,6 +92,9 @@
 			e->e_dn == NULL ? "" : e->e_dn,
 			oc->soc_oclass.oc_oid, 0 );
 
+		/* mark flags as set */
+		e->e_ocflags |= SLAP_OC__END;
+
 		return 0;
 	}
 
@@ -227,7 +230,11 @@
 	oc->soc_cname.bv_len = ocname->bv_len;
 	oc->soc_cname.bv_val = (char *)&oc[ 1 ];
 	AC_MEMCPY( oc->soc_cname.bv_val, ocname->bv_val, ocname->bv_len );
+	oc->soc_cname.bv_val[ oc->soc_cname.bv_len ] = '\0';
 
+	/* canonical to upper case */
+	ldap_pvt_str2upper( oc->soc_cname.bv_val );
+
 	LDAP_STAILQ_NEXT( oc, soc_next ) = NULL;
 	ldap_pvt_thread_mutex_lock( &oc_undef_mutex );
 	LDAP_STAILQ_INSERT_HEAD( &oc_undef_list, oc, soc_next );

Modified: openldap/vendor/openldap-release/servers/slapd/oidm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/oidm.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/oidm.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* oidm.c - object identifier macro routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/oidm.c,v 1.21.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/oidm.c,v 1.21.2.4 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/operation.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/operation.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/operation.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* operation.c - routines to deal with pending ldap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/operation.c,v 1.75.2.8 2008/02/12 20:48:44 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/operation.c,v 1.75.2.10 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -111,6 +111,11 @@
 	}
 #endif /* defined( LDAP_SLAPI ) */
 
+	if ( !BER_BVISNULL( &op->o_csn ) ) {
+		op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
+		BER_BVZERO( &op->o_csn );
+	}
+
 	opbuf = (OperationBuffer *) op;
 	memset( opbuf, 0, sizeof(*opbuf) );
 	op->o_hdr = &opbuf->ob_hdr;

Modified: openldap/vendor/openldap-release/servers/slapd/operational.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/operational.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/operational.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 /* operational.c - routines to deal with on-the-fly operational attrs */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for overlays
-# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.41.2.5 2008/02/11 23:26:48 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/overlays/Makefile.in,v 1.41.2.8 2009/01/22 00:01:12 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2003-2008 The OpenLDAP Foundation.
+## Copyright 2003-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -18,10 +18,12 @@
 	auditlog.c \
 	constraint.c \
 	dds.c \
+	deref.c \
 	dyngroup.c \
 	dynlist.c \
 	memberof.c \
 	pcache.c \
+	collect.c \
 	ppolicy.c \
 	refint.c \
 	retcode.c \
@@ -71,6 +73,9 @@
 dds.la : dds.lo
 	$(LTLINK_MOD) -module -o $@ dds.lo version.lo $(LINK_LIBS)
 
+deref.la : deref.lo
+	$(LTLINK_MOD) -module -o $@ deref.lo version.lo $(LINK_LIBS)
+
 dyngroup.la : dyngroup.lo
 	$(LTLINK_MOD) -module -o $@ dyngroup.lo version.lo $(LINK_LIBS)
 
@@ -83,6 +88,9 @@
 pcache.la : pcache.lo
 	$(LTLINK_MOD) -module -o $@ pcache.lo version.lo $(LINK_LIBS)
 
+collect.la : collect.lo
+	$(LTLINK_MOD) -module -o $@ collect.lo version.lo $(LINK_LIBS)
+
 ppolicy.la : ppolicy.lo
 	$(LTLINK_MOD) -module -o $@ ppolicy.lo version.lo $(LINK_LIBS) $(MODULES_LIBS)
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/accesslog.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* accesslog.c - log operations for audit/history purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.37.2.17 2008/05/01 20:37:48 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/accesslog.c,v 1.37.2.22 2009/01/27 20:09:02 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *
@@ -534,17 +534,17 @@
 
 	if ( dd ) {
 		len = snprintf( ptr, size, "%d+", dd );
-		assert( len >= 0 && len < size );
+		assert( len >= 0 && (unsigned) len < size );
 		size -= len;
 		ptr += len;
 	}
 	len = snprintf( ptr, size, "%02d:%02d", hh, mm );
-	assert( len >= 0 && len < size );
+	assert( len >= 0 && (unsigned) len < size );
 	size -= len;
 	ptr += len;
 	if ( ss ) {
 		len = snprintf( ptr, size, ":%02d", ss );
-		assert( len >= 0 && len < size );
+		assert( len >= 0 && (unsigned) len < size );
 		size -= len;
 		ptr += len;
 	}
@@ -568,19 +568,22 @@
 log_old_lookup( Operation *op, SlapReply *rs )
 {
 	purge_data *pd = op->o_callback->sc_private;
+	Attribute *a;
 
 	if ( rs->sr_type != REP_SEARCH) return 0;
 
 	if ( slapd_shutdown ) return 0;
 
-	/* Remember old CSN */
-	if ( pd->csn.bv_val[0] == '\0' ) {
-		Attribute *a = attr_find( rs->sr_entry->e_attrs,
-			slap_schema.si_ad_entryCSN );
-		if ( a ) {
-			int len = a->a_vals[0].bv_len;
-			if ( len > pd->csn.bv_len )
-				len = pd->csn.bv_len;
+	/* Remember max CSN: should always be the last entry
+	 * seen, since log entries are ordered chronologically...
+	 */
+	a = attr_find( rs->sr_entry->e_attrs,
+		slap_schema.si_ad_entryCSN );
+	if ( a ) {
+		ber_len_t len = a->a_vals[0].bv_len;
+		if ( len > pd->csn.bv_len )
+			len = pd->csn.bv_len;
+		if ( memcmp( a->a_vals[0].bv_val, pd->csn.bv_val, len ) > 0 ) {
 			AC_MEMCPY( pd->csn.bv_val, a->a_vals[0].bv_val, len );
 			pd->csn.bv_len = len;
 		}
@@ -656,6 +659,7 @@
 	if ( pd.used ) {
 		int i;
 
+		/* delete the expired entries */
 		op->o_tag = LDAP_REQ_DELETE;
 		op->o_callback = &nullsc;
 		op->o_csn = pd.csn;
@@ -670,6 +674,33 @@
 		}
 		ch_free( pd.ndn );
 		ch_free( pd.dn );
+
+		{
+			Modifications mod;
+			struct berval bv[2];
+			/* update context's entryCSN to reflect oldest CSN */
+			mod.sml_numvals = 1;
+			mod.sml_values = bv;
+			bv[0] = pd.csn;
+			BER_BVZERO(&bv[1]);
+			mod.sml_nvalues = NULL;
+			mod.sml_desc = slap_schema.si_ad_entryCSN;
+			mod.sml_op = LDAP_MOD_REPLACE;
+			mod.sml_flags = SLAP_MOD_INTERNAL;
+			mod.sml_next = NULL;
+
+			op->o_tag = LDAP_REQ_MODIFY;
+			op->orm_modlist = &mod;
+			op->orm_no_opattrs = 1;
+			op->o_req_dn = li->li_db->be_suffix[0];
+			op->o_req_ndn = li->li_db->be_nsuffix[0];
+			op->o_no_schema_check = 1;
+			op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+			op->o_bd->be_modify( op, &rs );
+			if ( mod.sml_next ) {
+				slap_mods_free( mod.sml_next, 1 );
+			}
+		}
 	}
 
 	ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
@@ -902,7 +933,7 @@
 	struct berval	*valp )
 {
 	struct berval	val, bv;
-	int		i;
+	ber_len_t		i;
 	int		rc = LDAP_SUCCESS;
 
 	assert( valp != NULL );
@@ -1124,7 +1155,7 @@
 		}
 		
 		if ( !BER_BVISNULL( &ctrls[ i ]->ldctl_value ) ) {
-			int	j;
+			ber_len_t	j;
 
 			ptr = lutil_strcopy( ptr, " controlValue \"" );
 			for ( j = 0; j < ctrls[ i ]->ldctl_value.bv_len; j++ )
@@ -1369,7 +1400,7 @@
 		attr_merge_one( e, ad_reqMessage, &bv, NULL );
 	}
 	bv.bv_len = snprintf( timebuf, sizeof( timebuf ), "%d", rs->sr_err );
-	if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+	if ( bv.bv_len < sizeof( timebuf ) ) {
 		bv.bv_val = timebuf;
 		attr_merge_one( e, ad_reqResult, &bv, NULL );
 	}
@@ -1586,17 +1617,17 @@
 		}
 		bv.bv_val = timebuf;
 		bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", rs->sr_nentries );
-		if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+		if ( bv.bv_len < sizeof( timebuf ) ) {
 			attr_merge_one( e, ad_reqEntries, &bv, NULL );
 		} /* else? */
 
 		bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", op->ors_tlimit );
-		if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+		if ( bv.bv_len < sizeof( timebuf ) ) {
 			attr_merge_one( e, ad_reqTimeLimit, &bv, NULL );
 		} /* else? */
 
 		bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", op->ors_slimit );
-		if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+		if ( bv.bv_len < sizeof( timebuf ) ) {
 			attr_merge_one( e, ad_reqSizeLimit, &bv, NULL );
 		} /* else? */
 		break;
@@ -1604,7 +1635,7 @@
 	case LOG_EN_BIND:
 		bv.bv_val = timebuf;
 		bv.bv_len = snprintf( bv.bv_val, sizeof( timebuf ), "%d", op->o_protocol );
-		if ( bv.bv_len >= 0 && bv.bv_len < sizeof( timebuf ) ) {
+		if ( bv.bv_len < sizeof( timebuf ) ) {
 			attr_merge_one( e, ad_reqVersion, &bv, NULL );
 		} /* else? */
 		if ( op->orb_method == LDAP_AUTH_SIMPLE ) {
@@ -1739,7 +1770,7 @@
 			int rc;
 			Entry *e;
 
-			op->o_bd->bd_info = on->on_info->oi_orig;
+			op->o_bd->bd_info = (BackendInfo *)on->on_info;
 			rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
 			if ( e ) {
 				if ( test_filter( op, e, li->li_oldf ) == LDAP_COMPARE_TRUE )
@@ -1807,7 +1838,7 @@
 	e = accesslog_entry( op, rs, LOG_EN_ABANDON, &op2 );
 	bv.bv_val = buf;
 	bv.bv_len = snprintf( buf, sizeof( buf ), "%d", op->orn_msgid );
-	if ( bv.bv_len >= 0 && bv.bv_len < sizeof( buf ) ) {
+	if ( bv.bv_len < sizeof( buf ) ) {
 		attr_merge_one( e, ad_reqId, &bv, NULL );
 	} /* else? */
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/auditlog.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* auditlog.c - log modifications for audit/history purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/auditlog.c,v 1.7.2.7 2008/04/14 21:18:48 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/auditlog.c,v 1.7.2.8 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions copyright 2004-2005 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/collect.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/collect.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/collect.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* collect.c - Demonstration of overlay code */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.5.2.4 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/collect.c,v 1.5.2.8 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 Howard Chu.
  * All rights reserved.
  *
@@ -31,6 +31,8 @@
 #include "slap.h"
 #include "config.h"
 
+#include "lutil.h"
+
 /* This is a cheap hack to implement a collective attribute.
  *
  * This demonstration overlay looks for a specified attribute in an
@@ -43,14 +45,58 @@
 typedef struct collect_info {
 	struct collect_info *ci_next;
 	struct berval ci_dn;
-	AttributeDescription *ci_ad;
+	int ci_ad_num;
+	AttributeDescription *ci_ad[1];
 } collect_info;
 
+/*
+ * inserts a collect_info into on->on_bi.bi_private taking into account
+ * order. this means longer dn's (i.e. more specific dn's) will be found
+ * first when searching, allowing some limited overlap of dn's
+ */
+static void
+insert_ordered( slap_overinst *on, collect_info *ci ) {
+	collect_info *find = on->on_bi.bi_private;
+	collect_info *prev = NULL;
+	int found = 0;
+
+	while (!found) {
+		if (find == NULL) {
+			if (prev == NULL) {
+				/* base case - empty list */
+				on->on_bi.bi_private = ci;
+				ci->ci_next = NULL;
+			} else {
+				/* final case - end of list */
+				prev->ci_next = ci;
+				ci->ci_next = NULL;
+			}
+			found = 1;
+		} else if (find->ci_dn.bv_len <= ci->ci_dn.bv_len) { 
+			/* insert into list here */
+			if (prev == NULL) {
+				/* entry is head of list */
+				ci->ci_next = on->on_bi.bi_private;
+				on->on_bi.bi_private = ci;
+			} else {
+				/* entry is not head of list */
+				prev->ci_next = ci;
+				ci->ci_next = find;
+			}
+			found = 1;
+		} else {
+			/* keep looking */
+			prev = find;
+			find = find->ci_next;
+		}
+	}
+}
+
 static int
 collect_cf( ConfigArgs *c )
 {
 	slap_overinst *on = (slap_overinst *)c->bi;
-	int rc = 1;
+	int rc = 1, idx;
 
 	switch( c->op ) {
 	case SLAP_CONFIG_EMIT:
@@ -58,14 +104,34 @@
 		collect_info *ci;
 		for ( ci = on->on_bi.bi_private; ci; ci = ci->ci_next ) {
 			struct berval bv;
+			char *ptr;
 			int len;
 
-			bv.bv_len = ci->ci_dn.bv_len + STRLENOF("\"\" ") +
-				ci->ci_ad->ad_cname.bv_len;
+			/* calculate the length & malloc memory */
+			bv.bv_len = ci->ci_dn.bv_len + STRLENOF("\"\" ");
+			for (idx=0; idx<ci->ci_ad_num; idx++) {
+				bv.bv_len += ci->ci_ad[idx]->ad_cname.bv_len;
+				if (idx<(ci->ci_ad_num-1)) { 
+					bv.bv_len++;
+				}
+			}
 			bv.bv_val = ch_malloc( bv.bv_len + 1 );
-			len = snprintf( bv.bv_val, bv.bv_len + 1, "\"%s\" %s",
-				ci->ci_dn.bv_val, ci->ci_ad->ad_cname.bv_val );
-			assert( len == bv.bv_len );
+
+			/* copy the value and update len */
+			len = snprintf( bv.bv_val, bv.bv_len + 1, "\"%s\" ", 
+				ci->ci_dn.bv_val);
+			ptr = bv.bv_val + len;
+			for (idx=0; idx<ci->ci_ad_num; idx++) {
+				ptr = lutil_strncopy( ptr,
+					ci->ci_ad[idx]->ad_cname.bv_val,
+					ci->ci_ad[idx]->ad_cname.bv_len);
+				if (idx<(ci->ci_ad_num-1)) {
+					*ptr++ = ',';
+				}
+			}
+			*ptr = '\0';
+			bv.bv_len = ptr - bv.bv_val;
+
 			ber_bvarray_add( &c->rvalue_vals, &bv );
 			rc = 0;
 		}
@@ -98,8 +164,21 @@
 		collect_info *ci;
 		struct berval bv, dn;
 		const char *text;
-		AttributeDescription *ad = NULL;
+		int idx, count=0;
+		char *arg;
 
+		/* count delimiters in attribute argument */
+		arg = strtok(c->argv[2], ",");
+		while (arg!=NULL) {
+			count++;
+			arg = strtok(NULL, ",");
+		}
+
+		/* allocate config info with room for attribute array */
+		ci = ch_malloc( sizeof( collect_info ) +
+			sizeof( AttributeDescription * ) * count );
+
+		/* validate and normalize dn */
 		ber_str2bv( c->argv[1], 0, 0, &bv );
 		if ( dnNormalize( 0, NULL, NULL, &bv, &dn, NULL ) ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s invalid DN: \"%s\"",
@@ -108,22 +187,38 @@
 				"%s: %s\n", c->log, c->cr_msg, 0 );
 			return ARG_BAD_CONF;
 		}
-		if ( slap_str2ad( c->argv[2], &ad, &text ) ) {
-			snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s attribute description unknown: \"%s\"",
-				c->argv[0], c->argv[2] );
-			Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-				"%s: %s\n", c->log, c->cr_msg, 0 );
-			return ARG_BAD_CONF;
+
+		/* load attribute description for attribute list */
+		arg = c->argv[2];
+		for( idx=0; idx<count; idx++) {
+			ci->ci_ad[idx] = NULL;
+
+			if ( slap_str2ad( arg, &ci->ci_ad[idx], &text ) ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), 
+					"%s attribute description unknown: \"%s\"",
+					c->argv[0], arg);
+				Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+					"%s: %s\n", c->log, c->cr_msg, 0 );
+				return ARG_BAD_CONF;
+			}
+			while(*arg!='\0') {
+				arg++; /* skip to end of argument */
+			}
+			if (idx<count-1) {
+				arg++; /* skip inner delimiters */
+			}
 		}
 
 		/* The on->on_bi.bi_private pointer can be used for
 		 * anything this instance of the overlay needs.
 		 */
-		ci = ch_malloc( sizeof( collect_info ));
-		ci->ci_ad = ad;
+		ci->ci_ad[count] = NULL;
+		ci->ci_ad_num = count;
 		ci->ci_dn = dn;
-		ci->ci_next = on->on_bi.bi_private;
-		on->on_bi.bi_private = ci;
+
+		/* creates list of ci's ordered by dn length */ 
+		insert_ordered ( on, ci );
+
 		rc = 0;
 		}
 	}
@@ -167,6 +262,48 @@
 }
 
 static int
+collect_modify( Operation *op, SlapReply *rs)
+{
+	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+	collect_info *ci = on->on_bi.bi_private;
+	Modifications *ml;
+	char errMsg[100];
+	int idx;
+
+	for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next) {
+		for (; ci; ci=ci->ci_next ) {
+			/* Is this entry an ancestor of this collectinfo ? */
+			if (!dnIsSuffix(&op->o_req_ndn, &ci->ci_dn)) {
+				/* this collectinfo does not match */
+				continue;
+			}
+
+			/* Is this entry the same as the template DN ? */
+			if ( dn_match(&op->o_req_ndn, &ci->ci_dn)) {
+				/* all changes in this ci are allowed */
+				continue;
+			}
+
+			/* check for collect attributes - disallow modify if present */
+			for(idx=0; idx<ci->ci_ad_num; idx++) {
+				if (ml->sml_desc == ci->ci_ad[idx]) {
+					rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+					snprintf( errMsg, sizeof( errMsg ), 
+						"cannot change virtual attribute '%s'",
+						ci->ci_ad[idx]->ad_cname.bv_val);
+					rs->sr_text = errMsg;
+					send_ldap_result( op, rs );
+					return rs->sr_err;
+				}
+			}
+		}
+
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
 collect_response( Operation *op, SlapReply *rs )
 {
 	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
@@ -181,35 +318,51 @@
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
 
 		for (; ci; ci=ci->ci_next ) {
-			BerVarray vals = NULL;
+			int idx=0;
 
-			/* Is our configured entry an ancestor of this one? */
-			if ( !dnIsSuffix( &rs->sr_entry->e_nname, &ci->ci_dn ))
+			/* Is this entry an ancestor of this collectinfo ? */
+			if (!dnIsSuffix(&rs->sr_entry->e_nname, &ci->ci_dn)) {
+				/* collectinfo does not match */
 				continue;
+			}
 
-			/* Extract the values of the desired attribute from
-			 * the ancestor entry
-			 */
-			rc = backend_attribute( op, NULL, &ci->ci_dn, ci->ci_ad, &vals, ACL_READ );
+			/* Is this entry the same as the template DN ? */
+			if ( dn_match(&rs->sr_entry->e_nname, &ci->ci_dn)) {
+				/* dont apply change to parent */
+				continue;
+			}
 
-			/* If there are any values, merge them into the
-			 * current entry
-			 */
-			if ( vals ) {
-				/* The current entry may live in a cache, so
-				 * don't modify it directly. Make a copy and
-				 * work with that instead.
-				 */
-				if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE )) {
-					rs->sr_entry = entry_dup( rs->sr_entry );
-					rs->sr_flags |= REP_ENTRY_MODIFIABLE |
-						REP_ENTRY_MUSTBEFREED;
+			/* The current entry may live in a cache, so
+			* don't modify it directly. Make a copy and
+			* work with that instead.
+			*/
+			if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE )) {
+				rs->sr_entry = entry_dup( rs->sr_entry );
+				rs->sr_flags |= REP_ENTRY_MODIFIABLE |
+					REP_ENTRY_MUSTBEFREED;
+			}
+
+			/* Loop for each attribute in this collectinfo */
+			for(idx=0; idx<ci->ci_ad_num; idx++) {
+				BerVarray vals = NULL;
+
+				/* Extract the values of the desired attribute from
+			 	 * the ancestor entry */
+				rc = backend_attribute( op, NULL, &ci->ci_dn, 
+					ci->ci_ad[idx], &vals, ACL_READ );
+
+				/* If there are any values, merge them into the
+			 	 * current search result
+			 	 */
+				if ( vals ) {
+					attr_merge( rs->sr_entry, ci->ci_ad[idx], 
+						vals, NULL );
+					ber_bvarray_free_x( vals, op->o_tmpmemctx );
 				}
-				attr_merge( rs->sr_entry, ci->ci_ad, vals, NULL );
-				ber_bvarray_free_x( vals, op->o_tmpmemctx );
 			}
 		}
 	}
+
 	/* Default is to just fall through to the normal processing */
 	return SLAP_CB_CONTINUE;
 }
@@ -221,6 +374,7 @@
 
 	collect.on_bi.bi_type = "collect";
 	collect.on_bi.bi_db_destroy = collect_destroy;
+	collect.on_bi.bi_op_modify = collect_modify;
 	collect.on_response = collect_response;
 
 	collect.on_bi.bi_cf_ocs = collectocs;

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/constraint.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/constraint.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/constraint.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,4 +1,4 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/constraint.c,v 1.2.2.8 2008/05/27 19:59:47 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/constraint.c,v 1.2.2.17 2008/11/10 18:24:27 quanah Exp $ */
 /* constraint.c - Overlay to constrain attributes to certain values */
 /* 
  * Copyright 2003-2004 Hewlett-Packard Company
@@ -41,6 +41,7 @@
 
 #define REGEX_STR "regex"
 #define URI_STR "uri"
+#define SET_STR "set"
 #define SIZE_STR "size"
 #define COUNT_STR "count"
 
@@ -54,9 +55,16 @@
 
 typedef struct constraint {
 	struct constraint *ap_next;
-	AttributeDescription *ap;
+	AttributeDescription **ap;
+
+	LDAPURLDesc *restrict_lud;
+	struct berval restrict_ndn;
+	Filter *restrict_filter;
+	struct berval restrict_val;
+
 	regex_t *re;
 	LDAPURLDesc *lud;
+	int set;
 	size_t size;
 	size_t count;
 	AttributeDescription **attrs;
@@ -72,10 +80,10 @@
 static ConfigDriver constraint_cf_gen;
 
 static ConfigTable constraintcfg[] = {
-	{ "constraint_attribute", "attribute> (regex|uri) <value",
-	  4, 4, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen,
+	{ "constraint_attribute", "attribute[list]> (regex|uri|set|size|count) <value> [<restrict URI>]",
+	  4, 0, 0, ARG_MAGIC | CONSTRAINT_ATTRIBUTE, constraint_cf_gen,
 	  "( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' "
-	  "DESC 'regular expression constraint for attribute' "
+	  "DESC 'constraint for list of attributes' "
 	  "EQUALITY caseIgnoreMatch "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
@@ -92,8 +100,16 @@
 };
 
 static void
-constraint_free( constraint *cp )
+constraint_free( constraint *cp, int freeme )
 {
+	if (cp->restrict_lud)
+		ldap_free_urldesc(cp->restrict_lud);
+	if (!BER_BVISNULL(&cp->restrict_ndn))
+		ch_free(cp->restrict_ndn.bv_val);
+	if (cp->restrict_filter != NULL && cp->restrict_filter != slap_filter_objectClass_pres)
+		filter_free(cp->restrict_filter);
+	if (!BER_BVISNULL(&cp->restrict_val))
+		ch_free(cp->restrict_val.bv_val);
 	if (cp->re) {
 		regfree(cp->re);
 		ch_free(cp->re);
@@ -104,7 +120,10 @@
 		ldap_free_urldesc(cp->lud);
 	if (cp->attrs)
 		ch_free(cp->attrs);
-	ch_free(cp);
+	if (cp->ap)
+		ch_free(cp->ap);
+	if (freeme)
+		ch_free(cp);
 }
 
 static int
@@ -114,7 +133,7 @@
 	constraint *cn = on->on_bi.bi_private, *cp;
 	struct berval bv;
 	int i, rc = 0;
-	constraint ap = { NULL, NULL, NULL	}, *a2 = NULL;
+	constraint ap = { NULL };
 	const char *text = NULL;
 	
 	switch ( c->op ) {
@@ -122,36 +141,65 @@
 		switch (c->type) {
 		case CONSTRAINT_ATTRIBUTE:
 			for (cp=cn; cp; cp=cp->ap_next) {
-				int len;
 				char *s;
 				char *tstr = NULL;
+				int quotes = 0;
+				int j;
 
-				len = cp->ap->ad_cname.bv_len + 3;
+				bv.bv_len = STRLENOF("  ");
+				for (j = 0; cp->ap[j]; j++) {
+					bv.bv_len += cp->ap[j]->ad_cname.bv_len;
+				}
+
+				/* room for commas */
+				bv.bv_len += j - 1;
+
 				if (cp->re) {
-					len += STRLENOF(REGEX_STR);
 					tstr = REGEX_STR;
 				} else if (cp->lud) {
-					len += STRLENOF(URI_STR);
 					tstr = URI_STR;
+					quotes = 1;
+				} else if (cp->set) {
+					tstr = SET_STR;
+					quotes = 1;
 				} else if (cp->size) {
-					len += STRLENOF(SIZE_STR);
 					tstr = SIZE_STR;
 				} else if (cp->count) {
-					len += STRLENOF(COUNT_STR);
 					tstr = COUNT_STR;
 				}
-				len += cp->val.bv_len;
 
-				s = ch_malloc(len);
+				bv.bv_len += strlen(tstr);
+				bv.bv_len += cp->val.bv_len + 2*quotes;
 
-				bv.bv_len = snprintf(s, len, "%s %s %s", cp->ap->ad_cname.bv_val,
-						 tstr, cp->val.bv_val);
-				bv.bv_val = s;
+				if (cp->restrict_lud != NULL) {
+					bv.bv_len += cp->restrict_val.bv_len + STRLENOF(" restrict=\"\"");
+				}
+
+				s = bv.bv_val = ch_malloc(bv.bv_len + 1);
+
+				s = lutil_strncopy( s, cp->ap[0]->ad_cname.bv_val, cp->ap[0]->ad_cname.bv_len );
+				for (j = 1; cp->ap[j]; j++) {
+					*s++ = ',';
+					s = lutil_strncopy( s, cp->ap[j]->ad_cname.bv_val, cp->ap[j]->ad_cname.bv_len );
+				}
+				*s++ = ' ';
+				s = lutil_strcopy( s, tstr );
+				*s++ = ' ';
+				if ( quotes ) *s++ = '"';
+				s = lutil_strncopy( s, cp->val.bv_val, cp->val.bv_len );
+				if ( quotes ) *s++ = '"';
+				if (cp->restrict_lud != NULL) {
+					s = lutil_strcopy( s, " restrict=\"" );
+					s = lutil_strncopy( s, cp->restrict_val.bv_val, cp->restrict_val.bv_len );
+					*s++ = '"';
+				}
+				*s = '\0';
+
 				rc = value_add_one( &c->rvalue_vals, &bv );
+				if (rc == LDAP_SUCCESS)
+					rc = value_add_one( &c->rvalue_nvals, &bv );
+				ch_free(bv.bv_val);
 				if (rc) return rc;
-				rc = value_add_one( &c->rvalue_nvals, &bv );
-				if (rc) return rc;
-				ch_free(s);
 			}
 			break;
 		default:
@@ -168,7 +216,7 @@
 				/* zap all constraints */
 				while (cn) {
 					cp = cn->ap_next;
-					constraint_free( cn );
+					constraint_free( cn, 1 );
 					cn = cp;
 				}
 						
@@ -184,7 +232,7 @@
 				if (cp) {
 					/* zap cp, and join cpp to cp->ap_next */
 					*cpp = cp->ap_next;
-					constraint_free( cp );
+					constraint_free( cp, 1 );
 				}
 				on->on_bi.bi_private = cn;
 			}
@@ -198,13 +246,20 @@
 	case SLAP_CONFIG_ADD:
 	case LDAP_MOD_ADD:
 		switch (c->type) {
-		case CONSTRAINT_ATTRIBUTE:
-			if ( slap_str2ad( c->argv[1], &ap.ap, &text ) ) {
-				snprintf( c->cr_msg, sizeof( c->cr_msg ),
-					"%s <%s>: %s\n", c->argv[0], c->argv[1], text );
-				Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-					   "%s: %s\n", c->log, c->cr_msg, 0 );
-				return( ARG_BAD_CONF );
+		case CONSTRAINT_ATTRIBUTE: {
+			int j;
+			char **attrs = ldap_str2charray( c->argv[1], "," );
+
+			for ( j = 0; attrs[j]; j++)
+				/* just count */ ;
+			ap.ap = ch_calloc( sizeof(AttributeDescription*), j + 1 );
+			for ( j = 0; attrs[j]; j++) {
+				if ( slap_str2ad( attrs[j], &ap.ap[j], &text ) ) {
+					snprintf( c->cr_msg, sizeof( c->cr_msg ),
+						"%s <%s>: %s\n", c->argv[0], attrs[j], text );
+					rc = ARG_BAD_CONF;
+					goto done;
+				}
 			}
 
 			if ( strcasecmp( c->argv[2], REGEX_STR ) == 0) {
@@ -218,12 +273,11 @@
 					regerror( err, ap.re, errmsg, sizeof(errmsg) );
 					ch_free(ap.re);
 					snprintf( c->cr_msg, sizeof( c->cr_msg ),
-					   "%s %s: Illegal regular expression \"%s\": Error %s",
-					   c->argv[0], c->argv[1], c->argv[3], errmsg);
-					Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-						"%s: %s\n", c->log, c->cr_msg, 0 );
+						"%s %s: Illegal regular expression \"%s\": Error %s",
+						c->argv[0], c->argv[1], c->argv[3], errmsg);
 					ap.re = NULL;
-					return( ARG_BAD_CONF );
+					rc = ARG_BAD_CONF;
+					goto done;
 				}
 				ber_str2bv( c->argv[3], 0, 1, &ap.val );
 			} else if ( strcasecmp( c->argv[2], SIZE_STR ) == 0 ) {
@@ -244,21 +298,17 @@
 					snprintf( c->cr_msg, sizeof( c->cr_msg ),
 						"%s %s: Invalid URI \"%s\"",
 						c->argv[0], c->argv[1], c->argv[3]);
-					Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-						"%s: %s\n", c->log, c->cr_msg, 0 );
-					return( ARG_BAD_CONF );
+					rc = ARG_BAD_CONF;
+					goto done;
 				}
 
 				if (ap.lud->lud_host != NULL) {
 					snprintf( c->cr_msg, sizeof( c->cr_msg ),
 						"%s %s: unsupported hostname in URI \"%s\"",
 						c->argv[0], c->argv[1], c->argv[3]);
-					Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-						"%s: %s\n", c->log, c->cr_msg, 0 );
-
 					ldap_free_urldesc(ap.lud);
-
-					return( ARG_BAD_CONF );
+					rc = ARG_BAD_CONF;
+					goto done;
 				}
 
 				for ( i=0; ap.lud->lud_attrs[i]; i++);
@@ -271,45 +321,199 @@
 							ch_free( ap.attrs );
 							snprintf( c->cr_msg, sizeof( c->cr_msg ),
 								"%s <%s>: %s\n", c->argv[0], ap.lud->lud_attrs[i], text );
-							Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-								   "%s: %s\n", c->log, c->cr_msg, 0 );
-							return( ARG_BAD_CONF );
+							rc = ARG_BAD_CONF;
+							goto done;
 						}
 					}
 					ap.attrs[i] = NULL;
 				}
 
-				if (ap.lud->lud_dn == NULL)
+				if (ap.lud->lud_dn == NULL) {
 					ap.lud->lud_dn = ch_strdup("");
+				} else {
+					struct berval dn, ndn;
 
-				if (ap.lud->lud_filter == NULL)
+					ber_str2bv( ap.lud->lud_dn, 0, 0, &dn );
+					if (dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL ) ) {
+						/* cleanup */
+						snprintf( c->cr_msg, sizeof( c->cr_msg ),
+							"%s %s: URI %s DN normalization failed",
+							c->argv[0], c->argv[1], c->argv[3] );
+						Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+							   "%s: %s\n", c->log, c->cr_msg, 0 );
+						rc = ARG_BAD_CONF;
+						goto done;
+					}
+					ldap_memfree( ap.lud->lud_dn );
+					ap.lud->lud_dn = ndn.bv_val;
+				}
+
+				if (ap.lud->lud_filter == NULL) {
 					ap.lud->lud_filter = ch_strdup("objectClass=*");
+				} else if ( ap.lud->lud_filter[0] == '(' ) {
+					ber_len_t len = strlen( ap.lud->lud_filter );
+					if ( ap.lud->lud_filter[len - 1] != ')' ) {
+						snprintf( c->cr_msg, sizeof( c->cr_msg ),
+							"%s %s: invalid URI filter: %s",
+							c->argv[0], c->argv[1], ap.lud->lud_filter );
+						rc = ARG_BAD_CONF;
+						goto done;
+					}
+					AC_MEMCPY( &ap.lud->lud_filter[0], &ap.lud->lud_filter[1], len - 2 );
+					ap.lud->lud_filter[len - 2] = '\0';
+				}
 
 				ber_str2bv( c->argv[3], 0, 1, &ap.val );
+
+			} else if ( strcasecmp( c->argv[2], SET_STR ) == 0 ) {
+				ap.set = 1;
+				ber_str2bv( c->argv[3], 0, 1, &ap.val );
+
 			} else {
 				snprintf( c->cr_msg, sizeof( c->cr_msg ),
-				   "%s %s: Unknown constraint type: %s",
-				   c->argv[0], c->argv[1], c->argv[2] );
+					"%s %s: Unknown constraint type: %s",
+					c->argv[0], c->argv[1], c->argv[2] );
+				rc = ARG_BAD_CONF;
+				goto done;
+			}
+
+			if ( c->argc > 4 ) {
+				int argidx;
+
+				for ( argidx = 4; argidx < c->argc; argidx++ ) {
+					if ( strncasecmp( c->argv[argidx], "restrict=", STRLENOF("restrict=") ) == 0 ) {
+						int err;
+						char *arg = c->argv[argidx] + STRLENOF("restrict=");
+
+						err = ldap_url_parse(arg, &ap.restrict_lud);
+						if ( err != LDAP_URL_SUCCESS ) {
+							snprintf( c->cr_msg, sizeof( c->cr_msg ),
+								"%s %s: Invalid restrict URI \"%s\"",
+								c->argv[0], c->argv[1], arg);
+							rc = ARG_BAD_CONF;
+							goto done;
+						}
+
+						if (ap.restrict_lud->lud_host != NULL) {
+							snprintf( c->cr_msg, sizeof( c->cr_msg ),
+								"%s %s: unsupported hostname in restrict URI \"%s\"",
+								c->argv[0], c->argv[1], arg);
+							rc = ARG_BAD_CONF;
+							goto done;
+						}
+
+						if ( ap.restrict_lud->lud_attrs != NULL ) {
+							if ( ap.restrict_lud->lud_attrs[0] != '\0' ) {
+								snprintf( c->cr_msg, sizeof( c->cr_msg ),
+									"%s %s: attrs not allowed in restrict URI %s\n",
+									c->argv[0], c->argv[1], arg);
+								rc = ARG_BAD_CONF;
+								goto done;
+							}
+							ldap_memvfree((void *)ap.restrict_lud->lud_attrs);
+							ap.restrict_lud->lud_attrs = NULL;
+						}
+
+						if (ap.restrict_lud->lud_dn != NULL) {
+							if (ap.restrict_lud->lud_dn[0] == '\0') {
+								ldap_memfree(ap.restrict_lud->lud_dn);
+								ap.restrict_lud->lud_dn = NULL;
+
+							} else {
+								struct berval dn, ndn;
+								int j;
+
+								ber_str2bv(ap.restrict_lud->lud_dn, 0, 0, &dn);
+								if (dnNormalize(0, NULL, NULL, &dn, &ndn, NULL)) {
+									/* cleanup */
+									snprintf( c->cr_msg, sizeof( c->cr_msg ),
+										"%s %s: restrict URI %s DN normalization failed",
+										c->argv[0], c->argv[1], arg );
+									rc = ARG_BAD_CONF;
+									goto done;
+								}
+
+								assert(c->be != NULL);
+								if (c->be->be_nsuffix == NULL) {
+									snprintf( c->cr_msg, sizeof( c->cr_msg ),
+										"%s %s: restrict URI requires suffix",
+										c->argv[0], c->argv[1] );
+									rc = ARG_BAD_CONF;
+									goto done;
+								}
+
+								for ( j = 0; !BER_BVISNULL(&c->be->be_nsuffix[j]); j++) {
+									if (dnIsSuffix(&ndn, &c->be->be_nsuffix[j])) break;
+								}
+
+								if (BER_BVISNULL(&c->be->be_nsuffix[j])) {
+									/* error */
+									snprintf( c->cr_msg, sizeof( c->cr_msg ),
+										"%s %s: restrict URI DN %s not within database naming context(s)",
+										c->argv[0], c->argv[1], dn.bv_val );
+									rc = ARG_BAD_CONF;
+									goto done;
+								}
+
+								ap.restrict_ndn = ndn;
+							}
+						}
+
+						if (ap.restrict_lud->lud_filter != NULL) {
+							ap.restrict_filter = str2filter(ap.restrict_lud->lud_filter);
+							if (ap.restrict_filter == NULL) {
+								/* error */
+								snprintf( c->cr_msg, sizeof( c->cr_msg ),
+									"%s %s: restrict URI filter %s invalid",
+									c->argv[0], c->argv[1], ap.restrict_lud->lud_filter );
+								rc = ARG_BAD_CONF;
+								goto done;
+							}
+						}
+
+						ber_str2bv(c->argv[argidx], 0, 1, &ap.restrict_val);
+
+					} else {
+						/* cleanup */
+						snprintf( c->cr_msg, sizeof( c->cr_msg ),
+							"%s %s: unrecognized arg #%d (%s)",
+							c->argv[0], c->argv[1], argidx, c->argv[argidx] );
+						rc = ARG_BAD_CONF;
+						goto done;
+					}
+				}
+			}
+
+done:;
+			if ( rc == LDAP_SUCCESS ) {
+				constraint *a2 = ch_calloc( sizeof(constraint), 1 );
+				a2->ap_next = on->on_bi.bi_private;
+				a2->ap = ap.ap;
+				a2->re = ap.re;
+				a2->val = ap.val;
+				a2->lud = ap.lud;
+				a2->set = ap.set;
+				a2->size = ap.size;
+				a2->count = ap.count;
+				if ( a2->lud ) {
+					ber_str2bv(a2->lud->lud_dn, 0, 0, &a2->dn);
+					ber_str2bv(a2->lud->lud_filter, 0, 0, &a2->filter);
+				}
+				a2->attrs = ap.attrs;
+				a2->restrict_lud = ap.restrict_lud;
+				a2->restrict_ndn = ap.restrict_ndn;
+				a2->restrict_filter = ap.restrict_filter;
+				a2->restrict_val = ap.restrict_val;
+				on->on_bi.bi_private = a2;
+
+			} else {
 				Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
-				   "%s: %s\n", c->log, c->cr_msg, 0 );
-				return ( ARG_BAD_CONF );
+					   "%s: %s\n", c->log, c->cr_msg, 0 );
+				constraint_free( &ap, 0 );
 			}
 
-			a2 = ch_calloc( sizeof(constraint), 1 );
-			a2->ap_next = on->on_bi.bi_private;
-			a2->ap = ap.ap;
-			a2->re = ap.re;
-			a2->val = ap.val;
-			a2->lud = ap.lud;
-			a2->size = ap.size;
-			a2->count = ap.count;
-			if ( a2->lud ) {
-				ber_str2bv(a2->lud->lud_dn, 0, 0, &a2->dn);
-				ber_str2bv(a2->lud->lud_filter, 0, 0, &a2->filter);
-			}
-			a2->attrs = ap.attrs;
-			on->on_bi.bi_private = a2;
-			break;
+			ldap_memvfree((void**)attrs);
+			} break;
 		default:
 			abort();
 			break;
@@ -339,14 +543,14 @@
 static int
 constraint_violation( constraint *c, struct berval *bv, Operation *op, SlapReply *rs)
 {
-	if ((!c) || (!bv)) return 0;
+	if ((!c) || (!bv)) return LDAP_SUCCESS;
 	
 	if ((c->re) &&
 		(regexec(c->re, bv->bv_val, 0, NULL, 0) == REG_NOMATCH))
-		return 1; /* regular expression violation */
+		return LDAP_CONSTRAINT_VIOLATION; /* regular expression violation */
 
 	if ((c->size) && (bv->bv_len > c->size))
-		return 1; /* size violation */
+		return LDAP_CONSTRAINT_VIOLATION; /* size violation */
 
 	if (c->lud) {
 		Operation nop = *op;
@@ -380,9 +584,12 @@
 			nop.o_req_dn = dn;
 			nop.o_req_ndn = dn;
 			nop.o_bd = select_backend(&nop.o_req_ndn, 1 );
-			if (!nop.o_bd || !nop.o_bd->be_search) {
-				return 1; /* unexpected error */
+			if (!nop.o_bd) {
+				return LDAP_NO_SUCH_OBJECT; /* unexpected error */
 			}
+			if (!nop.o_bd->be_search) {
+				return LDAP_OTHER; /* unexpected error */
+			}
 		} else {
 			nop.o_req_dn = nop.o_bd->be_nsuffix[0];
 			nop.o_req_ndn = nop.o_bd->be_nsuffix[0];
@@ -427,33 +634,39 @@
 		}
 		*ptr++ = ')';
 		*ptr++ = ')';
+		*ptr++ = '\0';
 
-		Debug(LDAP_DEBUG_TRACE, 
-			"==> constraint_violation uri filter = %s\n",
-			filterstr.bv_val, 0, 0);
-
 		nop.ors_filterstr = filterstr;
 		nop.ors_filter = str2filter_x(&nop, filterstr.bv_val);
+		if ( nop.ors_filter == NULL ) {
+			Debug( LDAP_DEBUG_ANY,
+				"%s constraint_violation uri filter=\"%s\" invalid\n",
+				op->o_log_prefix, filterstr.bv_val, 0 );
+			rc = LDAP_OTHER;
 
-		rc = nop.o_bd->be_search( &nop, &nrs );
+		} else {
+			Debug(LDAP_DEBUG_TRACE, 
+				"==> constraint_violation uri filter = %s\n",
+				filterstr.bv_val, 0, 0);
+
+			rc = nop.o_bd->be_search( &nop, &nrs );
 		
+			Debug(LDAP_DEBUG_TRACE, 
+				"==> constraint_violation uri rc = %d, found = %d\n",
+				rc, found, 0);
+		}
 		op->o_tmpfree(filterstr.bv_val, op->o_tmpmemctx);
-		Debug(LDAP_DEBUG_TRACE, 
-			"==> constraint_violation uri rc = %d, found = %d\n",
-			rc, found, 0);
 
-		if((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) {
-			send_ldap_error(op, rs, rc, 
-				"constraint_violation uri search failed");
-			return 1; /* unexpected error */
+		if ((rc != LDAP_SUCCESS) && (rc != LDAP_NO_SUCH_OBJECT)) {
+			return rc; /* unexpected error */
 		}
 
 		if (!found)
-			return 1; /* constraint violation */
+			return LDAP_CONSTRAINT_VIOLATION; /* constraint violation */
 			
 	}
-	
-	return 0;
+
+	return LDAP_SUCCESS;
 }
 
 static char *
@@ -479,21 +692,80 @@
 }
 
 static int
+constraint_check_restrict( Operation *op, constraint *c, Entry *e )
+{
+	assert( c->restrict_lud != NULL );
+
+	if ( c->restrict_lud->lud_dn != NULL ) {
+		int diff = e->e_nname.bv_len - c->restrict_ndn.bv_len;
+
+		if ( diff < 0 ) {
+			return 0;
+		}
+
+		if ( c->restrict_lud->lud_scope == LDAP_SCOPE_BASE ) {
+			return bvmatch( &e->e_nname, &c->restrict_ndn );
+		}
+
+		if ( !dnIsSuffix( &e->e_nname, &c->restrict_ndn ) ) {
+			return 0;
+		}
+
+		if ( c->restrict_lud->lud_scope != LDAP_SCOPE_SUBTREE ) {
+			struct berval pdn;
+
+			if ( diff == 0 ) {
+				return 0;
+			}
+
+			dnParent( &e->e_nname, &pdn );
+
+			if ( c->restrict_lud->lud_scope == LDAP_SCOPE_ONELEVEL
+				&& pdn.bv_len != c->restrict_ndn.bv_len )
+			{
+				return 0;
+			}
+		}
+	}
+
+	if ( c->restrict_filter != NULL ) {
+		int rc;
+		struct berval save_dn = op->o_dn, save_ndn = op->o_ndn;
+
+		op->o_dn = op->o_bd->be_rootdn;
+		op->o_ndn = op->o_bd->be_rootndn;
+		rc = test_filter( op, e, c->restrict_filter );
+		op->o_dn = save_dn;
+		op->o_ndn = save_ndn;
+
+		if ( rc != LDAP_COMPARE_TRUE ) {
+			return 0;
+		}
+	}
+
+	return 1;
+}
+
+static int
 constraint_add( Operation *op, SlapReply *rs )
 {
 	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
-	Backend *be = op->o_bd;
 	Attribute *a;
 	constraint *c = on->on_bi.bi_private, *cp;
 	BerVarray b = NULL;
 	int i;
 	struct berval rsv = BER_BVC("add breaks constraint");
-	char *msg;
+	int rc;
+	char *msg = NULL;
 
+	if (get_relax(op)) {
+		return SLAP_CB_CONTINUE;
+	}
+
 	if ((a = op->ora_e->e_attrs) == NULL) {
 		op->o_bd->bd_info = (BackendInfo *)(on->on_info);
 		send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
-			"constraint_add() got null op.ora_e.e_attrs");
+			"constraint_add: no attrs");
 		return(rs->sr_err);
 	}
 
@@ -502,82 +774,122 @@
 		if (is_at_operational(a->a_desc->ad_type)) continue;
 
 		for(cp = c; cp; cp = cp->ap_next) {
-			if (cp->ap != a->a_desc) continue;
+			int j;
+			for (j = 0; cp->ap[j]; j++) {
+				if (cp->ap[j] == a->a_desc) break;
+			}
+			if (cp->ap[j] == NULL) continue;
 			if ((b = a->a_vals) == NULL) continue;
-				
+
+			if (cp->restrict_lud != NULL && constraint_check_restrict(op, cp, op->ora_e) == 0) {
+				continue;
+			}
+
 			Debug(LDAP_DEBUG_TRACE, 
 				"==> constraint_add, "
-				"a->a_numvals = %d, cp->count = %d\n",
-				a->a_numvals, cp->count, 0);
+				"a->a_numvals = %u, cp->count = %lu\n",
+				a->a_numvals, (unsigned long) cp->count, 0);
 
-			if ((cp->count != 0) && (a->a_numvals > cp->count))
+			if ((cp->count != 0) && (a->a_numvals > cp->count)) {
+				rc = LDAP_CONSTRAINT_VIOLATION;
 				goto add_violation;
+			}
 
-			for(i=0; b[i].bv_val; i++) 
-				if (constraint_violation( cp, &b[i], op, rs))
+			for ( i = 0; b[i].bv_val; i++ ) {
+				rc = constraint_violation( cp, &b[i], op, rs );
+				if ( rc ) {
 					goto add_violation;
+				}
+			}
+
+			if (cp->set && acl_match_set(&cp->val, op, op->ora_e, NULL) == 0) {
+				rc = LDAP_CONSTRAINT_VIOLATION;
+				goto add_violation; /* constraint violation */
+			}
+
 		}
 	}
+
 	/* Default is to just fall through to the normal processing */
 	return SLAP_CB_CONTINUE;
 
 add_violation:
 	op->o_bd->bd_info = (BackendInfo *)(on->on_info);
-	msg = print_message( &rsv, a->a_desc );
-	send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
+	if (rc == LDAP_CONSTRAINT_VIOLATION ) {
+		msg = print_message( &rsv, a->a_desc );
+	}
+	send_ldap_error(op, rs, rc, msg );
 	ch_free(msg);
 	return (rs->sr_err);
 }
 
 
 static int
-constraint_modify( Operation *op, SlapReply *rs )
+constraint_update( Operation *op, SlapReply *rs )
 {
 	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
 	Backend *be = op->o_bd;
 	constraint *c = on->on_bi.bi_private, *cp;
-	Entry *target_entry = NULL;
-	Modifications *m;
+	Entry *target_entry = NULL, *target_entry_copy = NULL;
+	Modifications *modlist, *m;
 	BerVarray b = NULL;
 	int i;
 	struct berval rsv = BER_BVC("modify breaks constraint");
-	char *msg;
+	int rc;
+	char *msg = NULL;
+
+	if (get_relax(op)) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	switch ( op->o_tag ) {
+	case LDAP_REQ_MODIFY:
+		modlist = op->orm_modlist;
+		break;
+
+	case LDAP_REQ_MODRDN:
+		modlist = op->orr_modlist;
+		break;
+
+	default:
+		/* impossible! assert? */
+		return LDAP_OTHER;
+	}
 	
-	Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "constraint_modify()", 0,0,0);
-	if ((m = op->orm_modlist) == NULL) {
+	Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE, "constraint_update()\n", 0,0,0);
+	if ((m = modlist) == NULL) {
 		op->o_bd->bd_info = (BackendInfo *)(on->on_info);
 		send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
-						"constraint_modify() got null orm_modlist");
+						"constraint_update() got null modlist");
 		return(rs->sr_err);
 	}
 
 	/* Do we need to count attributes? */
 	for(cp = c; cp; cp = cp->ap_next) {
-		if (cp->count != 0) {
-			int rc;
-
+		if (cp->count != 0 || cp->set || cp->restrict_lud != 0) {
 			op->o_bd = on->on_info->oi_origdb;
 			rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &target_entry );
 			op->o_bd = be;
 
 			if (rc != 0 || target_entry == NULL) {
 				Debug(LDAP_DEBUG_TRACE, 
-					"==> constraint_modify rc = %d\n",
-					rc, 0, 0);
+					"==> constraint_update rc = %d DN=\"%s\"%s\n",
+					rc, op->o_req_ndn.bv_val,
+					target_entry ? "" : " not found" );
+				if ( rc == 0 ) 
+					rc = LDAP_CONSTRAINT_VIOLATION;
 				goto mod_violation;
 			}
 			break;
 		}
 	}
-		
+
+	rc = LDAP_CONSTRAINT_VIOLATION;
 	for(;m; m = m->sml_next) {
-		int ce = 0;
+		unsigned ce = 0;
 
-		/* Get this attribute count, if needed */
-		if (target_entry)
-			ce = constraint_count_attr(target_entry, m->sml_desc);
+		if (is_at_operational( m->sml_desc->ad_type )) continue;
 
-		if (is_at_operational( m->sml_desc->ad_type )) continue;
 		if ((( m->sml_op & LDAP_MOD_OP ) != LDAP_MOD_ADD) &&
 			(( m->sml_op & LDAP_MOD_OP ) != LDAP_MOD_REPLACE) &&
 			(( m->sml_op & LDAP_MOD_OP ) != LDAP_MOD_DELETE))
@@ -587,11 +899,25 @@
 		if ((( b = m->sml_values ) == NULL ) || (b[0].bv_val == NULL))
 			continue;
 
+		/* Get this attribute count, if needed */
+		if (target_entry)
+			ce = constraint_count_attr(target_entry, m->sml_desc);
+
 		for(cp = c; cp; cp = cp->ap_next) {
-			if (cp->ap != m->sml_desc) continue;
-			
+			int j;
+			for (j = 0; cp->ap[j]; j++) {
+				if (cp->ap[j] == m->sml_desc) {
+					break;
+				}
+			}
+			if (cp->ap[j] == NULL) continue;
+
+			if (cp->restrict_lud != NULL && constraint_check_restrict(op, cp, target_entry) == 0) {
+				continue;
+			}
+
 			if (cp->count != 0) {
-				int ca;
+				unsigned ca;
 
 				if (m->sml_op == LDAP_MOD_DELETE)
 					ce = 0;
@@ -599,16 +925,21 @@
 				for (ca = 0; b[ca].bv_val; ++ca);
 
 				Debug(LDAP_DEBUG_TRACE, 
-					"==> constraint_modify ce = %d, "
-					"ca = %d, cp->count = %d\n",
-					ce, ca, cp->count);
+					"==> constraint_update ce = %u, "
+					"ca = %u, cp->count = %lu\n",
+					ce, ca, (unsigned long) cp->count);
 
-				if (m->sml_op == LDAP_MOD_ADD)
-					if (ca + ce > cp->count)
+				if (m->sml_op == LDAP_MOD_ADD) {
+					if (ca + ce > cp->count) {
+						rc = LDAP_CONSTRAINT_VIOLATION;
 						goto mod_violation;
+					}
+				}
 				if (m->sml_op == LDAP_MOD_REPLACE) {
-					if (ca > cp->count)
+					if (ca > cp->count) {
+						rc = LDAP_CONSTRAINT_VIOLATION;
 						goto mod_violation;
+					}
 					ce = ca;
 				}
 			} 
@@ -617,18 +948,117 @@
 			if (( m->sml_op & LDAP_MOD_OP ) == LDAP_MOD_DELETE)
 				continue;
 
-			for(i=0; b[i].bv_val; i++)
-				if (constraint_violation( cp, &b[i], op, rs))
+			for ( i = 0; b[i].bv_val; i++ ) {
+				rc = constraint_violation( cp, &b[i], op, rs );
+				if ( rc ) {
 					goto mod_violation;
+				}
+			}
+
+			if (cp->set && target_entry) {
+				if (target_entry_copy == NULL) {
+					Modifications *ml;
+
+					target_entry_copy = entry_dup(target_entry);
+
+					/* if rename, set the new entry's name
+					 * (in normalized form only) */
+					if ( op->o_tag == LDAP_REQ_MODRDN ) {
+						struct berval pdn, ndn = BER_BVNULL;
+
+						if ( op->orr_nnewSup ) {
+							pdn = *op->orr_nnewSup;
+
+						} else {
+							dnParent( &target_entry_copy->e_nname, &pdn );
+						}
+
+						build_new_dn( &ndn, &pdn, &op->orr_nnewrdn, NULL ); 
+
+						ber_memfree( target_entry_copy->e_nname.bv_val );
+						target_entry_copy->e_nname = ndn;
+						ber_bvreplace( &target_entry_copy->e_name, &ndn );
+					}
+
+					/* apply modifications, in an attempt
+					 * to estimate what the entry would
+					 * look like in case all modifications
+					 * pass */
+					for ( ml = modlist; ml; ml = ml->sml_next ) {
+						Modification *mod = &ml->sml_mod;
+						const char *text;
+						char textbuf[SLAP_TEXT_BUFLEN];
+						size_t textlen = sizeof(textbuf);
+						int err;
+
+						switch ( mod->sm_op ) {
+						case LDAP_MOD_ADD:
+							err = modify_add_values( target_entry_copy,
+								mod, get_permissiveModify(op),
+								&text, textbuf, textlen );
+							break;
+
+						case LDAP_MOD_DELETE:
+							err = modify_delete_values( target_entry_copy,
+								mod, get_permissiveModify(op),
+								&text, textbuf, textlen );
+							break;
+
+						case LDAP_MOD_REPLACE:
+							err = modify_replace_values( target_entry_copy,
+								mod, get_permissiveModify(op),
+								&text, textbuf, textlen );
+							break;
+
+						case LDAP_MOD_INCREMENT:
+							err = modify_increment_values( target_entry_copy,
+								mod, get_permissiveModify(op),
+								&text, textbuf, textlen );
+							break;
+
+						case SLAP_MOD_SOFTADD:
+ 							mod->sm_op = LDAP_MOD_ADD;
+							err = modify_add_values( target_entry_copy,
+								mod, get_permissiveModify(op),
+								&text, textbuf, textlen );
+ 							mod->sm_op = SLAP_MOD_SOFTADD;
+ 							if ( err == LDAP_TYPE_OR_VALUE_EXISTS ) {
+ 								err = LDAP_SUCCESS;
+ 							}
+							break;
+
+						default:
+							err = LDAP_OTHER;
+							break;
+						}
+
+						if ( err != LDAP_SUCCESS ) {
+							rc = err;
+							goto mod_violation;
+						}
+					}
+				}
+
+				if ( acl_match_set(&cp->val, op, target_entry_copy, NULL) == 0) {
+					rc = LDAP_CONSTRAINT_VIOLATION;
+					goto mod_violation;
+				}
+			}
 		}
 	}
-	
+
 	if (target_entry) {
 		op->o_bd = on->on_info->oi_origdb;
 		be_entry_release_r(op, target_entry);
 		op->o_bd = be;
 	}
+
+	if (target_entry_copy) {
+		entry_free(target_entry_copy);
+	}
+
 	return SLAP_CB_CONTINUE;
+
 mod_violation:
 	/* violation */
 	if (target_entry) {
@@ -636,9 +1066,16 @@
 		be_entry_release_r(op, target_entry);
 		op->o_bd = be;
 	}
+
+	if (target_entry_copy) {
+		entry_free(target_entry_copy);
+	}
+
 	op->o_bd->bd_info = (BackendInfo *)(on->on_info);
-	msg = print_message( &rsv, m->sml_desc );
-	send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
+	if ( rc == LDAP_CONSTRAINT_VIOLATION ) {
+		msg = print_message( &rsv, m->sml_desc );
+	}
+	send_ldap_error( op, rs, LDAP_CONSTRAINT_VIOLATION, msg );
 	ch_free(msg);
 	return (rs->sr_err);
 }
@@ -653,7 +1090,7 @@
 
 	for ( ap = on->on_bi.bi_private; ap; ap = a2 ) {
 		a2 = ap->ap_next;
-		constraint_free( ap );
+		constraint_free( ap, 1 );
 	}
 
 	return 0;
@@ -671,7 +1108,8 @@
 	constraint_ovl.on_bi.bi_type = "constraint";
 	constraint_ovl.on_bi.bi_db_close = constraint_close;
 	constraint_ovl.on_bi.bi_op_add = constraint_add;
-	constraint_ovl.on_bi.bi_op_modify = constraint_modify;
+	constraint_ovl.on_bi.bi_op_modify = constraint_update;
+	constraint_ovl.on_bi.bi_op_modrdn = constraint_update;
 
 	constraint_ovl.on_bi.bi_private = NULL;
 	

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dds.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dds.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dds.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dds.c,v 1.7.2.9 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dds.c,v 1.7.2.11 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright 2005-2006 SysNet s.n.c.
  * All rights reserved.
  *
@@ -185,7 +185,7 @@
 
 done_search:;
 	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
-	filter_free_x( op, op->ors_filter );
+	filter_free_x( op, op->ors_filter, 1 );
 
 	rc = rs.sr_err;
 	switch ( rs.sr_err ) {
@@ -1671,7 +1671,7 @@
 
 done_search:;
 	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
-	filter_free_x( op, op->ors_filter );
+	filter_free_x( op, op->ors_filter, 1 );
 
 	rc = rs.sr_err;
 	switch ( rs.sr_err ) {

Added: openldap/vendor/openldap-release/servers/slapd/overlays/deref.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/deref.c	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/deref.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,565 @@
+/* deref.c - dereference overlay */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/deref.c,v 1.7.2.3 2009/01/22 00:01:12 kurt Exp $ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2009 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_DEREF
+
+#include <stdio.h>
+
+#include "ac/string.h"
+#include "ac/socket.h"
+
+#include "slap.h"
+#include "config.h"
+
+#include "lutil.h"
+
+/*
+ * 1. Specification
+ *
+ * 1.1. Request
+ *
+ *  controlValue ::= SEQUENCE OF derefSpec DerefSpec
+ *
+ *  DerefSpec ::= SEQUENCE {
+ *      derefAttr       attributeDescription,    ; DN-valued
+ *      attributes      AttributeList }
+ *
+ *  AttributeList ::= SEQUENCE OF attr AttributeDescription
+ *
+ *  derefAttr MUST be unique within controlValue
+ *
+ *
+ * 1.2. Response
+ *
+ *  controlValue ::= SEQUENCE OF DerefRes
+ *
+ * From RFC 4511:
+ *      PartialAttribute ::= SEQUENCE {
+ *           type       AttributeDescription,
+ *           vals       SET OF value AttributeValue }
+ *
+ *      PartialAttributeList ::= SEQUENCE OF
+ *                           partialAttribute PartialAttribute
+ *
+ *  DerefRes ::= SEQUENCE {
+ *      derefAttr       AttributeDescription,
+ *      derefVal        LDAPDN,
+ *      attrVals        [0] PartialAttributeList OPTIONAL }
+ *
+ *  If vals is empty, partialAttribute is omitted.
+ *  If all vals in attrVals are empty, attrVals is omitted.
+ *      
+ * 2. Examples
+ *
+ * 2.1. Example
+ *
+ * 2.1.1. Request
+ *
+ * { { member, { GUID, SID } }, { memberOf, { GUID, SID } } }
+ *
+ * 2.1.2. Response
+ *
+ * { { memberOf, "cn=abartlet,cn=users,dc=abartlet,dc=net",
+ *     { { GUID, [ "0bc11d00-e431-40a0-8767-344a320142fa" ] },
+ *       { SID, [ "S-1-2-3-2345" ] } } },
+ *   { memberOf, "cn=ando,cn=users,dc=sys-net,dc=it",
+ *     { { GUID, [ "0bc11d00-e431-40a0-8767-344a320142fb" ] },
+ *       { SID, [ "S-1-2-3-2346" ] } } } }
+ *
+ * 2.2. Example
+ *
+ * 2.2.1. Request
+ *
+ * { { member, { cn, uid, drink } } }
+ *
+ * 2.2.2. Response
+ *
+ * { { member, "cn=ando,cn=users,dc=sys-net,dc=it",
+ *     { { cn, [ "ando", "Pierangelo Masarati" ] },
+ *       { uid, [ "ando" ] } } },
+ *   { member, "dc=sys-net,dc=it" } }
+ *
+ *
+ * 3. Security considerations
+ *
+ * The control result must not disclose information the client's
+ * identity could not have accessed directly by performing the related
+ * search operations.  The presence of a derefVal in the control
+ * response does not imply neither the existence of nor any access
+ * privilege to the corresponding entry.  It is merely a consequence
+ * of the read access the client's identity has on the corresponding
+ * attribute's value.
+ */
+
+#define o_deref			o_ctrlflag[deref_cid]
+#define o_ctrlderef		o_controls[deref_cid]
+
+typedef struct DerefSpec {
+	AttributeDescription	*ds_derefAttr;
+	AttributeDescription	**ds_attributes;
+	int			ds_nattrs;
+	struct DerefSpec	*ds_next;
+} DerefSpec;
+
+typedef struct DerefVal {
+	struct berval	dv_derefSpecVal;
+	BerVarray	*dv_attrVals;
+} DerefVal;
+
+typedef struct DerefRes {
+	DerefSpec		dr_spec;
+	DerefVal		*dr_vals;
+	struct DerefRes		*dr_next;
+} DerefRes;
+
+typedef struct deref_cb_t {
+	slap_overinst *dc_on;
+	DerefSpec *dc_ds;
+} deref_cb_t;
+
+static int			deref_cid;
+static slap_overinst 		deref;
+
+static int
+deref_parseCtrl (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	ber_tag_t tag;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_len_t len;
+	char *last;
+	DerefSpec *dshead = NULL, **dsp = &dshead;
+	BerVarray attributes = NULL;
+
+	if ( op->o_deref != SLAP_CONTROL_NONE ) {
+		rs->sr_text = "Dereference control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "Dereference control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "Dereference control value is empty";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_init2( ber, &ctrl->ldctl_value, 0 );
+
+	for ( tag = ber_first_element( ber, &len, &last );
+		tag != LBER_DEFAULT;
+		tag = ber_next_element( ber, &len, last ) )
+	{
+		struct berval derefAttr;
+		DerefSpec *ds, *dstmp;
+		const char *text;
+		int rc;
+		ber_len_t cnt = sizeof(struct berval);
+		ber_len_t off = 0;
+
+		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
+		{
+			rs->sr_text = "Dereference control: derefSpec decoding error";
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+
+		ds = (DerefSpec *)op->o_tmpcalloc( 1,
+			sizeof(DerefSpec) + sizeof(AttributeDescription *)*(cnt + 1),
+			op->o_tmpmemctx );
+		ds->ds_attributes = (AttributeDescription **)&ds[ 1 ];
+		ds->ds_nattrs = cnt;
+
+		rc = slap_bv2ad( &derefAttr, &ds->ds_derefAttr, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			rs->sr_text = "Dereference control: derefAttr decoding error";
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+
+		for ( dstmp = dshead; dstmp && dstmp != ds; dstmp = dstmp->ds_next ) {
+			if ( dstmp->ds_derefAttr == ds->ds_derefAttr ) {
+				rs->sr_text = "Dereference control: derefAttr must be unique within control";
+				rs->sr_err = LDAP_PROTOCOL_ERROR;
+				goto done;
+			}
+		}
+
+		if ( ds->ds_derefAttr->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
+			if ( ctrl->ldctl_iscritical ) {
+				rs->sr_text = "Dereference control: derefAttr syntax not distinguishedName";
+				rs->sr_err = LDAP_PROTOCOL_ERROR;
+				goto done;
+			}
+
+			rs->sr_err = LDAP_SUCCESS;
+			goto justcleanup;
+		}
+
+		for ( cnt = 0; !BER_BVISNULL( &attributes[ cnt ] ); cnt++ ) {
+			rc = slap_bv2ad( &attributes[ cnt ], &ds->ds_attributes[ cnt ], &text );
+			if ( rc != LDAP_SUCCESS ) {
+				rs->sr_text = "Dereference control: attribute decoding error";
+				rs->sr_err = LDAP_PROTOCOL_ERROR;
+				goto done;
+			}
+		}
+
+		ber_memfree_x( attributes, op->o_tmpmemctx );
+		attributes = NULL;
+
+		*dsp = ds;
+		dsp = &ds->ds_next;
+	}
+
+	op->o_ctrlderef = (void *)dshead;
+
+	op->o_deref = ctrl->ldctl_iscritical
+		? SLAP_CONTROL_CRITICAL
+		: SLAP_CONTROL_NONCRITICAL;
+
+	rs->sr_err = LDAP_SUCCESS;
+
+done:;
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+justcleanup:;
+		for ( ; dshead; ) {
+			DerefSpec *dsnext = dshead->ds_next;
+			op->o_tmpfree( dshead, op->o_tmpmemctx );
+			dshead = dsnext;
+		}
+	}
+
+	if ( attributes != NULL ) {
+		ber_memfree_x( attributes, op->o_tmpmemctx );
+	}
+
+	return rs->sr_err;
+}
+
+static int
+deref_cleanup( Operation *op, SlapReply *rs )
+{
+	if ( rs->sr_type == REP_RESULT || rs->sr_err == SLAPD_ABANDON ) {
+		op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
+		op->o_callback = NULL;
+
+		op->o_tmpfree( op->o_ctrlderef, op->o_tmpmemctx );
+		op->o_ctrlderef = NULL;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+deref_response( Operation *op, SlapReply *rs )
+{
+	int rc = SLAP_CB_CONTINUE;
+
+	if ( rs->sr_type == REP_SEARCH ) {
+		BerElementBuffer berbuf;
+		BerElement *ber = (BerElement *) &berbuf;
+		deref_cb_t *dc = (deref_cb_t *)op->o_callback->sc_private;
+		DerefSpec *ds;
+		DerefRes *dr, *drhead = NULL, **drp = &drhead;
+		struct berval bv = BER_BVNULL;
+		int nDerefRes = 0, nDerefVals = 0, nAttrs = 0, nVals = 0;
+		struct berval ctrlval;
+		LDAPControl *ctrl, **ctrlsp;
+		AccessControlState acl_state = ACL_STATE_INIT;
+		static char dummy = '\0';
+		Entry *ebase;
+		int i;
+
+		rc = overlay_entry_get_ov( op, &rs->sr_entry->e_nname, NULL, NULL, 0, &ebase, dc->dc_on );
+		if ( rc != LDAP_SUCCESS || ebase == NULL ) {
+			return SLAP_CB_CONTINUE;
+		}
+
+		for ( ds = dc->dc_ds; ds; ds = ds->ds_next ) {
+			Attribute *a = attr_find( ebase->e_attrs, ds->ds_derefAttr );
+
+			if ( a != NULL ) {
+				DerefVal *dv;
+				BerVarray *bva;
+
+				if ( !access_allowed( op, rs->sr_entry, a->a_desc,
+						NULL, ACL_READ, &acl_state ) )
+				{
+					continue;
+				}
+
+				dr = op->o_tmpcalloc( 1,
+					sizeof( DerefRes ) + ( sizeof( DerefVal ) + sizeof( BerVarray * ) * ds->ds_nattrs ) * ( a->a_numvals + 1 ),
+					op->o_tmpmemctx );
+				dr->dr_spec = *ds;
+				dv = dr->dr_vals = (DerefVal *)&dr[ 1 ];
+				bva = (BerVarray *)&dv[ a->a_numvals + 1 ];
+
+				bv.bv_len += ds->ds_derefAttr->ad_cname.bv_len;
+				nAttrs++;
+				nDerefRes++;
+
+				for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) {
+					Entry *e = NULL;
+
+					dv[ i ].dv_attrVals = bva;
+					bva += ds->ds_nattrs;
+
+
+					if ( !access_allowed( op, rs->sr_entry, a->a_desc,
+							&a->a_nvals[ i ], ACL_READ, &acl_state ) )
+					{
+						dv[ i ].dv_derefSpecVal.bv_val = &dummy;
+						continue;
+					}
+
+					ber_dupbv_x( &dv[ i ].dv_derefSpecVal, &a->a_vals[ i ], op->o_tmpmemctx );
+					bv.bv_len += dv[ i ].dv_derefSpecVal.bv_len;
+					nVals++;
+					nDerefVals++;
+
+					rc = overlay_entry_get_ov( op, &a->a_nvals[ i ], NULL, NULL, 0, &e, dc->dc_on );
+					if ( rc == LDAP_SUCCESS && e != NULL ) {
+						int j;
+
+						if ( access_allowed( op, e, slap_schema.si_ad_entry,
+							NULL, ACL_READ, NULL ) )
+						{
+							for ( j = 0; j < ds->ds_nattrs; j++ ) {
+								Attribute *aa;
+
+								if ( !access_allowed( op, e, ds->ds_attributes[ j ], NULL,
+									ACL_READ, &acl_state ) )
+								{
+									continue;
+								}
+
+								aa = attr_find( e->e_attrs, ds->ds_attributes[ j ] );
+								if ( aa != NULL ) {
+									unsigned k, h, last = aa->a_numvals;
+
+									ber_bvarray_dup_x( &dv[ i ].dv_attrVals[ j ],
+										aa->a_vals, op->o_tmpmemctx );
+
+									bv.bv_len += ds->ds_attributes[ j ]->ad_cname.bv_len;
+
+									for ( k = 0, h = 0; k < aa->a_numvals; k++ ) {
+										if ( !access_allowed( op, e,
+											aa->a_desc,
+											&aa->a_nvals[ k ],
+											ACL_READ, &acl_state ) )
+										{
+											op->o_tmpfree( dv[ i ].dv_attrVals[ j ][ h ].bv_val,
+												op->o_tmpmemctx );
+											dv[ i ].dv_attrVals[ j ][ h ] = dv[ i ].dv_attrVals[ j ][ --last ];
+											BER_BVZERO( &dv[ i ].dv_attrVals[ j ][ last ] );
+											continue;
+										}
+										bv.bv_len += dv[ i ].dv_attrVals[ j ][ h ].bv_len;
+										nVals++;
+										h++;
+									}
+									nAttrs++;
+								}
+							}
+						}
+
+						overlay_entry_release_ov( op, e, 0, dc->dc_on );
+					}
+				}
+
+				*drp = dr;
+				drp = &dr->dr_next;
+			}
+		}
+		overlay_entry_release_ov( op, ebase, 0, dc->dc_on );
+
+		if ( drhead == NULL ) {
+			return SLAP_CB_CONTINUE;
+		}
+
+		/* cook the control value */
+		bv.bv_len += nVals * sizeof(struct berval)
+			+ nAttrs * sizeof(struct berval)
+			+ nDerefVals * sizeof(DerefVal)
+			+ nDerefRes * sizeof(DerefRes);
+		bv.bv_val = op->o_tmpalloc( bv.bv_len, op->o_tmpmemctx );
+
+		ber_init2( ber, &bv, LBER_USE_DER );
+		ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
+
+		rc = ber_printf( ber, "{" /*}*/ );
+		for ( dr = drhead; dr != NULL; dr = dr->dr_next ) {
+			for ( i = 0; !BER_BVISNULL( &dr->dr_vals[ i ].dv_derefSpecVal ); i++ ) {
+				int j, first = 1;
+
+				if ( dr->dr_vals[ i ].dv_derefSpecVal.bv_val == &dummy ) {
+					continue;
+				}
+
+				rc = ber_printf( ber, "{OO" /*}*/,
+					&dr->dr_spec.ds_derefAttr->ad_cname,
+					&dr->dr_vals[ i ].dv_derefSpecVal );
+				op->o_tmpfree( dr->dr_vals[ i ].dv_derefSpecVal.bv_val, op->o_tmpmemctx );
+				for ( j = 0; j < dr->dr_spec.ds_nattrs; j++ ) {
+					if ( dr->dr_vals[ i ].dv_attrVals[ j ] != NULL ) {
+						if ( first ) {
+							rc = ber_printf( ber, "t{" /*}*/,
+								(LBER_CONSTRUCTED|LBER_CLASS_CONTEXT) );
+							first = 0;
+						}
+						rc = ber_printf( ber, "{O[W]}",
+							&dr->dr_spec.ds_attributes[ j ]->ad_cname,
+							dr->dr_vals[ i ].dv_attrVals[ j ] );
+						op->o_tmpfree( dr->dr_vals[ i ].dv_attrVals[ j ],
+							op->o_tmpmemctx );
+					}
+				}
+				if ( !first ) {
+					rc = ber_printf( ber, /*{{*/ "}N}" );
+				} else {
+					rc = ber_printf( ber, /*{*/ "}" );
+				}
+			}
+		}
+		rc = ber_printf( ber, /*{*/ "}" );
+		if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
+			if ( op->o_deref == SLAP_CONTROL_CRITICAL ) {
+				rc = LDAP_CONSTRAINT_VIOLATION;
+
+			} else {
+				rc = SLAP_CB_CONTINUE;
+			}
+			goto cleanup;
+		}
+
+		ctrl = op->o_tmpcalloc( 1,
+			sizeof( LDAPControl ) + ctrlval.bv_len + 1,
+			op->o_tmpmemctx );
+		ctrl->ldctl_value.bv_val = (char *)&ctrl[ 1 ];
+		ctrl->ldctl_oid = LDAP_CONTROL_X_DEREF;
+		ctrl->ldctl_iscritical = 0;
+		ctrl->ldctl_value.bv_len = ctrlval.bv_len;
+		AC_MEMCPY( ctrl->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len );
+		ctrl->ldctl_value.bv_val[ ctrl->ldctl_value.bv_len ] = '\0';
+
+		ber_free_buf( ber );
+
+		i = 0;
+		if ( rs->sr_ctrls ) {
+			for ( ; rs->sr_ctrls[ i ] != NULL; i++ )
+				/* count'em */ ;
+		}
+		i += 2;
+		ctrlsp = op->o_tmpcalloc( i, sizeof(LDAPControl *), op->o_tmpmemctx );
+		i = 0;
+		if ( rs->sr_ctrls != NULL ) {
+			for ( ; rs->sr_ctrls[ i ] != NULL; i++ ) {
+				ctrlsp[ i ] = rs->sr_ctrls[ i ];
+			}
+		}
+		ctrlsp[ i++ ] = ctrl;
+		ctrlsp[ i++ ] = NULL;
+		if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
+			op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+		}
+		rs->sr_ctrls = ctrlsp;
+		rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+
+		rc = SLAP_CB_CONTINUE;
+
+cleanup:;
+		/* release all */
+		for ( ; drhead != NULL; ) {
+			DerefRes *drnext = drhead->dr_next;
+			op->o_tmpfree( drhead, op->o_tmpmemctx );
+			drhead = drnext;
+		}
+
+	} else if ( rs->sr_type == REP_RESULT ) {
+		rc = deref_cleanup( op, rs );
+	}
+
+	return rc;
+}
+
+static int
+deref_op_search( Operation *op, SlapReply *rs )
+{
+	if ( op->o_deref ) {
+		slap_callback *sc;
+		deref_cb_t *dc;
+
+		sc = op->o_tmpcalloc( 1, sizeof( slap_callback ) + sizeof( deref_cb_t ), op->o_tmpmemctx );
+
+		dc = (deref_cb_t *)&sc[ 1 ];
+		dc->dc_on = (slap_overinst *)op->o_bd->bd_info;
+		dc->dc_ds = (DerefSpec *)op->o_ctrlderef;
+
+		sc->sc_response = deref_response;
+		sc->sc_cleanup = deref_cleanup;
+		sc->sc_private = (void *)dc;
+
+		sc->sc_next = op->o_callback->sc_next;
+                op->o_callback->sc_next = sc;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+int
+deref_initialize(void)
+{
+	int rc;
+
+	rc = register_supported_control( LDAP_CONTROL_X_DEREF,
+		SLAP_CTRL_SEARCH, NULL,
+		deref_parseCtrl, &deref_cid );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY,
+			"deref_init: Failed to register control (%d)\n",
+			rc, 0, 0 );
+		return -1;
+	}
+
+	deref.on_bi.bi_type = "deref";
+	deref.on_bi.bi_op_search = deref_op_search;
+
+	return overlay_register( &deref );
+}
+
+#if SLAPD_OVER_DEREF == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return deref_initialize();
+}
+#endif /* SLAPD_OVER_DEREF == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_DEREF */

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dyngroup.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dyngroup.c - Demonstration of overlay code */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dyngroup.c,v 1.10.2.3 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dyngroup.c,v 1.10.2.4 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Copyright 2003 by Howard Chu.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/dynlist.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* dynlist.c - dynamic list overlay */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.20.2.17 2008/07/10 00:43:03 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/dynlist.c,v 1.20.2.25 2009/01/30 19:10:13 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Pierangelo Masarati.
  * Portions Copyright 2008 Emmanuel Dreyfus.
  * All rights reserved.
@@ -62,21 +62,25 @@
 static AttributeDescription *ad_dgIdentity, *ad_dgAuthz;
 
 typedef struct dynlist_map_t {
-	AttributeDescription *dlm_member_ad;
-	AttributeDescription *dlm_mapped_ad;
-	struct dynlist_map_t *dlm_next;
+	AttributeDescription	*dlm_member_ad;
+	AttributeDescription	*dlm_mapped_ad;
+	struct dynlist_map_t	*dlm_next;
 } dynlist_map_t;
 
 typedef struct dynlist_info_t {
 	ObjectClass		*dli_oc;
 	AttributeDescription	*dli_ad;
 	struct dynlist_map_t	*dli_dlm;
+	struct berval		dli_uri;
+	LDAPURLDesc		*dli_lud;
+	struct berval		dli_uri_nbase;
+	Filter			*dli_uri_filter;
 	struct berval		dli_default_filter;
 	struct dynlist_info_t	*dli_next;
 } dynlist_info_t;
 
 #define DYNLIST_USAGE \
-	"\"dynlist-attrset <oc> <URL-ad> [[<mapped-ad>:]<member-ad> ...]\": "
+	"\"dynlist-attrset <oc> [uri] <URL-ad> [[<mapped-ad>:]<member-ad> ...]\": "
 
 static dynlist_info_t *
 dynlist_is_dynlist_next( Operation *op, SlapReply *rs, dynlist_info_t *old_dli )
@@ -102,6 +106,56 @@
 	}
 
 	for ( ; dli; dli = dli->dli_next ) {
+		if ( dli->dli_lud != NULL ) {
+			/* check base and scope */
+			if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
+				int d = rs->sr_entry->e_nname.bv_len - dli->dli_uri_nbase.bv_len;
+
+				if ( d < 0 ) {
+					continue;
+				}
+
+				if ( !dnIsSuffix( &rs->sr_entry->e_nname, &dli->dli_uri_nbase ) ) {
+					continue;
+				}
+
+				switch ( dli->dli_lud->lud_scope ) {
+				case LDAP_SCOPE_BASE:
+					if ( d != 0 ) {
+						continue;
+					}
+					break;
+
+				case LDAP_SCOPE_ONELEVEL: {
+					struct berval pdn;
+
+					dnParent( &rs->sr_entry->e_nname, &pdn );
+					if ( pdn.bv_len != dli->dli_uri_nbase.bv_len ) {
+						continue;
+					}
+					} break;
+
+				case LDAP_SCOPE_SUBORDINATE:
+					if ( d == 0 ) {
+						continue;
+					}
+					break;
+
+				case LDAP_SCOPE_SUBTREE:
+				case LDAP_SCOPE_DEFAULT:
+					break;
+
+				default:
+					continue;
+				}
+			}
+
+			/* check filter */
+			if ( dli->dli_uri_filter && test_filter( op, rs->sr_entry, dli->dli_uri_filter ) != LDAP_COMPARE_TRUE ) {
+				continue;
+			}
+		}
+
 		if ( attr_valfind( a,
 				SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
@@ -306,7 +360,9 @@
 			ad = a->a_desc;
 			for ( dlm = dlc->dlc_dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
 				if ( dlm->dlm_member_ad == a->a_desc ) {
-					ad = dlm->dlm_mapped_ad;
+					if ( dlm->dlm_mapped_ad ) {
+						ad = dlm->dlm_mapped_ad;
+					}
 					break;
 				}
 			}
@@ -369,8 +425,8 @@
 
 	/* Don't generate member list if it wasn't requested */
 	for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
-		if ( userattrs ||
-		     ad_inlist( dlm->dlm_member_ad, rs->sr_attrs ) ) 
+		AttributeDescription *ad = dlm->dlm_mapped_ad ? dlm->dlm_mapped_ad : dlm->dlm_member_ad;
+		if ( userattrs || ad_inlist( ad, rs->sr_attrs ) ) 
 			break;
 	}
 	if ( dli->dli_dlm && !dlm )
@@ -396,12 +452,13 @@
 		o.o_groups = NULL;
 	}
 
+	e_flags = rs->sr_flags;
 	if ( !( rs->sr_flags & REP_ENTRY_MODIFIABLE ) ) {
 		e = entry_dup( rs->sr_entry );
+		e_flags |= ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
 	} else {
 		e = rs->sr_entry;
 	}
-	e_flags = rs->sr_flags | ( REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED );
 
 	dlc.dlc_e = e;
 	dlc.dlc_dli = dli;
@@ -421,7 +478,6 @@
 		int		i, j;
 		struct berval	dn;
 		int		rc;
-		dynlist_map_t	*dlm;
 
 		BER_BVZERO( &o.o_req_dn );
 		BER_BVZERO( &o.o_req_ndn );
@@ -498,17 +554,42 @@
 					if ( o.ors_attrs[j].an_desc != NULL &&
 							is_at_operational( o.ors_attrs[j].an_desc->ad_type ) )
 					{
-						if ( !opattrs && !ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
-						{
+						if ( !opattrs ) {
 							continue;
 						}
 
+						if ( !ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) ) {
+							/* lookup if mapped -- linear search,
+							 * not very efficient unless list
+							 * is very short */
+							for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
+								if ( dlm->dlm_member_ad == o.ors_attrs[j].an_desc ) {
+									break;
+								}
+							}
+
+							if ( dlm == NULL ) {
+								continue;
+							}
+						}
+
 					} else {
 						if ( !userattrs && 
 								o.ors_attrs[j].an_desc != NULL &&
 								!ad_inlist( o.ors_attrs[j].an_desc, rs->sr_attrs ) )
 						{
-							continue;
+							/* lookup if mapped -- linear search,
+							 * not very efficient unless list
+							 * is very short */
+							for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
+								if ( dlm->dlm_member_ad == o.ors_attrs[j].an_desc ) {
+									break;
+								}
+							}
+
+							if ( dlm == NULL ) {
+								continue;
+							}
 						}
 					}
 				}
@@ -553,7 +634,7 @@
 			slap_op_groups_free( &o );
 		}
 		if ( o.ors_filter ) {
-			filter_free_x( &o, o.ors_filter );
+			filter_free_x( &o, o.ors_filter, 1 );
 		}
 		if ( o.ors_attrs && o.ors_attrs != rs->sr_attrs
 				&& o.ors_attrs != slap_anlist_no_attrs )
@@ -775,6 +856,8 @@
 
 		if ( r.sr_flags & REP_ENTRY_MUSTBEFREED ) {
 			entry_free( r.sr_entry );
+			r.sr_entry = NULL;
+			r.sr_flags ^= REP_ENTRY_MUSTBEFREED;
 		}
 	}
 
@@ -851,7 +934,7 @@
 	ptr = lutil_strcopy( ptr, dli->dli_oc->soc_cname.bv_val );
 	ptr = lutil_strcopy( ptr, "))" );
 
-	assert( dli->dli_default_filter.bv_len == ptr - dli->dli_default_filter.bv_val );
+	assert( ptr == &dli->dli_default_filter.bv_val[dli->dli_default_filter.bv_len] );
 
 	return 0;
 }
@@ -1117,9 +1200,9 @@
 
 /* XXXmanu 255 is the maximum arguments we allow. Can we go beyond? */
 static ConfigTable dlcfg[] = {
-	{ "dynlist-attrset", "group-oc> <URL-ad> <member-ad",
-		3, 255, 0, ARG_MAGIC|DL_ATTRSET, dl_cfgen,
-		"( OLcfgOvAt:8.1 NAME 'olcDLattrSet' "
+	{ "dynlist-attrset", "group-oc> [uri] <URL-ad> <[mapped:]member-ad> [...]",
+		3, 0, 0, ARG_MAGIC|DL_ATTRSET, dl_cfgen,
+		"( OLcfgOvAt:8.1 NAME 'olcDlAttrSet' "
 			"DESC 'Dynamic list: <group objectClass>, <URL attributeDescription>, <member attributeDescription>' "
 			"EQUALITY caseIgnoreMatch "
 			"SYNTAX OMsDirectoryString "
@@ -1165,11 +1248,23 @@
 				assert( dli->dli_oc != NULL );
 				assert( dli->dli_ad != NULL );
 
+				/* FIXME: check buffer overflow! */
 				ptr += snprintf( c->cr_msg, sizeof( c->cr_msg ),
-					SLAP_X_ORDERED_FMT "%s %s", i,
-					dli->dli_oc->soc_cname.bv_val,
-					dli->dli_ad->ad_cname.bv_val );
+					SLAP_X_ORDERED_FMT "%s", i,
+					dli->dli_oc->soc_cname.bv_val );
 
+				if ( !BER_BVISNULL( &dli->dli_uri ) ) {
+					*ptr++ = ' ';
+					*ptr++ = '"';
+					ptr = lutil_strncopy( ptr, dli->dli_uri.bv_val,
+						dli->dli_uri.bv_len );
+					*ptr++ = '"';
+				}
+
+				*ptr++ = ' ';
+				ptr = lutil_strncopy( ptr, dli->dli_oc->soc_cname.bv_val,
+					dli->dli_oc->soc_cname.bv_len );
+
 				for ( dlm = dli->dli_dlm; dlm; dlm = dlm->dlm_next ) {
 					ptr[ 0 ] = ' ';
 					ptr++;
@@ -1212,6 +1307,22 @@
 
 					dli_next = dli->dli_next;
 
+					if ( !BER_BVISNULL( &dli->dli_uri ) ) {
+						ch_free( dli->dli_uri.bv_val );
+					}
+
+					if ( dli->dli_lud != NULL ) {
+						ldap_free_urldesc( dli->dli_lud );
+					}
+
+					if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
+						ber_memfree( dli->dli_uri_nbase.bv_val );
+					}
+
+					if ( dli->dli_uri_filter != NULL ) {
+						filter_free( dli->dli_uri_filter );
+					}
+
 					ch_free( dli->dli_default_filter.bv_val );
 
 					while ( dlm != NULL ) {
@@ -1240,6 +1351,23 @@
 
 				dli = *dlip;
 				*dlip = dli->dli_next;
+
+				if ( !BER_BVISNULL( &dli->dli_uri ) ) {
+					ch_free( dli->dli_uri.bv_val );
+				}
+
+				if ( dli->dli_lud != NULL ) {
+					ldap_free_urldesc( dli->dli_lud );
+				}
+
+				if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
+					ber_memfree( dli->dli_uri_nbase.bv_val );
+				}
+
+				if ( dli->dli_uri_filter != NULL ) {
+					filter_free( dli->dli_uri_filter );
+				}
+
 				ch_free( dli->dli_default_filter.bv_val );
 
 				dlm = dli->dli_dlm;
@@ -1273,6 +1401,11 @@
 					*dli_next = NULL;
 		ObjectClass		*oc = NULL;
 		AttributeDescription	*ad = NULL;
+		int			attridx = 2;
+		LDAPURLDesc		*lud = NULL;
+		struct berval		nbase = BER_BVNULL;
+		Filter			*filter = NULL;
+		struct berval		uri = BER_BVNULL;
 		dynlist_map_t           *dlm = NULL;
 		const char		*text;
 
@@ -1286,11 +1419,98 @@
 			return 1;
 		}
 
-		rc = slap_str2ad( c->argv[ 2 ], &ad, &text );
+		if ( strncasecmp( c->argv[ attridx ], "ldap://", STRLENOF("ldap://") ) == 0 ) {
+			if ( ldap_url_parse( c->argv[ attridx ], &lud ) != LDAP_URL_SUCCESS ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
+					"unable to parse URI \"%s\"",
+					c->argv[ attridx ] );
+				rc = 1;
+				goto done_uri;
+			}
+
+			if ( lud->lud_host != NULL ) {
+				if ( lud->lud_host[0] == '\0' ) {
+					ch_free( lud->lud_host );
+					lud->lud_host = NULL;
+
+				} else {
+					snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
+						"host not allowed in URI \"%s\"",
+						c->argv[ attridx ] );
+					rc = 1;
+					goto done_uri;
+				}
+			}
+
+			if ( lud->lud_attrs != NULL ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
+					"attrs not allowed in URI \"%s\"",
+					c->argv[ attridx ] );
+				rc = 1;
+				goto done_uri;
+			}
+
+			if ( lud->lud_exts != NULL ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
+					"extensions not allowed in URI \"%s\"",
+					c->argv[ attridx ] );
+				rc = 1;
+				goto done_uri;
+			}
+
+			if ( lud->lud_dn != NULL && lud->lud_dn[ 0 ] != '\0' ) {
+				struct berval dn;
+				ber_str2bv( lud->lud_dn, 0, 0, &dn );
+				rc = dnNormalize( 0, NULL, NULL, &dn, &nbase, NULL );
+				if ( rc != LDAP_SUCCESS ) {
+					snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
+						"DN normalization failed in URI \"%s\"",
+						c->argv[ attridx ] );
+					goto done_uri;
+				}
+			}
+
+			if ( lud->lud_filter != NULL && lud->lud_filter[ 0 ] != '\0' ) {
+				filter = str2filter( lud->lud_filter );
+				if ( filter == NULL ) {
+					snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
+						"filter parsing failed in URI \"%s\"",
+						c->argv[ attridx ] );
+					rc = 1;
+					goto done_uri;
+				}
+			}
+
+			ber_str2bv( c->argv[ attridx ], 0, 1, &uri );
+
+done_uri:;
+			if ( rc ) {
+				if ( lud ) {
+					ldap_free_urldesc( lud );
+				}
+
+				if ( !BER_BVISNULL( &nbase ) ) {
+					ber_memfree( nbase.bv_val );
+				}
+
+				if ( filter != NULL ) {
+					filter_free( filter );
+				}
+
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+					c->log, c->cr_msg, 0 );
+
+				return rc;
+			}
+
+			attridx++;
+		}
+
+		rc = slap_str2ad( c->argv[ attridx ], &ad, &text );
 		if ( rc != LDAP_SUCCESS ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
 				"unable to find AttributeDescription \"%s\"",
-				c->argv[ 2 ] );
+				c->argv[ attridx ] );
 			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
 				c->log, c->cr_msg, 0 );
 			return 1;
@@ -1300,13 +1520,15 @@
 			snprintf( c->cr_msg, sizeof( c->cr_msg ), DYNLIST_USAGE
 				"AttributeDescription \"%s\" "
 				"must be a subtype of \"labeledURI\"",
-				c->argv[ 2 ] );
+				c->argv[ attridx ] );
 			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
 				c->log, c->cr_msg, 0 );
 			return 1;
 		}
 
-		for ( i = 3; i < c->argc; i++ ) {
+		attridx++;
+
+		for ( i = attridx; i < c->argc; i++ ) {
 			char *arg; 
 			char *cp;
 			AttributeDescription *member_ad = NULL;
@@ -1393,6 +1615,11 @@
 		(*dlip)->dli_dlm = dlm;
 		(*dlip)->dli_next = dli_next;
 
+		(*dlip)->dli_lud = lud;
+		(*dlip)->dli_uri_nbase = nbase;
+		(*dlip)->dli_uri_filter = filter;
+		(*dlip)->dli_uri = uri;
+
 		rc = dynlist_build_def_filter( *dlip );
 
 		} break;
@@ -1599,7 +1826,24 @@
 
 			dli_next = dli->dli_next;
 
+			if ( !BER_BVISNULL( &dli->dli_uri ) ) {
+				ch_free( dli->dli_uri.bv_val );
+			}
+
+			if ( dli->dli_lud != NULL ) {
+				ldap_free_urldesc( dli->dli_lud );
+			}
+
+			if ( !BER_BVISNULL( &dli->dli_uri_nbase ) ) {
+				ber_memfree( dli->dli_uri_nbase.bv_val );
+			}
+
+			if ( dli->dli_uri_filter != NULL ) {
+				filter_free( dli->dli_uri_filter );
+			}
+
 			ch_free( dli->dli_default_filter.bv_val );
+
 			dlm = dli->dli_dlm;
 			while ( dlm != NULL ) {
 				dlm_next = dlm->dlm_next;

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/memberof.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/memberof.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/memberof.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 /* memberof.c - back-reference for group membership */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/memberof.c,v 1.2.2.15 2008/07/10 00:00:31 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/memberof.c,v 1.2.2.18 2009/02/03 19:06:20 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
  * Copyright 2005-2007 Pierangelo Masarati <ando at sys-net.it>
@@ -178,74 +178,19 @@
 	MEMBEROF_IS_BOTH = (MEMBEROF_IS_GROUP|MEMBEROF_IS_MEMBER)
 } memberof_is_t;
 
-/*
- * failover storage for member attribute values of groups being deleted
- * handles [no]thread cases.
- */
-static BerVarray	saved_member_vals;
-static BerVarray	saved_memberof_vals;
-
-static void
-memberof_saved_member_free( void *key, void *data )
-{
-	ber_bvarray_free( (BerVarray)data );
-}
-
-static BerVarray
-memberof_saved_member_get( Operation *op, void *keyp )
-{
-	void		*vals;
-	BerVarray	*key = (BerVarray *)keyp;
-
-	assert( op != NULL );
-
-	if ( op->o_threadctx == NULL ) {
-		vals = *key;
-		*key = NULL;
-
-	} else {
-		ldap_pvt_thread_pool_setkey( op->o_threadctx,
-				key, NULL, 0, &vals, NULL );
-	}
-
-	return vals;
-}
-
-static void
-memberof_saved_member_set( Operation *op, void *keyp, BerVarray vals )
-{
-	BerVarray	saved_vals = NULL;
-	BerVarray	*key = (BerVarray*)keyp;
-
-	assert( op != NULL );
-
-	if ( vals ) {
-		ber_bvarray_dup_x( &saved_vals, vals, NULL );
-	}
-
-	if ( op->o_threadctx == NULL ) {
-		if ( *key ) {
-			ber_bvarray_free( *key );
-		}
-		*key = saved_vals;
-
-	} else {
-		void	*old_vals = NULL;
-
-		ldap_pvt_thread_pool_setkey( op->o_threadctx, key,
-				saved_vals, memberof_saved_member_free, &old_vals, NULL );
-		if ( old_vals != NULL ) {
-			ber_bvarray_free( old_vals );
-		}
-	}
-}
-
 typedef struct memberof_cookie_t {
 	AttributeDescription	*ad;
-	void			*key;
+	BerVarray		vals;
 	int			foundit;
 } memberof_cookie_t;
 
+typedef struct memberof_cbinfo_t {
+	slap_overinst *on;
+	BerVarray member;
+	BerVarray memberof;
+	memberof_is_t what;
+} memberof_cbinfo_t;
+	
 static int
 memberof_isGroupOrMember_cb( Operation *op, SlapReply *rs )
 {
@@ -269,7 +214,6 @@
 	if ( rs->sr_type == REP_SEARCH ) {
 		memberof_cookie_t	*mc;
 		Attribute		*a;
-		BerVarray		vals = NULL;
 
 		mc = (memberof_cookie_t *)op->o_callback->sc_private;
 		mc->foundit = 1;
@@ -279,11 +223,9 @@
 
 		a = attr_find( rs->sr_entry->e_attrs, mc->ad );
 		if ( a != NULL ) {
-			vals = a->a_nvals;
+			ber_bvarray_dup_x( &mc->vals, a->a_nvals, op->o_tmpmemctx );
 		}
 
-		memberof_saved_member_set( op, mc->key, vals );
-
 		if ( a && attr_find( a->a_next, mc->ad ) != NULL ) {
 			Debug( LDAP_DEBUG_ANY,
 				"%s: memberof_saveMember_cb(\"%s\"): "
@@ -303,21 +245,21 @@
  * attribute values of groups being deleted.
  */
 static int
-memberof_isGroupOrMember( Operation *op, memberof_is_t *iswhatp )
+memberof_isGroupOrMember( Operation *op, memberof_cbinfo_t *mci )
 {
-	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	slap_overinst		*on = mci->on;
 	memberof_t		*mo = (memberof_t *)on->on_bi.bi_private;
 
 	Operation		op2 = *op;
 	SlapReply		rs2 = { REP_RESULT };
 	slap_callback		cb = { 0 };
-	memberof_cookie_t	mc;
+	BackendInfo	*bi = op->o_bd->bd_info;
 	AttributeName		an[ 2 ];
 
 	memberof_is_t		iswhat = MEMBEROF_IS_NONE;
+	memberof_cookie_t	mc;
 
-	assert( iswhatp != NULL );
-	assert( *iswhatp != MEMBEROF_IS_NONE );
+	assert( mci->what != MEMBEROF_IS_NONE );
 
 	cb.sc_private = &mc;
 	if ( op->o_tag == LDAP_REQ_DELETE ) {
@@ -341,10 +283,10 @@
 	op2.ors_slimit = 1;
 	op2.ors_tlimit = SLAP_NO_LIMIT;
 
-	if ( *iswhatp & MEMBEROF_IS_GROUP ) {
+	if ( mci->what & MEMBEROF_IS_GROUP ) {
 		mc.ad = mo->mo_ad_member;
-		mc.key = &saved_member_vals;
 		mc.foundit = 0;
+		mc.vals = NULL;
 		an[ 0 ].an_desc = mo->mo_ad_member;
 		an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname;
 		op2.ors_filterstr = mo->mo_groupFilterstr;
@@ -352,20 +294,19 @@
 
 		op2.o_bd->bd_info = (BackendInfo *)on->on_info;
 		(void)op->o_bd->be_search( &op2, &rs2 );
-		op2.o_bd->bd_info = (BackendInfo *)on;
+		op2.o_bd->bd_info = bi;
 
 		if ( mc.foundit ) {
 			iswhat |= MEMBEROF_IS_GROUP;
+			if ( mc.vals ) mci->member = mc.vals;
 
-		} else {
-			memberof_saved_member_set( op, mc.key, NULL );
 		}
 	}
 
-	if ( *iswhatp & MEMBEROF_IS_MEMBER ) {
+	if ( mci->what & MEMBEROF_IS_MEMBER ) {
 		mc.ad = mo->mo_ad_memberof;
-		mc.key = &saved_memberof_vals;
 		mc.foundit = 0;
+		mc.vals = NULL;
 		an[ 0 ].an_desc = mo->mo_ad_memberof;
 		an[ 0 ].an_name = an[ 0 ].an_desc->ad_cname;
 		op2.ors_filterstr = mo->mo_memberFilterstr;
@@ -373,17 +314,16 @@
 
 		op2.o_bd->bd_info = (BackendInfo *)on->on_info;
 		(void)op->o_bd->be_search( &op2, &rs2 );
-		op2.o_bd->bd_info = (BackendInfo *)on;
+		op2.o_bd->bd_info = bi;
 
 		if ( mc.foundit ) {
 			iswhat |= MEMBEROF_IS_MEMBER;
+			if ( mc.vals ) mci->memberof = mc.vals;
 
-		} else {
-			memberof_saved_member_set( op, mc.key, NULL );
 		}
 	}
 
-	*iswhatp = iswhat;
+	mci->what = iswhat;
 
 	return LDAP_SUCCESS;
 }
@@ -402,7 +342,8 @@
 	struct berval		*new_dn,
 	struct berval		*new_ndn )
 {
-	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	memberof_cbinfo_t *mci = op->o_callback->sc_private;
+	slap_overinst	*on = mci->on;
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
 	Operation	op2 = *op;
@@ -417,8 +358,6 @@
 	op2.o_req_dn = *ndn;
 	op2.o_req_ndn = *ndn;
 
-	op2.o_bd->bd_info = (BackendInfo *)on->on_info;
-
 	op2.o_callback = &cb;
 	op2.o_dn = op->o_bd->be_rootdn;
 	op2.o_ndn = op->o_bd->be_rootndn;
@@ -527,12 +466,30 @@
 	 * not optimal in terms of performance.  At least it would
 	 * move towards self-repairing capabilities. */
 
-	op2.o_bd->bd_info = (BackendInfo *)on;
-
 	return rs2.sr_err;
 }
 
 static int
+memberof_cleanup( Operation *op, SlapReply *rs )
+{
+	slap_callback *sc = op->o_callback;
+	memberof_cbinfo_t *mci = sc->sc_private;
+
+	op->o_callback = sc->sc_next;
+	if ( mci->memberof )
+		ber_bvarray_free_x( mci->memberof, op->o_tmpmemctx );
+	if ( mci->member )
+		ber_bvarray_free_x( mci->member, op->o_tmpmemctx );
+	op->o_tmpfree( sc, op->o_tmpmemctx );
+	return 0;
+}
+
+static int memberof_res_add( Operation *op, SlapReply *rs );
+static int memberof_res_delete( Operation *op, SlapReply *rs );
+static int memberof_res_modify( Operation *op, SlapReply *rs );
+static int memberof_res_modrdn( Operation *op, SlapReply *rs );
+
+static int
 memberof_op_add( Operation *op, SlapReply *rs )
 {
 	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
@@ -542,6 +499,8 @@
 	int		rc = SLAP_CB_CONTINUE;
 	int		i;
 	struct berval	save_dn, save_ndn;
+	slap_callback *sc;
+	memberof_cbinfo_t *mci;
 
 	if ( op->ora_e->e_attrs == NULL ) {
 		/* FIXME: global overlay; need to deal with */
@@ -571,7 +530,7 @@
 			&& is_entry_objectclass_or_sub( op->ora_e, mo->mo_oc_group ) )
 	{
 		op->o_dn = op->o_bd->be_rootdn;
-		op->o_dn = op->o_bd->be_rootndn;
+		op->o_ndn = op->o_bd->be_rootndn;
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
 
 		for ( ap = &op->ora_e->e_attrs; *ap; ) {
@@ -733,7 +692,18 @@
 	}
 
 	rc = SLAP_CB_CONTINUE;
-	
+
+	sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
+	sc->sc_private = sc+1;
+	sc->sc_response = memberof_res_add;
+	sc->sc_cleanup = memberof_cleanup;
+	mci = sc->sc_private;
+	mci->on = on;
+	mci->member = NULL;
+	mci->memberof = NULL;
+	sc->sc_next = op->o_callback;
+	op->o_callback = sc;
+
 done:;
 	op->o_dn = save_dn;
 	op->o_ndn = save_ndn;
@@ -748,14 +718,28 @@
 	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
-	memberof_is_t	iswhat = MEMBEROF_IS_GROUP;
+	slap_callback *sc;
+	memberof_cbinfo_t *mci;
 
+
+	sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
+	sc->sc_private = sc+1;
+	sc->sc_response = memberof_res_delete;
+	sc->sc_cleanup = memberof_cleanup;
+	mci = sc->sc_private;
+	mci->on = on;
+	mci->member = NULL;
+	mci->memberof = NULL;
+	mci->what = MEMBEROF_IS_GROUP;
 	if ( MEMBEROF_REFINT( mo ) ) {
-		iswhat = MEMBEROF_IS_BOTH;
+		mci->what = MEMBEROF_IS_BOTH;
 	}
 
-	memberof_isGroupOrMember( op, &iswhat );
+	memberof_isGroupOrMember( op, mci );
 
+	sc->sc_next = op->o_callback;
+	op->o_callback = sc;
+
 	return SLAP_CB_CONTINUE;
 }
 
@@ -766,9 +750,10 @@
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
 	Modifications	**mlp, **mmlp = NULL;
-	int		rc = SLAP_CB_CONTINUE;
+	int		rc = SLAP_CB_CONTINUE, save_member = 0;
 	struct berval	save_dn, save_ndn;
-	memberof_is_t	iswhat = MEMBEROF_IS_GROUP;
+	slap_callback *sc;
+	memberof_cbinfo_t *mci, mcis;
 
 	if ( MEMBEROF_REVERSE( mo ) ) {
 		for ( mlp = &op->orm_modlist; *mlp; mlp = &(*mlp)->sml_next ) {
@@ -783,12 +768,13 @@
 
 	save_dn = op->o_dn;
 	save_ndn = op->o_ndn;
+	mcis.on = on;
+	mcis.what = MEMBEROF_IS_GROUP;
 
-	if ( memberof_isGroupOrMember( op, &iswhat ) == LDAP_SUCCESS
-		&& ( iswhat & MEMBEROF_IS_GROUP ) )
+	if ( memberof_isGroupOrMember( op, &mcis ) == LDAP_SUCCESS
+		&& ( mcis.what & MEMBEROF_IS_GROUP ) )
 	{
 		Modifications *ml;
-		int save_member = 0;
 
 		for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
 			if ( ml->sml_desc == mo->mo_ad_member ) {
@@ -801,26 +787,12 @@
 			}
 		}
 
-		if ( save_member ) {
-			BerVarray	vals = NULL;
 
-			op->o_dn = op->o_bd->be_rootdn;
-			op->o_dn = op->o_bd->be_rootndn;
-			op->o_bd->bd_info = (BackendInfo *)on->on_info;
-			rc = backend_attribute( op, NULL, &op->o_req_ndn,
-					mo->mo_ad_member, &vals, ACL_READ );
-			op->o_bd->bd_info = (BackendInfo *)on;
-			if ( rc == LDAP_SUCCESS && vals != NULL ) {
-				memberof_saved_member_set( op, &saved_member_vals, vals );
-				ber_bvarray_free_x( vals, op->o_tmpmemctx );
-			}
-		}
-
 		if ( MEMBEROF_DANGLING_CHECK( mo )
 				&& !get_relax( op ) )
 		{
 			op->o_dn = op->o_bd->be_rootdn;
-			op->o_dn = op->o_bd->be_rootndn;
+			op->o_ndn = op->o_bd->be_rootndn;
 			op->o_bd->bd_info = (BackendInfo *)on->on_info;
 		
 			assert( op->orm_modlist != NULL );
@@ -1147,6 +1119,28 @@
 		op->o_bd->bd_info = (BackendInfo *)on;
 	}
 
+	sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
+	sc->sc_private = sc+1;
+	sc->sc_response = memberof_res_modify;
+	sc->sc_cleanup = memberof_cleanup;
+	mci = sc->sc_private;
+	mci->on = on;
+	mci->member = NULL;
+	mci->memberof = NULL;
+	mci->what = mcis.what;
+
+	if ( save_member ) {
+		op->o_dn = op->o_bd->be_rootdn;
+		op->o_ndn = op->o_bd->be_rootndn;
+		op->o_bd->bd_info = (BackendInfo *)on->on_info;
+		rc = backend_attribute( op, NULL, &op->o_req_ndn,
+				mo->mo_ad_member, &mci->member, ACL_READ );
+		op->o_bd->bd_info = (BackendInfo *)on;
+	}
+
+	sc->sc_next = op->o_callback;
+	op->o_callback = sc;
+
 	rc = SLAP_CB_CONTINUE;
 
 done:;
@@ -1157,34 +1151,60 @@
 	return rc;
 }
 
+static int
+memberof_op_modrdn( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	slap_callback *sc;
+	memberof_cbinfo_t *mci;
+
+	sc = op->o_tmpalloc( sizeof(slap_callback)+sizeof(*mci), op->o_tmpmemctx );
+	sc->sc_private = sc+1;
+	sc->sc_response = memberof_res_modrdn;
+	sc->sc_cleanup = memberof_cleanup;
+	mci = sc->sc_private;
+	mci->on = on;
+	mci->member = NULL;
+	mci->memberof = NULL;
+
+	sc->sc_next = op->o_callback;
+	op->o_callback = sc;
+
+	return SLAP_CB_CONTINUE;
+}
+
 /*
  * response callback that adds memberof values when a group is added.
  */
 static int
 memberof_res_add( Operation *op, SlapReply *rs )
 {
-	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	memberof_cbinfo_t *mci = op->o_callback->sc_private;
+	slap_overinst	*on = mci->on;
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
 	int		i;
 
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
 	if ( MEMBEROF_REVERSE( mo ) ) {
 		Attribute	*ma;
 
 		ma = attr_find( op->ora_e->e_attrs, mo->mo_ad_memberof );
 		if ( ma != NULL ) {
-			Operation	op2 = *op;
-			SlapReply	rs2 = { 0 };
+			char relax = op->o_relax;
 
 			/* relax is required to allow to add
 			 * a non-existing member */
-			op2.o_relax = SLAP_CONTROL_CRITICAL;
+			op->o_relax = SLAP_CONTROL_CRITICAL;
 
 			for ( i = 0; !BER_BVISNULL( &ma->a_nvals[ i ] ); i++ ) {
 		
 				/* the modification is attempted
 				 * with the original identity */
-				(void)memberof_value_modify( &op2, &rs2,
+				(void)memberof_value_modify( op, rs,
 					&ma->a_nvals[ i ], mo->mo_ad_member,
 					NULL, NULL, &op->o_req_dn, &op->o_req_ndn );
 			}
@@ -1218,13 +1238,18 @@
 static int
 memberof_res_delete( Operation *op, SlapReply *rs )
 {
-	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	memberof_cbinfo_t *mci = op->o_callback->sc_private;
+	slap_overinst	*on = mci->on;
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
  	BerVarray	vals;
 	int		i;
 
-	vals = memberof_saved_member_get( op, &saved_member_vals );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	vals = mci->member;
 	if ( vals != NULL ) {
 		for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) {
 			(void)memberof_value_modify( op, rs,
@@ -1232,13 +1257,10 @@
 					&op->o_req_dn, &op->o_req_ndn,
 					NULL, NULL );
 		}
-
-		memberof_saved_member_set( op, &saved_memberof_vals, NULL );
- 		ber_bvarray_free( vals );
 	}
 
 	if ( MEMBEROF_REFINT( mo ) ) {
-		vals = memberof_saved_member_get( op, &saved_memberof_vals );
+		vals = mci->memberof;
 		if ( vals != NULL ) {
 			for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) {
 				(void)memberof_value_modify( op, rs,
@@ -1246,9 +1268,6 @@
 						&op->o_req_dn, &op->o_req_ndn,
 						NULL, NULL );
 			}
-
-			memberof_saved_member_set( op, &saved_member_vals, NULL );
-	 		ber_bvarray_free( vals );
 		}
 	}
 
@@ -1262,14 +1281,18 @@
 static int
 memberof_res_modify( Operation *op, SlapReply *rs )
 {
-	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	memberof_cbinfo_t *mci = op->o_callback->sc_private;
+	slap_overinst	*on = mci->on;
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
 	int		i, rc;
 	Modifications	*ml, *mml = NULL;
 	BerVarray	vals;
-	memberof_is_t	iswhat = MEMBEROF_IS_GROUP;
 
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
 	if ( MEMBEROF_REVERSE( mo ) ) {
 		for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
 			if ( ml->sml_desc == mo->mo_ad_memberof ) {
@@ -1332,8 +1355,7 @@
 		}
 	}
 
-	if ( memberof_isGroupOrMember( op, &iswhat ) == LDAP_SUCCESS
-			&& ( iswhat & MEMBEROF_IS_GROUP ) )
+	if ( mci->what & MEMBEROF_IS_GROUP )
 	{
 		for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
 			if ( ml->sml_desc != mo->mo_ad_member ) {
@@ -1355,7 +1377,7 @@
 				/* fall thru */
 	
 			case LDAP_MOD_REPLACE:
-				vals = memberof_saved_member_get( op, &saved_member_vals );
+				vals = mci->member;
 
 				/* delete all ... */
 				if ( vals != NULL ) {
@@ -1365,7 +1387,6 @@
 								&op->o_req_dn, &op->o_req_ndn,
 								NULL, NULL );
 					}
-					ber_bvarray_free_x( vals, op->o_tmpmemctx );
 				}
 	
 				if ( ml->sml_op == LDAP_MOD_DELETE || !ml->sml_values ) {
@@ -1395,12 +1416,13 @@
 
 /*
  * response callback that adds/deletes member values when a group member
- * is modified.
+ * is renamed.
  */
 static int
-memberof_res_rename( Operation *op, SlapReply *rs )
+memberof_res_modrdn( Operation *op, SlapReply *rs )
 {
-	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	memberof_cbinfo_t *mci = op->o_callback->sc_private;
+	slap_overinst	*on = mci->on;
 	memberof_t	*mo = (memberof_t *)on->on_bi.bi_private;
 
 	struct berval	newPDN, newDN = BER_BVNULL, newPNDN, newNDN;
@@ -1408,10 +1430,14 @@
 	BerVarray	vals;
 
 	struct berval	save_dn, save_ndn;
-	memberof_is_t	iswhat = MEMBEROF_IS_GROUP;
 
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	mci->what = MEMBEROF_IS_GROUP;
 	if ( MEMBEROF_REFINT( mo ) ) {
-		iswhat |= MEMBEROF_IS_MEMBER;
+		mci->what |= MEMBEROF_IS_MEMBER;
 	}
 
 	if ( op->orr_nnewSup ) {
@@ -1428,11 +1454,11 @@
 
 	op->o_req_dn = newNDN;
 	op->o_req_ndn = newNDN;
-	rc = memberof_isGroupOrMember( op, &iswhat );
+	rc = memberof_isGroupOrMember( op, mci );
 	op->o_req_dn = save_dn;
 	op->o_req_ndn = save_ndn;
 
-	if ( rc != LDAP_SUCCESS || iswhat == MEMBEROF_IS_NONE ) {
+	if ( rc != LDAP_SUCCESS || mci->what == MEMBEROF_IS_NONE ) {
 		goto done;
 	}
 
@@ -1445,7 +1471,7 @@
 
 	build_new_dn( &newDN, &newPDN, &op->orr_newrdn, op->o_tmpmemctx ); 
 
-	if ( iswhat & MEMBEROF_IS_GROUP ) {
+	if ( mci->what & MEMBEROF_IS_GROUP ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
 		rc = backend_attribute( op, NULL, &newNDN,
 				mo->mo_ad_member, &vals, ACL_READ );
@@ -1462,7 +1488,7 @@
 		}
 	}
 
-	if ( MEMBEROF_REFINT( mo ) && ( iswhat & MEMBEROF_IS_MEMBER ) ) {
+	if ( MEMBEROF_REFINT( mo ) && ( mci->what & MEMBEROF_IS_MEMBER ) ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
 		rc = backend_attribute( op, NULL, &newNDN,
 				mo->mo_ad_memberof, &vals, ACL_READ );
@@ -1488,31 +1514,7 @@
 	return SLAP_CB_CONTINUE;
 }
 
-static int
-memberof_response( Operation *op, SlapReply *rs )
-{
-	if ( rs->sr_err != LDAP_SUCCESS ) {
-		return SLAP_CB_CONTINUE;
-	}
 
-	switch ( op->o_tag ) {
-	case LDAP_REQ_ADD:
-		return memberof_res_add( op, rs );
-
-	case LDAP_REQ_DELETE:
-		return memberof_res_delete( op, rs );
-
-	case LDAP_REQ_MODIFY:
-		return memberof_res_modify( op, rs );
-
-	case LDAP_REQ_MODDN:
-		return memberof_res_rename( op, rs );
-
-	default:
-		return SLAP_CB_CONTINUE;
-	}
-}
-
 static int
 memberof_db_init(
 	BackendDB	*be,
@@ -2057,9 +2059,8 @@
 	memberof.on_bi.bi_op_add = memberof_op_add;
 	memberof.on_bi.bi_op_delete = memberof_op_delete;
 	memberof.on_bi.bi_op_modify = memberof_op_modify;
+	memberof.on_bi.bi_op_modrdn = memberof_op_modrdn;
 
-	memberof.on_response = memberof_response;
-
 	memberof.on_bi.bi_cf_ocs = mo_ocs;
 
 	code = config_register_schema( mo_cfg, mo_ocs );

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/overlays.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* overlays.c - Static overlay framework */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/overlays.c,v 1.24.2.3 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/overlays.c,v 1.24.2.4 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Copyright 2003 by Howard Chu.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/pcache.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.88.2.17 2008/07/08 21:09:37 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/pcache.c,v 1.88.2.28 2009/01/26 21:50:09 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 IBM Corporation.
  * Portions Copyright 2003 Symas Corporation.
  * All rights reserved.
@@ -182,6 +182,7 @@
 	unsigned long	num_cached_queries; 		/* total number of cached queries */
 	unsigned long   max_queries;			/* upper bound on # of cached queries */
 	int		save_queries;			/* save cached queries across restarts */
+	int	check_cacheability;		/* check whether a query is cacheable */
 	int 	numattrsets;			/* number of attribute sets */
 	int 	cur_entries;			/* current number of entries cached */
 	int 	max_entries;			/* max number of entries cached */
@@ -264,17 +265,17 @@
 {
 	struct berval	bv_scope,
 			bv_filter;
-	char		attrset_buf[ 32 ],
-			expiry_buf[ 32 ],
+	char		attrset_buf[ LDAP_PVT_INTTYPE_CHARS( unsigned long ) ],
+			expiry_buf[ LDAP_PVT_INTTYPE_CHARS( unsigned long ) ],
 			*ptr;
 	ber_len_t	attrset_len,
 			expiry_len;
 
 	ldap_pvt_scope2bv( q->scope, &bv_scope );
 	filter2bv_x( op, q->filter, &bv_filter );
-	attrset_len = snprintf( attrset_buf, sizeof( attrset_buf ),
+	attrset_len = sprintf( attrset_buf,
 		"%lu", (unsigned long)q->qtemp->attr_set_index );
-	expiry_len = snprintf( expiry_buf, sizeof( expiry_buf ),
+	expiry_len = sprintf( expiry_buf,
 		"%lu", (unsigned long)q->expiry_time );
 
 	urlbv->bv_len = STRLENOF( "ldap:///" )
@@ -587,13 +588,12 @@
 	return len;
 }
 
-/* compare the first value in each filter */
-static int pcache_filter_cmp( const void *v1, const void *v2 )
+/* compare the current value in each filter */
+static int pcache_filter_cmp( Filter *f1, Filter *f2 )
 {
-	const CachedQuery *q1 = v1, *q2 =v2;
 	int rc, weight1, weight2;
 
-	switch( q1->first->f_choice ) {
+	switch( f1->f_choice ) {
 	case LDAP_FILTER_PRESENT:
 		weight1 = 0;
 		break;
@@ -605,7 +605,7 @@
 	default:
 		weight1 = 2;
 	}
-	switch( q2->first->f_choice ) {
+	switch( f2->f_choice ) {
 	case LDAP_FILTER_PRESENT:
 		weight2 = 0;
 		break;
@@ -620,56 +620,80 @@
 	rc = weight1 - weight2;
 	if ( !rc ) {
 		switch( weight1 ) {
-		case 0:	return 0;
+		case 0:
+			break;
 		case 1:
-			rc = lex_bvcmp( &q1->first->f_av_value, &q2->first->f_av_value );
+			rc = lex_bvcmp( &f1->f_av_value, &f2->f_av_value );
 			break;
 		case 2:
-			if ( q1->first->f_choice == LDAP_FILTER_SUBSTRINGS ) {
+			if ( f1->f_choice == LDAP_FILTER_SUBSTRINGS ) {
 				rc = 0;
-				if ( !BER_BVISNULL( &q1->first->f_sub_initial )) {
-					if ( !BER_BVISNULL( &q2->first->f_sub_initial )) {
-						rc = lex_bvcmp( &q1->first->f_sub_initial,
-							&q2->first->f_sub_initial );
+				if ( !BER_BVISNULL( &f1->f_sub_initial )) {
+					if ( !BER_BVISNULL( &f2->f_sub_initial )) {
+						rc = lex_bvcmp( &f1->f_sub_initial,
+							&f2->f_sub_initial );
 					} else {
 						rc = 1;
 					}
-				} else if ( !BER_BVISNULL( &q2->first->f_sub_initial )) {
+				} else if ( !BER_BVISNULL( &f2->f_sub_initial )) {
 					rc = -1;
 				}
 				if ( rc ) break;
-				if ( q1->first->f_sub_any ) {
-					if ( q2->first->f_sub_any ) {
-						rc = lex_bvcmp( q1->first->f_sub_any,
-							q2->first->f_sub_any );
+				if ( f1->f_sub_any ) {
+					if ( f2->f_sub_any ) {
+						rc = lex_bvcmp( f1->f_sub_any,
+							f2->f_sub_any );
 					} else {
 						rc = 1;
 					}
-				} else if ( q2->first->f_sub_any ) {
+				} else if ( f2->f_sub_any ) {
 					rc = -1;
 				}
 				if ( rc ) break;
-				if ( !BER_BVISNULL( &q1->first->f_sub_final )) {
-					if ( !BER_BVISNULL( &q2->first->f_sub_final )) {
-						rc = lex_bvcmp( &q1->first->f_sub_final,
-							&q2->first->f_sub_final );
+				if ( !BER_BVISNULL( &f1->f_sub_final )) {
+					if ( !BER_BVISNULL( &f2->f_sub_final )) {
+						rc = lex_bvcmp( &f1->f_sub_final,
+							&f2->f_sub_final );
 					} else {
 						rc = 1;
 					}
-				} else if ( !BER_BVISNULL( &q2->first->f_sub_final )) {
+				} else if ( !BER_BVISNULL( &f2->f_sub_final )) {
 					rc = -1;
 				}
 			} else {
-				rc = lex_bvcmp( &q1->first->f_mr_value,
-					&q2->first->f_mr_value );
+				rc = lex_bvcmp( &f1->f_mr_value,
+					&f2->f_mr_value );
 			}
 			break;
 		}
+		if ( !rc ) {
+			f1 = f1->f_next;
+			f2 = f2->f_next;
+			if ( f1 || f2 ) {
+				if ( !f1 )
+					rc = -1;
+				else if ( !f2 )
+					rc = 1;
+				else {
+					while ( f1->f_choice == LDAP_FILTER_AND || f1->f_choice == LDAP_FILTER_OR )
+						f1 = f1->f_and;
+					while ( f2->f_choice == LDAP_FILTER_AND || f2->f_choice == LDAP_FILTER_OR )
+						f2 = f2->f_and;
+					rc = pcache_filter_cmp( f1, f2 );
+				}
+			}
+		}
 	}
-
 	return rc;
 }
 
+/* compare filters in each query */
+static int pcache_query_cmp( const void *v1, const void *v2 )
+{
+	const CachedQuery *q1 = v1, *q2 =v2;
+	return pcache_filter_cmp( q1->first, q2->first );
+}
+
 /* add query on top of LRU list */
 static void
 add_query_on_top (query_manager* qm, CachedQuery* qc)
@@ -921,7 +945,7 @@
 		ptr = tavl_end( root, 1 );
 		dir = TAVL_DIR_LEFT;
 	} else {
-		ptr = tavl_find3( root, &cq, pcache_filter_cmp, &ret );
+		ptr = tavl_find3( root, &cq, pcache_query_cmp, &ret );
 		dir = (first->f_choice == LDAP_FILTER_GE) ? TAVL_DIR_LEFT :
 			TAVL_DIR_RIGHT;
 	}
@@ -1226,7 +1250,7 @@
 	new_cached_query->prev = NULL;
 	new_cached_query->qbase = qbase;
 	rc = tavl_insert( &qbase->scopes[query->scope], new_cached_query,
-		pcache_filter_cmp, avl_dup_error );
+		pcache_query_cmp, avl_dup_error );
 	if ( rc == 0 ) {
 		qbase->queries++;
 		if (templ->query == NULL)
@@ -1272,7 +1296,7 @@
 		qc->next->prev = qc->prev;
 		qc->prev->next = qc->next;
 	}
-	tavl_delete( &qc->qbase->scopes[qc->scope], qc, pcache_filter_cmp );
+	tavl_delete( &qc->qbase->scopes[qc->scope], qc, pcache_query_cmp );
 	qc->qbase->queries--;
 	if ( qc->qbase->queries == 0 ) {
 		avl_delete( &template->qbase, qc->qbase, pcache_dn_cmp );
@@ -1593,6 +1617,7 @@
 	Query query;
 	QueryTemplate *qtemp;
 	AttributeName*  save_attrs;	/* original attributes, saved for response */
+	int swap_saved_attrs;
 	int max;
 	int over;
 	int count;
@@ -1695,7 +1720,7 @@
 	Filter		f = { 0 };
 	char		filtbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE + STRLENOF( "(entryUUID=)" ) ];
 	AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
-	AttributeName	attrs[ 2 ] = { 0 };
+	AttributeName	attrs[ 2 ] = {{{ 0 }}};
 	int		s, rc;
 
 	if ( op == NULL ) {
@@ -1810,7 +1835,7 @@
 	Filter			f = { 0 };
 	char			filter_str[ LDAP_LUTIL_UUIDSTR_BUFSIZE + STRLENOF( "(queryId=)" ) ];
 	AttributeAssertion	ava = ATTRIBUTEASSERTION_INIT;
-	AttributeName		attrs[ 2 ] = { 0 };
+	AttributeName		attrs[ 2 ] = {{{ 0 }}};
 	int			rc;
 
 	BerVarray		vals = NULL;
@@ -1960,6 +1985,14 @@
 		 * limit, empty the chain and ignore the rest.
 		 */
 		if ( !si->over ) {
+			/* check if the entry contains undefined
+			 * attributes/objectClasses (ITS#5680) */
+			if ( cm->check_cacheability && test_filter( op, rs->sr_entry, si->query.filter ) != LDAP_COMPARE_TRUE ) {
+				Debug( pcache_debug, "%s: query not cacheable because of schema issues in DN \"%s\"\n",
+					op->o_log_prefix, rs->sr_entry->e_name.bv_val, 0 );
+				goto over;
+			}
+
 			if ( si->count < si->max ) {
 				si->count++;
 				e = entry_dup( rs->sr_entry );
@@ -1968,6 +2001,7 @@
 				si->tail = e;
 
 			} else {
+over:;
 				si->over = 1;
 				si->count = 0;
 				for (;si->head; si->head=e) {
@@ -1984,7 +2018,7 @@
 	if ( rs->sr_type == REP_RESULT || 
 		op->o_abandon || rs->sr_err == SLAPD_ABANDON )
 	{
-		if ( si->save_attrs != NULL ) {
+		if ( si->swap_saved_attrs ) {
 			rs->sr_attrs = si->save_attrs;
 			op->ors_attrs = si->save_attrs;
 		}
@@ -2067,7 +2101,7 @@
 {
 	struct search_info *si = op->o_callback->sc_private;
 
-	if ( si->save_attrs != NULL ) {
+	if ( si->swap_saved_attrs ) {
 		rs->sr_attrs = si->save_attrs;
 		op->ors_attrs = si->save_attrs;
 	}
@@ -2164,7 +2198,7 @@
 	}
 	BER_BVZERO( &(*new_attrs)[j].an_name );
 
-	return count;
+	return j;
 }
 
 /* NOTE: this is a quick workaround to let pcache minimally interact
@@ -2305,6 +2339,9 @@
 		return rs->sr_err;
 	}
 
+	/* pickup runtime ACL changes */
+	cm->db.be_acl = op->o_bd->be_acl;
+
 	tempstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len+1, op->o_tmpmemctx );
 	tempstr.bv_len = 0;
 	if ( filter2template( op, op->ors_filter, &tempstr, &filter_attrs,
@@ -2416,6 +2453,7 @@
 		}
 		si->head = NULL;
 		si->tail = NULL;
+		si->swap_saved_attrs = 1;
 		si->save_attrs = op->ors_attrs;
 
 		op->ors_attrs = qtemp->t_attrs.attrs;
@@ -2634,31 +2672,27 @@
 		"( OLcfgOvAt:2.6 NAME 'olcProxySaveQueries' "
 			"DESC 'Save cached queries for hot restart' "
 			"SYNTAX OMsBoolean )", NULL, NULL },
+	{ "proxyCheckCacheability", "TRUE|FALSE",
+		2, 2, 0, ARG_ON_OFF|ARG_OFFSET, (void *)offsetof(cache_manager, check_cacheability),
+		"( OLcfgOvAt:2.7 NAME 'olcProxyCheckCacheability' "
+			"DESC 'Check whether the results of a query are cacheable, e.g. for schema issues' "
+			"SYNTAX OMsBoolean )", NULL, NULL },
 
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
 
-/* Need to no-op this keyword for dynamic config */
-static ConfigTable pcdummy[] = {
-	{ "", "", 0, 0, 0, ARG_IGNORED,
-		NULL, "( OLcfgGlAt:13 NAME 'olcDatabase' "
-			"DESC 'The backend type for a database instance' "
-			"SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
-	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
-};
-
 static ConfigOCs pcocs[] = {
 	{ "( OLcfgOvOc:2.1 "
 		"NAME 'olcPcacheConfig' "
 		"DESC 'ProxyCache configuration' "
 		"SUP olcOverlayConfig "
 		"MUST ( olcProxyCache $ olcProxyAttrset $ olcProxyTemplate ) "
-		"MAY ( olcProxyResponseCB $ olcProxyCacheQueries $ olcProxySaveQueries ) )",
+		"MAY ( olcProxyResponseCB $ olcProxyCacheQueries $ olcProxySaveQueries $ olcProxyCheckCacheability ) )",
 		Cft_Overlay, pccfg, NULL, pc_cfadd },
 	{ "( OLcfgOvOc:2.2 "
 		"NAME 'olcPcacheDatabase' "
 		"DESC 'Cache database configuration' "
-		"AUXILIARY )", Cft_Misc, pcdummy, pc_ldadd },
+		"AUXILIARY )", Cft_Misc, olcDatabaseDummy, pc_ldadd },
 	{ NULL, 0, NULL }
 };
 
@@ -2704,7 +2738,7 @@
 	/* FIXME: should not hardcode "olcDatabase" here */
 	bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ),
 		"olcDatabase=%s", cm->db.bd_info->bi_type );
-	if ( bv.bv_len < 0 || bv.bv_len >= sizeof( ca->cr_msg ) ) {
+	if ( bv.bv_len >= sizeof( ca->cr_msg ) ) {
 		return -1;
 	}
 	bv.bv_val = ca->cr_msg;
@@ -3137,7 +3171,7 @@
 	cm->db = *be;
 	SLAP_DBFLAGS(&cm->db) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
 	cm->db.be_private = NULL;
-	cm->db.be_pcl_mutexp = &cm->db.be_pcl_mutex;
+	cm->db.bd_self = &cm->db;
 	cm->qm = qm;
 	cm->numattrsets = 0;
 	cm->num_entries_limit = 5;
@@ -3146,6 +3180,7 @@
 	cm->cur_entries = 0;
 	cm->max_queries = 10000;
 	cm->save_queries = 0;
+	cm->check_cacheability = 0;
 	cm->response_cb = PCACHE_RESPONSE_CB_TAIL;
 	cm->defer_db_open = 1;
 	cm->cc_period = 1000;
@@ -3249,7 +3284,7 @@
 			BerVarray	vals = NULL;
 			Filter		f = { 0 }, f2 = { 0 };
 			AttributeAssertion	ava = ATTRIBUTEASSERTION_INIT;
-			AttributeName	attrs[ 2 ] = { 0 };
+			AttributeName	attrs[ 2 ] = {{{ 0 }}};
 
 			connection_fake_init( &conn, &opbuf, thrctx );
 			op = &opbuf.ob_op;
@@ -3415,7 +3450,7 @@
 		slap_callback	cb = { 0 };
 
 		SlapReply	rs = { REP_RESULT };
-		Modifications	mod = { 0 };
+		Modifications	mod = {{ 0 }};
 
 		thrctx = ldap_pvt_thread_pool_context();
 
@@ -3788,8 +3823,8 @@
 
 	struct berval	uuid = BER_BVNULL,
 			*uuidp = NULL;
-	char		buf[ SLAP_TEXT_BUFLEN ] = { '\0' };
-	int		len = 0;
+	char		buf[ SLAP_TEXT_BUFLEN ];
+	unsigned	len;
 	ber_tag_t	tag = LBER_DEFAULT;
 
 	if ( LogTest( LDAP_DEBUG_STATS ) ) {
@@ -3807,7 +3842,7 @@
 		assert( !BER_BVISNULL( &op->o_req_ndn ) );
 		len = snprintf( buf, sizeof( buf ), " dn=\"%s\"", op->o_req_ndn.bv_val );
 
-		if ( !BER_BVISNULL( &uuid ) ) {
+		if ( !BER_BVISNULL( &uuid ) && len < sizeof( buf ) ) {
 			snprintf( &buf[ len ], sizeof( buf ) - len, " queryId=\"%s\"", uuid.bv_val );
 		}
 
@@ -3977,11 +4012,6 @@
 	code = config_register_schema( pccfg, pcocs );
 	if ( code ) return code;
 
-	{
-		const char *text;
-		code = slap_str2ad( "olcDatabase", &pcdummy[0].ad, &text );
-		if ( code ) return code;
-	}
 	return overlay_register( &pcache );
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/ppolicy.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.75.2.14 2008/07/10 00:55:07 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/ppolicy.c,v 1.75.2.20 2009/01/22 00:01:12 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004-2005 Howard Chu, Symas Corporation.
  * Portions Copyright 2004 Hewlett-Packard Company.
  * All rights reserved.
@@ -362,20 +362,14 @@
 static const char ppolicy_ctrl_oid[] = LDAP_CONTROL_PASSWORDPOLICYRESPONSE;
 
 static LDAPControl *
-create_passcontrol( int exptime, int grace, LDAPPasswordPolicyError err )
+create_passcontrol( Operation *op, int exptime, int grace, LDAPPasswordPolicyError err )
 {
-	char berbuf[LBER_ELEMENT_SIZEOF], bb2[LBER_ELEMENT_SIZEOF];
-	BerElement *ber = (BerElement *)berbuf, *b2 = (BerElement *)bb2;
-	LDAPControl *c;
+	BerElementBuffer berbuf, bb2;
+	BerElement *ber = (BerElement *) &berbuf, *b2 = (BerElement *) &bb2;
+	LDAPControl c = { 0 }, *cp;
 	struct berval bv;
 
-	c = ch_calloc( sizeof( LDAPControl ), 1 );
-	if ( c == NULL ) {
-		return NULL;
-	}
-	c->ldctl_oid = (char *)ppolicy_ctrl_oid;
-	c->ldctl_iscritical = 0;
-	BER_BVZERO( &c->ldctl_value );
+	BER_BVZERO( &c.ldctl_value );
 
 	ber_init2( ber, NULL, LBER_USE_DER );
 	ber_printf( ber, "{" /*}*/ );
@@ -401,12 +395,18 @@
 	}
 	ber_printf( ber, /*{*/ "N}" );
 
-	if (ber_flatten2( ber, &(c->ldctl_value), 1 ) == LBER_DEFAULT) {
-		ch_free(c);
-		c = NULL;
+	if (ber_flatten2( ber, &c.ldctl_value, 0 ) == -1) {
+		return NULL;
 	}
+	cp = op->o_tmpalloc( sizeof( LDAPControl ) + c.ldctl_value.bv_len, op->o_tmpmemctx );
+	cp->ldctl_oid = (char *)ppolicy_ctrl_oid;
+	cp->ldctl_iscritical = 0;
+	cp->ldctl_value.bv_val = (char *)&cp[1];
+	cp->ldctl_value.bv_len = c.ldctl_value.bv_len;
+	AC_MEMCPY( cp->ldctl_value.bv_val, c.ldctl_value.bv_val, c.ldctl_value.bv_len );
 	(void)ber_free_buf(ber);
-	return c;
+	
+	return cp;
 }
 
 static LDAPControl **
@@ -678,7 +678,7 @@
 {
 	char *ptr;
 	struct berval nv, npw;
-	int i, j;
+	ber_len_t i, j;
 	
 	assert (bv && (bv->bv_len > 0) && (bv->bv_val) && oldtime && oldpw );
 
@@ -854,8 +854,7 @@
 
 	for ( n = 0; rs->sr_ctrls[n]; n++ ) {
 		if ( rs->sr_ctrls[n]->ldctl_oid == ppolicy_ctrl_oid ) {
-			ch_free( rs->sr_ctrls[n]->ldctl_value.bv_val );
-			ch_free( rs->sr_ctrls[n] );
+			op->o_tmpfree( rs->sr_ctrls[n], op->o_tmpmemctx );
 			rs->sr_ctrls[n] = (LDAPControl *)(-1);
 			break;
 		}
@@ -1138,7 +1137,7 @@
 		if ( ppb->pErr == PP_accountLocked && !pi->use_lockout ) {
 			ppb->pErr = PP_noError;
 		}
-		ctrl = create_passcontrol( warn, ngut, ppb->pErr );
+		ctrl = create_passcontrol( op, warn, ngut, ppb->pErr );
 		ppb->oldctrls = add_passcontrol( op, rs, ctrl );
 		op->o_callback->sc_cleanup = ppolicy_ctrls_cleanup;
 	}
@@ -1251,7 +1250,7 @@
 			"connection restricted to password changing only\n", 0, 0, 0);
 		if ( send_ctrl ) {
 			LDAPControl *ctrl = NULL;
-			ctrl = create_passcontrol( -1, -1, PP_changeAfterReset );
+			ctrl = create_passcontrol( op, -1, -1, PP_changeAfterReset );
 			oldctrls = add_passcontrol( op, rs, ctrl );
 		}
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
@@ -1317,7 +1316,7 @@
 				op->o_bd->bd_info = (BackendInfo *)on->on_info;
 				if ( send_ctrl ) {
 					LDAPControl *ctrl = NULL;
-					ctrl = create_passcontrol( -1, -1, pErr );
+					ctrl = create_passcontrol( op, -1, -1, pErr );
 					oldctrls = add_passcontrol( op, rs, ctrl );
 				}
 				send_ldap_error( op, rs, rc, "Password fails quality checking policy" );
@@ -1406,7 +1405,9 @@
 	struct berval		newpw = BER_BVNULL, oldpw = BER_BVNULL,
 				*bv, cr[2];
 	LDAPPasswordPolicyError pErr = PP_noError;
+	LDAPControl		*ctrl = NULL;
 	LDAPControl 		**oldctrls = NULL;
+	int			is_pwdexop = 0;
 
 	op->o_bd->bd_info = (BackendInfo *)on->on_info;
 	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
@@ -1526,6 +1527,7 @@
 				req_pwdexop_s *qpw = sc->sc_private;
 				newpw = qpw->rs_new;
 				oldpw = qpw->rs_old;
+				is_pwdexop = 1;
 			   	break;
 			}
 		}
@@ -2010,14 +2012,21 @@
 	op->o_bd->bd_info = (BackendInfo *)on->on_info;
 	be_entry_release_r( op, e );
 	if ( send_ctrl ) {
-		LDAPControl *ctrl = NULL;
-
-		ctrl = create_passcontrol( -1, -1, pErr );
+		ctrl = create_passcontrol( op, -1, -1, pErr );
 		oldctrls = add_passcontrol( op, rs, ctrl );
 	}
 	send_ldap_result( op, rs );
 	if ( send_ctrl ) {
-		ctrls_cleanup( op, rs, oldctrls );
+		if ( is_pwdexop ) {
+			if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
+				op->o_tmpfree( oldctrls, op->o_tmpmemctx );
+			}
+			oldctrls = NULL;
+			rs->sr_flags |= REP_CTRLS_MUSTBEFREED;
+
+		} else {
+			ctrls_cleanup( op, rs, oldctrls );
+		}
 	}
 	return rs->sr_err;
 }
@@ -2085,6 +2094,16 @@
 {
 	slap_overinst *on = (slap_overinst *) be->bd_info;
 
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		/* do not allow slapo-ppolicy to be global by now (ITS#5858) */
+		if ( cr ){
+			snprintf( cr->msg, sizeof(cr->msg), 
+				"slapo-ppolicy cannot be global" );
+			fprintf( stderr, "%s\n", cr->msg );
+		}
+		return 1;
+	}
+
 	/* Has User Schema been initialized yet? */
 	if ( !pwd_UsSchema[0].ad[0] ) {
 		const char *err;

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/refint.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/refint.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/refint.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* refint.c - referential integrity module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.9 2008/05/27 20:18:19 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/refint.c,v 1.19.2.10 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/retcode.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* retcode.c - customizable response for client testing purposes */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/retcode.c,v 1.18.2.7 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/retcode.c,v 1.18.2.10 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions Copyright 2005 Pierangelo Masarati <ando at sys-net.it>
  * All rights reserved.
  *
@@ -67,6 +67,7 @@
 } retcode_op_e;
 
 typedef struct retcode_item_t {
+	struct berval		rdi_line;
 	struct berval		rdi_dn;
 	struct berval		rdi_ndn;
 	struct berval		rdi_text;
@@ -94,10 +95,9 @@
 
 	retcode_item_t		*rd_item;
 
-	unsigned		rd_flags;
-#define	RETCODE_FNONE		0x00
+	int			rd_indir;
 #define	RETCODE_FINDIR		0x01
-#define	RETCODE_INDIR( rd )	( (rd)->rd_flags & RETCODE_FINDIR )
+#define	RETCODE_INDIR( rd )	( (rd)->rd_indir )
 } retcode_t;
 
 static int
@@ -273,7 +273,7 @@
 	rc = op2.o_bd->be_search( &op2, rs );
 	op->o_abandon = op2.o_abandon;
 
-	filter_free_x( &op2, op2.ors_filter );
+	filter_free_x( &op2, op2.ors_filter, 1 );
 	ber_memfree_x( op2.ors_filterstr.bv_val, op2.o_tmpmemctx );
 
 	if ( rdc.rdc_flags == SLAP_CB_CONTINUE ) {
@@ -742,93 +742,240 @@
 	return 0;
 }
 
+static void
+retcode_item_destroy( retcode_item_t *rdi )
+{
+	ber_memfree( rdi->rdi_line.bv_val );
+
+	ber_memfree( rdi->rdi_dn.bv_val );
+	ber_memfree( rdi->rdi_ndn.bv_val );
+
+	if ( !BER_BVISNULL( &rdi->rdi_text ) ) {
+		ber_memfree( rdi->rdi_text.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &rdi->rdi_matched ) ) {
+		ber_memfree( rdi->rdi_matched.bv_val );
+	}
+
+	if ( rdi->rdi_ref ) {
+		ber_bvarray_free( rdi->rdi_ref );
+	}
+
+	BER_BVZERO( &rdi->rdi_e.e_name );
+	BER_BVZERO( &rdi->rdi_e.e_nname );
+
+	entry_clean( &rdi->rdi_e );
+
+	ch_free( rdi );
+}
+
+enum {
+	RC_PARENT = 1,
+	RC_ITEM
+};
+
+static ConfigDriver rc_cf_gen;
+
+static ConfigTable rccfg[] = {
+	{ "retcode-parent", "dn",
+		2, 2, 0, ARG_MAGIC|ARG_DN|RC_PARENT, rc_cf_gen,
+		"( OLcfgOvAt:20.1 NAME 'olcRetcodeParent' "
+			"DESC '' "
+			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+	{ "retcode-item", "rdn> <retcode> <...",
+		3, 0, 0, ARG_MAGIC|RC_ITEM, rc_cf_gen,
+		"( OLcfgOvAt:20.2 NAME 'olcRetcodeItem' "
+			"DESC '' "
+	  		"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"X-ORDERED 'VALUES' )", NULL, NULL },
+	{ "retcode-indir", "on|off",
+		1, 2, 0, ARG_OFFSET|ARG_ON_OFF,
+			(void *)offsetof(retcode_t, rd_indir),
+		"( OLcfgOvAt:20.3 NAME 'olcRetcodeInDir' "
+			"DESC '' "
+			"SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+
+	{ "retcode-sleep", "sleeptime",
+		2, 2, 0, ARG_OFFSET|ARG_INT,
+			(void *)offsetof(retcode_t, rd_sleep),
+		"( OLcfgOvAt:20.4 NAME 'olcRetcodeSleep' "
+			"DESC '' "
+			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs rcocs[] = {
+	{ "( OLcfgOvOc:20.1 "
+		"NAME 'olcRetcodeConfig' "
+		"DESC 'Retcode configuration' "
+		"SUP olcOverlayConfig "
+		"MAY ( olcRetcodeParent "
+			"$ olcRetcodeItem "
+			"$ olcRetcodeInDir "
+			"$ olcRetcodeSleep "
+		") )",
+		Cft_Overlay, rccfg, NULL, NULL },
+	{ NULL, 0, NULL }
+};
+
 static int
-retcode_db_config(
-	BackendDB	*be,
-	const char	*fname,
-	int		lineno,
-	int		argc,
-	char		**argv )
+rc_cf_gen( ConfigArgs *c )
 {
-	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	slap_overinst	*on = (slap_overinst *)c->bi;
 	retcode_t	*rd = (retcode_t *)on->on_bi.bi_private;
+	int		rc = ARG_BAD_CONF;
 
-	char			*argv0 = argv[ 0 ] + STRLENOF( "retcode-" );
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		switch( c->type ) {
+		case RC_PARENT:
+			if ( !BER_BVISEMPTY( &rd->rd_pdn )) {
+				rc = value_add_one( &c->rvalue_vals,
+						    &rd->rd_pdn );
+				if ( rc == 0 ) {
+					rc = value_add_one( &c->rvalue_nvals,
+							    &rd->rd_npdn );
+				}
+				return rc;
+			}
+			rc = 0;
+			break;
 
-	if ( strncasecmp( argv[ 0 ], "retcode-", STRLENOF( "retcode-" ) ) != 0 ) {
-		return SLAP_CONF_UNKNOWN;
-	}
+		case RC_ITEM: {
+			retcode_item_t *rdi;
+			int i;
 
-	if ( strcasecmp( argv0, "parent" ) == 0 ) {
-		struct berval	dn;
-		int		rc;
+			for ( rdi = rd->rd_item, i = 0; rdi; rdi = rdi->rdi_next, i++ ) {
+				char buf[4096];
+				struct berval bv;
+				char *ptr;
 
-		if ( argc != 2 ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"\"retcode-parent <DN>\": missing <DN>\n",
-				fname, lineno );
-			return 1;
-		}
+				bv.bv_len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
+				bv.bv_len += rdi->rdi_line.bv_len;
+				ptr = bv.bv_val = ch_malloc( bv.bv_len + 1 );
+				ptr = lutil_strcopy( ptr, buf );
+				ptr = lutil_strncopy( ptr, rdi->rdi_line.bv_val, rdi->rdi_line.bv_len );
+				ber_bvarray_add( &c->rvalue_vals, &bv );
+			}
+			rc = 0;
+			} break;
 
-		if ( !BER_BVISNULL( &rd->rd_pdn ) ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"parent already defined.\n", fname, lineno );
-			return 1;
+		default:
+			assert( 0 );
+			break;
 		}
 
-		ber_str2bv( argv[ 1 ], 0, 0, &dn );
+		return rc;
 
-		rc = dnPrettyNormal( NULL, &dn, &rd->rd_pdn, &rd->rd_npdn, NULL );
-		if ( rc != LDAP_SUCCESS ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"unable to normalize parent DN \"%s\": %d\n",
-				fname, lineno, argv[ 1 ], rc );
-			return 1;
+	} else if ( c->op == LDAP_MOD_DELETE ) {
+		switch( c->type ) {
+		case RC_PARENT:
+			if ( rd->rd_pdn.bv_val ) {
+				ber_memfree ( rd->rd_pdn.bv_val );
+				rc = 0;
+			}
+			if ( rd->rd_npdn.bv_val ) {
+				ber_memfree ( rd->rd_npdn.bv_val );
+			}
+			break;
+
+		case RC_ITEM:
+			if ( c->valx == -1 ) {
+				retcode_item_t *rdi, *next;
+
+				for ( rdi = rd->rd_item; rdi != NULL; rdi = next ) {
+					next = rdi->rdi_next;
+					retcode_item_destroy( rdi );
+				}
+
+			} else {
+				retcode_item_t **rdip, *rdi;
+				int i;
+
+				for ( rdip = &rd->rd_item, i = 0; i <= c->valx && *rdip; i++, rdip = &(*rdip)->rdi_next )
+					;
+				if ( *rdip == NULL ) {
+					return 1;
+				}
+				rdi = *rdip;
+				*rdip = rdi->rdi_next;
+
+				retcode_item_destroy( rdi );
+			}
+			rc = 0;
+			break;
+
+		default:
+			assert( 0 );
+			break;
 		}
+		return rc;	/* FIXME */
+	}
 
-	} else if ( strcasecmp( argv0, "item" ) == 0 ) {
+	switch( c->type ) {
+	case RC_PARENT:
+		if ( rd->rd_pdn.bv_val ) {
+			ber_memfree ( rd->rd_pdn.bv_val );
+		}
+		if ( rd->rd_npdn.bv_val ) {
+			ber_memfree ( rd->rd_npdn.bv_val );
+		}
+		rd->rd_pdn = c->value_dn;
+		rd->rd_npdn = c->value_ndn;
+		rc = 0;
+		break;
+
+	case RC_ITEM: {
 		retcode_item_t	rdi = { BER_BVNULL }, **rdip;
 		struct berval		bv, rdn, nrdn;
-		int			rc;
 		char			*next = NULL;
+		int			i;
 
-		if ( argc < 3 ) {
-			fprintf( stderr, "%s: line %d: retcode: "
+		if ( c->argc < 3 ) {
+			snprintf( c->cr_msg, sizeof(c->cr_msg),
 				"\"retcode-item <RDN> <retcode> [<text>]\": "
-				"missing args\n",
-				fname, lineno );
-			return 1;
+				"missing args" );
+			Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+				c->log, c->cr_msg, 0 );
+			return ARG_BAD_CONF;
 		}
 
-		ber_str2bv( argv[ 1 ], 0, 0, &bv );
+		ber_str2bv( c->argv[ 1 ], 0, 0, &bv );
 		
 		rc = dnPrettyNormal( NULL, &bv, &rdn, &nrdn, NULL );
 		if ( rc != LDAP_SUCCESS ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"unable to normalize RDN \"%s\": %d\n",
-				fname, lineno, argv[ 1 ], rc );
-			return 1;
+			snprintf( c->cr_msg, sizeof(c->cr_msg),
+				"unable to normalize RDN \"%s\": %d",
+				c->argv[ 1 ], rc );
+			Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+				c->log, c->cr_msg, 0 );
+			return ARG_BAD_CONF;
 		}
 
 		if ( !dnIsOneLevelRDN( &nrdn ) ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"value \"%s\" is not a RDN\n",
-				fname, lineno, argv[ 1 ] );
-			return 1;
+			snprintf( c->cr_msg, sizeof(c->cr_msg),
+				"value \"%s\" is not a RDN",
+				c->argv[ 1 ] );
+			Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+				c->log, c->cr_msg, 0 );
+			return ARG_BAD_CONF;
 		}
 
 		if ( BER_BVISNULL( &rd->rd_npdn ) ) {
 			/* FIXME: we use the database suffix */
-			if ( be->be_nsuffix == NULL ) {
-				fprintf( stderr, "%s: line %d: retcode: "
+			if ( c->be->be_nsuffix == NULL ) {
+				snprintf( c->cr_msg, sizeof(c->cr_msg),
 					"either \"retcode-parent\" "
-					"or \"suffix\" must be defined.\n",
-					fname, lineno );
-				return 1;
+					"or \"suffix\" must be defined" );
+				Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+					c->log, c->cr_msg, 0 );
+				return ARG_BAD_CONF;
 			}
 
-			ber_dupbv( &rd->rd_pdn, &be->be_suffix[ 0 ] );
-			ber_dupbv( &rd->rd_npdn, &be->be_nsuffix[ 0 ] );
+			ber_dupbv( &rd->rd_pdn, &c->be->be_suffix[ 0 ] );
+			ber_dupbv( &rd->rd_npdn, &c->be->be_nsuffix[ 0 ] );
 		}
 
 		build_new_dn( &rdi.rdi_dn, &rd->rd_pdn, &rdn, NULL );
@@ -837,26 +984,26 @@
 		ch_free( rdn.bv_val );
 		ch_free( nrdn.bv_val );
 
-		rdi.rdi_err = strtol( argv[ 2 ], &next, 0 );
-		if ( next == argv[ 2 ] || next[ 0 ] != '\0' ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"unable to parse return code \"%s\"\n",
-				fname, lineno, argv[ 2 ] );
-			return 1;
+		rdi.rdi_err = strtol( c->argv[ 2 ], &next, 0 );
+		if ( next == c->argv[ 2 ] || next[ 0 ] != '\0' ) {
+			snprintf( c->cr_msg, sizeof(c->cr_msg),
+				"unable to parse return code \"%s\"",
+				c->argv[ 2 ] );
+			Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+				c->log, c->cr_msg, 0 );
+			return ARG_BAD_CONF;
 		}
 
 		rdi.rdi_mask = SN_DG_OP_ALL;
 
-		if ( argc > 3 ) {
-			int	i;
-
-			for ( i = 3; i < argc; i++ ) {
-				if ( strncasecmp( argv[ i ], "op=", STRLENOF( "op=" ) ) == 0 )
+		if ( c->argc > 3 ) {
+			for ( i = 3; i < c->argc; i++ ) {
+				if ( strncasecmp( c->argv[ i ], "op=", STRLENOF( "op=" ) ) == 0 )
 				{
 					char		**ops;
 					int		j;
 
-					ops = ldap_str2charray( &argv[ i ][ STRLENOF( "op=" ) ], "," );
+					ops = ldap_str2charray( &c->argv[ i ][ STRLENOF( "op=" ) ], "," );
 					assert( ops != NULL );
 
 					rdi.rdi_mask = SN_DG_OP_NONE;
@@ -901,65 +1048,74 @@
 							rdi.rdi_mask |= SN_DG_OP_ALL;
 
 						} else {
-							fprintf( stderr, "retcode: unknown op \"%s\"\n",
+							snprintf( c->cr_msg, sizeof(c->cr_msg),
+								"unknown op \"%s\"",
 								ops[ j ] );
 							ldap_charray_free( ops );
-							return 1;
+							Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+								c->log, c->cr_msg, 0 );
+							return ARG_BAD_CONF;
 						}
 					}
 
 					ldap_charray_free( ops );
 
-				} else if ( strncasecmp( argv[ i ], "text=", STRLENOF( "text=" ) ) == 0 )
+				} else if ( strncasecmp( c->argv[ i ], "text=", STRLENOF( "text=" ) ) == 0 )
 				{
 					if ( !BER_BVISNULL( &rdi.rdi_text ) ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"\"text\" already provided.\n",
-							fname, lineno );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"\"text\" already provided" );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
-					ber_str2bv( &argv[ i ][ STRLENOF( "text=" ) ], 0, 1, &rdi.rdi_text );
+					ber_str2bv( &c->argv[ i ][ STRLENOF( "text=" ) ], 0, 1, &rdi.rdi_text );
 
-				} else if ( strncasecmp( argv[ i ], "matched=", STRLENOF( "matched=" ) ) == 0 )
+				} else if ( strncasecmp( c->argv[ i ], "matched=", STRLENOF( "matched=" ) ) == 0 )
 				{
 					struct berval	dn;
 
 					if ( !BER_BVISNULL( &rdi.rdi_matched ) ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"\"matched\" already provided.\n",
-							fname, lineno );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"\"matched\" already provided" );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
-					ber_str2bv( &argv[ i ][ STRLENOF( "matched=" ) ], 0, 0, &dn );
+					ber_str2bv( &c->argv[ i ][ STRLENOF( "matched=" ) ], 0, 0, &dn );
 					if ( dnPretty( NULL, &dn, &rdi.rdi_matched, NULL ) != LDAP_SUCCESS ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"unable to prettify matched DN \"%s\".\n",
-							fname, lineno, &argv[ i ][ STRLENOF( "matched=" ) ] );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"unable to prettify matched DN \"%s\"",
+							&c->argv[ i ][ STRLENOF( "matched=" ) ] );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
 
-				} else if ( strncasecmp( argv[ i ], "ref=", STRLENOF( "ref=" ) ) == 0 )
+				} else if ( strncasecmp( c->argv[ i ], "ref=", STRLENOF( "ref=" ) ) == 0 )
 				{
 					char		**refs;
 					int		j;
 
 					if ( rdi.rdi_ref != NULL ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"\"ref\" already provided.\n",
-							fname, lineno );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"\"ref\" already provided" );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
 
 					if ( rdi.rdi_err != LDAP_REFERRAL ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"providing \"ref\"\n"
-							"\talong with a non-referral "
-							"resultCode may cause slapd failures\n"
-							"\trelated to internal checks.\n",
-							fname, lineno );
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"providing \"ref\" "
+							"along with a non-referral "
+							"resultCode may cause slapd failures "
+							"related to internal checks" );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
 					}
 
-					refs = ldap_str2charray( &argv[ i ][ STRLENOF( "ref=" ) ], " " );
+					refs = ldap_str2charray( &c->argv[ i ][ STRLENOF( "ref=" ) ], " " );
 					assert( refs != NULL );
 
 					for ( j = 0; refs[ j ] != NULL; j++ ) {
@@ -971,56 +1127,61 @@
 
 					ldap_charray_free( refs );
 
-				} else if ( strncasecmp( argv[ i ], "sleeptime=", STRLENOF( "sleeptime=" ) ) == 0 )
+				} else if ( strncasecmp( c->argv[ i ], "sleeptime=", STRLENOF( "sleeptime=" ) ) == 0 )
 				{
 					if ( rdi.rdi_sleeptime != 0 ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"\"sleeptime\" already provided.\n",
-							fname, lineno );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"\"sleeptime\" already provided" );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
 
-					if ( lutil_atoi( &rdi.rdi_sleeptime, &argv[ i ][ STRLENOF( "sleeptime=" ) ] ) ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"unable to parse \"sleeptime=%s\".\n",
-							fname, lineno, &argv[ i ][ STRLENOF( "sleeptime=" ) ] );
-						return 1;
+					if ( lutil_atoi( &rdi.rdi_sleeptime, &c->argv[ i ][ STRLENOF( "sleeptime=" ) ] ) ) {
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"unable to parse \"sleeptime=%s\"",
+							&c->argv[ i ][ STRLENOF( "sleeptime=" ) ] );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
 
-				} else if ( strncasecmp( argv[ i ], "unsolicited=", STRLENOF( "unsolicited=" ) ) == 0 )
+				} else if ( strncasecmp( c->argv[ i ], "unsolicited=", STRLENOF( "unsolicited=" ) ) == 0 )
 				{
 					char		*data;
 
 					if ( !BER_BVISNULL( &rdi.rdi_unsolicited_oid ) ) {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"\"unsolicited\" already provided.\n",
-							fname, lineno );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"\"unsolicited\" already provided" );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
 
-					data = strchr( &argv[ i ][ STRLENOF( "unsolicited=" ) ], ':' );
+					data = strchr( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], ':' );
 					if ( data != NULL ) {
 						struct berval	oid;
 
-						if ( ldif_parse_line2( &argv[ i ][ STRLENOF( "unsolicited=" ) ],
+						if ( ldif_parse_line2( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ],
 							&oid, &rdi.rdi_unsolicited_data, NULL ) )
 						{
-							fprintf( stderr, "%s: line %d: retcode: "
-								"unable to parse \"unsolicited\".\n",
-								fname, lineno );
-							return 1;
+							snprintf( c->cr_msg, sizeof(c->cr_msg),
+								"unable to parse \"unsolicited\"" );
+							Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+								c->log, c->cr_msg, 0 );
+							return ARG_BAD_CONF;
 						}
 
 						ber_dupbv( &rdi.rdi_unsolicited_oid, &oid );
 
 					} else {
-						ber_str2bv( &argv[ i ][ STRLENOF( "unsolicited=" ) ], 0, 1,
+						ber_str2bv( &c->argv[ i ][ STRLENOF( "unsolicited=" ) ], 0, 1,
 							&rdi.rdi_unsolicited_oid );
 					}
 
-				} else if ( strncasecmp( argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 )
+				} else if ( strncasecmp( c->argv[ i ], "flags=", STRLENOF( "flags=" ) ) == 0 )
 				{
-					char *arg = &argv[ i ][ STRLENOF( "flags=" ) ];
+					char *arg = &c->argv[ i ][ STRLENOF( "flags=" ) ];
 					if ( strcasecmp( arg, "disconnect" ) == 0 ) {
 						rdi.rdi_flags |= RDI_PRE_DISCONNECT;
 
@@ -1031,21 +1192,38 @@
 						rdi.rdi_flags |= RDI_POST_DISCONNECT;
 
 					} else {
-						fprintf( stderr, "%s: line %d: retcode: "
-							"unknown flag \"%s\".\n",
-							fname, lineno, arg );
-						return 1;
+						snprintf( c->cr_msg, sizeof(c->cr_msg),
+							"unknown flag \"%s\"", arg );
+						Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+							c->log, c->cr_msg, 0 );
+						return ARG_BAD_CONF;
 					}
 
 				} else {
-					fprintf( stderr, "%s: line %d: retcode: "
-						"unknown option \"%s\".\n",
-						fname, lineno, argv[ i ] );
-					return 1;
+					snprintf( c->cr_msg, sizeof(c->cr_msg),
+						"unknown option \"%s\"",
+						c->argv[ i ] );
+					Debug( LDAP_DEBUG_CONFIG, "%s: retcode: %s\n",
+						c->log, c->cr_msg, 0 );
+					return ARG_BAD_CONF;
 				}
 			}
 		}
 
+		rdi.rdi_line.bv_len = 2*(c->argc - 1) + c->argc - 2;
+		for ( i = 1; i < c->argc; i++ ) {
+			rdi.rdi_line.bv_len += strlen( c->argv[ i ] );
+		}
+		next = rdi.rdi_line.bv_val = ch_malloc( rdi.rdi_line.bv_len + 1 );
+
+		for ( i = 1; i < c->argc; i++ ) {
+			*next++ = '"';
+			next = lutil_strcopy( next, c->argv[ i ] );
+			*next++ = '"';
+			*next++ = ' ';
+		}
+		*--next = '\0';
+		
 		for ( rdip = &rd->rd_item; *rdip; rdip = &(*rdip)->rdi_next )
 			/* go to last */ ;
 
@@ -1053,39 +1231,15 @@
 		*rdip = ( retcode_item_t * )ch_malloc( sizeof( retcode_item_t ) );
 		*(*rdip) = rdi;
 
-	} else if ( strcasecmp( argv0, "indir" ) == 0 ) {
-		rd->rd_flags |= RETCODE_FINDIR;
+		rc = 0;
+		} break;
 
-	} else if ( strcasecmp( argv0, "sleep" ) == 0 ) {
-		switch ( argc ) {
-		case 1:
-			fprintf( stderr, "%s: line %d: retcode: "
-				"\"retcode-sleep <time>\": missing <time>\n",
-				fname, lineno );
-			return 1;
-
-		case 2:
-			break;
-
-		default:
-			fprintf( stderr, "%s: line %d: retcode: "
-				"\"retcode-sleep <time>\": extra cruft after <time>\n",
-				fname, lineno );
-			return 1;
-		}
-
-		if ( lutil_atoi( &rd->rd_sleep, argv[ 1 ] ) != 0 ) {
-			fprintf( stderr, "%s: line %d: retcode: "
-				"\"retcode-sleep <time>\": unable to parse <time>\n",
-				fname, lineno );
-			return 1;
-		}
-
-	} else {
-		return SLAP_CONF_UNKNOWN;
+	default:
+		rc = SLAP_CONF_UNKNOWN;
+		break;
 	}
 
-	return 0;
+	return rc;
 }
 
 static int
@@ -1222,29 +1376,8 @@
 		retcode_item_t	*rdi, *next;
 
 		for ( rdi = rd->rd_item; rdi != NULL; rdi = next ) {
-			ber_memfree( rdi->rdi_dn.bv_val );
-			ber_memfree( rdi->rdi_ndn.bv_val );
-
-			if ( !BER_BVISNULL( &rdi->rdi_text ) ) {
-				ber_memfree( rdi->rdi_text.bv_val );
-			}
-
-			if ( !BER_BVISNULL( &rdi->rdi_matched ) ) {
-				ber_memfree( rdi->rdi_matched.bv_val );
-			}
-
-			if ( rdi->rdi_ref ) {
-				ber_bvarray_free( rdi->rdi_ref );
-			}
-
-			BER_BVZERO( &rdi->rdi_e.e_name );
-			BER_BVZERO( &rdi->rdi_e.e_nname );
-
-			entry_clean( &rdi->rdi_e );
-
 			next = rdi->rdi_next;
-
-			ch_free( rdi );
+			retcode_item_destroy( rdi );
 		}
 
 		if ( !BER_BVISNULL( &rd->rd_pdn ) ) {
@@ -1391,7 +1524,6 @@
 	retcode.on_bi.bi_type = "retcode";
 
 	retcode.on_bi.bi_db_init = retcode_db_init;
-	retcode.on_bi.bi_db_config = retcode_db_config;
 	retcode.on_bi.bi_db_open = retcode_db_open;
 	retcode.on_bi.bi_db_destroy = retcode_db_destroy;
 
@@ -1407,6 +1539,13 @@
 
 	retcode.on_response = retcode_response;
 
+	retcode.on_bi.bi_cf_ocs = rcocs;
+
+	code = config_register_schema( rccfg, rcocs );
+	if ( code ) {
+		return code;
+	}
+
 	return overlay_register( &retcode );
 }
 

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* rwm.c - rewrite/remap operations */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.70.2.10 2008/02/15 18:11:46 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.c,v 1.70.2.22 2009/02/13 03:16:59 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -38,74 +38,114 @@
 	OpRequest o_request;
 } rwm_op_state;
 
-static int
-rwm_db_destroy( BackendDB *be, ConfigReply *cr );
-
 typedef struct rwm_op_cb {
 	slap_callback cb;
 	rwm_op_state ros;
 } rwm_op_cb;
 
 static int
-rwm_op_cleanup( Operation *op, SlapReply *rs )
-{
-	slap_callback	*cb = op->o_callback;
-	rwm_op_state *ros = cb->sc_private;
+rwm_db_destroy( BackendDB *be, ConfigReply *cr );
 
-	if ( rs->sr_type == REP_RESULT || rs->sr_type == REP_EXTENDED ||
-		op->o_abandon || rs->sr_err == SLAPD_ABANDON ) {
+static int
+rwm_send_entry( Operation *op, SlapReply *rs );
 
+static void
+rwm_op_rollback( Operation *op, SlapReply *rs, rwm_op_state *ros )
+{
+	if ( !BER_BVISNULL( &ros->ro_dn ) ) {
 		op->o_req_dn = ros->ro_dn;
+	}
+	if ( !BER_BVISNULL( &ros->ro_ndn ) ) {
 		op->o_req_ndn = ros->ro_ndn;
+	}
 
-		if ( !BER_BVISNULL( &ros->r_dn )
-			&& ros->r_dn.bv_val != ros->r_ndn.bv_val )
-		{
-			ch_free( ros->r_dn.bv_val );
-			BER_BVZERO( &ros->r_dn );
-		}
+	if ( !BER_BVISNULL( &ros->r_dn )
+		&& ros->r_dn.bv_val != ros->ro_dn.bv_val )
+	{
+		assert( ros->r_dn.bv_val != ros->r_ndn.bv_val );
+		ch_free( ros->r_dn.bv_val );
+		BER_BVZERO( &ros->r_dn );
+	}
 
-		if ( !BER_BVISNULL( &ros->r_ndn ) ) {
-			ch_free( ros->r_ndn.bv_val );
-			BER_BVZERO( &ros->r_ndn );
+	if ( !BER_BVISNULL( &ros->r_ndn )
+		&& ros->r_ndn.bv_val != ros->ro_ndn.bv_val )
+	{
+		ch_free( ros->r_ndn.bv_val );
+		BER_BVZERO( &ros->r_ndn );
+	}
+
+	BER_BVZERO( &ros->ro_dn );
+	BER_BVZERO( &ros->ro_ndn );
+
+	switch( ros->r_tag ) {
+	case LDAP_REQ_COMPARE:
+		if ( op->orc_ava->aa_value.bv_val != ros->orc_ava->aa_value.bv_val )
+			op->o_tmpfree( op->orc_ava->aa_value.bv_val, op->o_tmpmemctx );
+		op->orc_ava = ros->orc_ava;
+		break;
+	case LDAP_REQ_MODIFY:
+		slap_mods_free( op->orm_modlist, 1 );
+		op->orm_modlist = ros->orm_modlist;
+		break;
+	case LDAP_REQ_MODRDN:
+		if ( op->orr_newSup != ros->orr_newSup ) {
+			ch_free( op->orr_newSup->bv_val );
+			ch_free( op->orr_nnewSup->bv_val );
+			op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
+			op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
+			op->orr_newSup = ros->orr_newSup;
+			op->orr_nnewSup = ros->orr_nnewSup;
 		}
+		if ( op->orr_newrdn.bv_val != ros->orr_newrdn.bv_val ) {
+			ch_free( op->orr_newrdn.bv_val );
+			ch_free( op->orr_nnewrdn.bv_val );
+			op->orr_newrdn = ros->orr_newrdn;
+			op->orr_nnewrdn = ros->orr_nnewrdn;
+		}
+		break;
+	case LDAP_REQ_SEARCH:
+		ch_free( ros->mapped_attrs );
+		filter_free_x( op, op->ors_filter, 1 );
+		ch_free( op->ors_filterstr.bv_val );
+		op->ors_attrs = ros->ors_attrs;
+		op->ors_filter = ros->ors_filter;
+		op->ors_filterstr = ros->ors_filterstr;
+		break;
+	case LDAP_REQ_EXTENDED:
+		if ( op->ore_reqdata != ros->ore_reqdata ) {
+			ber_bvfree( op->ore_reqdata );
+			op->ore_reqdata = ros->ore_reqdata;
+		}
+		break;
+	case LDAP_REQ_BIND:
+		if ( rs->sr_err == LDAP_SUCCESS ) {
+#if 0
+			ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
+			/* too late, c_mutex released */
+			fprintf( stderr, "*** DN: \"%s\" => \"%s\"\n",
+				op->o_conn->c_ndn.bv_val,
+				op->o_req_ndn.bv_val );
+			ber_bvreplace( &op->o_conn->c_ndn,
+				&op->o_req_ndn );
+			ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
+#endif
+		}
+		break;
+	default:	break;
+	}
+}
 
-		switch( ros->r_tag ) {
-		case LDAP_REQ_COMPARE:
-			if ( op->orc_ava->aa_value.bv_val != ros->orc_ava->aa_value.bv_val )
-				op->o_tmpfree( op->orc_ava->aa_value.bv_val, op->o_tmpmemctx );
-			op->orc_ava = ros->orc_ava;
-			break;
-		case LDAP_REQ_MODIFY:
-			slap_mods_free( op->orm_modlist, 1 );
-			op->orm_modlist = ros->orm_modlist;
-			break;
-		case LDAP_REQ_MODRDN:
-			if ( op->orr_newSup != ros->orr_newSup ) {
-				ch_free( op->orr_newSup->bv_val );
-				ch_free( op->orr_nnewSup->bv_val );
-				op->o_tmpfree( op->orr_newSup, op->o_tmpmemctx );
-				op->o_tmpfree( op->orr_nnewSup, op->o_tmpmemctx );
-				op->orr_newSup = ros->orr_newSup;
-				op->orr_nnewSup = ros->orr_nnewSup;
-			}
-			break;
-		case LDAP_REQ_SEARCH:
-			ch_free( ros->mapped_attrs );
-			filter_free_x( op, op->ors_filter );
-			ch_free( op->ors_filterstr.bv_val );
-			op->ors_attrs = ros->ors_attrs;
-			op->ors_filter = ros->ors_filter;
-			op->ors_filterstr = ros->ors_filterstr;
-			break;
-		case LDAP_REQ_EXTENDED:
-			if ( op->ore_reqdata != ros->ore_reqdata ) {
-				ber_bvfree( op->ore_reqdata );
-				op->ore_reqdata = ros->ore_reqdata;
-			}
-			break;
-		default:	break;
-		}
+static int
+rwm_op_cleanup( Operation *op, SlapReply *rs )
+{
+	slap_callback	*cb = op->o_callback;
+	rwm_op_state *ros = cb->sc_private;
+
+	if ( rs->sr_type == REP_RESULT || rs->sr_type == REP_EXTENDED ||
+		op->o_abandon || rs->sr_err == SLAPD_ABANDON )
+	{
+		rwm_op_rollback( op, rs, ros );
+
 		op->o_callback = op->o_callback->sc_next;
 		op->o_tmpfree( cb, op->o_tmpmemctx );
 	}
@@ -179,11 +219,13 @@
 
 	if ( op->o_req_dn.bv_val != op->o_req_ndn.bv_val ) {
 		op->o_req_dn = dn;
+		assert( BER_BVISNULL( &ros->r_dn ) );
 		ros->r_dn = dn;
 	} else {
 		op->o_req_dn = ndn;
 	}
 	op->o_req_ndn = ndn;
+	assert( BER_BVISNULL( &ros->r_ndn ) );
 	ros->r_ndn = ndn;
 
 	return LDAP_SUCCESS;
@@ -354,7 +396,7 @@
 		return -1;
 	}
 
-	op->o_callback = &roc->cb;
+	overlay_callback_after_backover( op, &roc->cb, 1 );
 
 	return SLAP_CB_CONTINUE;
 }
@@ -648,11 +690,11 @@
 			(struct ldaprwmap *)on->on_bi.bi_private;
 	
 	int			rc;
+	dncookie		dc;
 
 	rwm_op_cb		*roc = rwm_callback_get( op, rs );
 
 	if ( op->orr_newSup ) {
-		dncookie	dc;
 		struct berval	nnewSup = BER_BVNULL;
 		struct berval	newSup = BER_BVNULL;
 
@@ -683,12 +725,47 @@
 	}
 
 	/*
+	 * Rewrite the newRDN, if needed
+ 	 */
+	{
+		struct berval	newrdn = BER_BVNULL;
+		struct berval	nnewrdn = BER_BVNULL;
+
+		dc.rwmap = rwmap;
+		dc.conn = op->o_conn;
+		dc.rs = rs;
+		dc.ctx = "newRDN";
+		newrdn = op->orr_newrdn;
+		nnewrdn = op->orr_nnewrdn;
+		rc = rwm_dn_massage_pretty_normalize( &dc, &op->orr_newrdn, &newrdn, &nnewrdn );
+		if ( rc != LDAP_SUCCESS ) {
+			op->o_bd->bd_info = (BackendInfo *)on->on_info;
+			send_ldap_error( op, rs, rc, "newRDN massage error" );
+			goto err;
+		}
+
+		if ( op->orr_newrdn.bv_val != newrdn.bv_val ) {
+			op->orr_newrdn = newrdn;
+			op->orr_nnewrdn = nnewrdn;
+		}
+	}
+
+	/*
 	 * Rewrite the dn, if needed
  	 */
 	rc = rwm_op_dn_massage( op, rs, "renameDN", &roc->ros );
 	if ( rc != LDAP_SUCCESS ) {
 		op->o_bd->bd_info = (BackendInfo *)on->on_info;
 		send_ldap_error( op, rs, rc, "renameDN massage error" );
+		goto err;
+	}
+
+	op->o_callback = &roc->cb;
+
+	rc = SLAP_CB_CONTINUE;
+
+	if ( 0 ) {
+err:;
 		if ( op->orr_newSup != roc->ros.orr_newSup ) {
 			ch_free( op->orr_newSup->bv_val );
 			ch_free( op->orr_nnewSup->bv_val );
@@ -697,15 +774,16 @@
 			op->orr_newSup = roc->ros.orr_newSup;
 			op->orr_nnewSup = roc->ros.orr_nnewSup;
 		}
-		return -1;
+
+		if ( op->orr_newrdn.bv_val != roc->ros.orr_newrdn.bv_val ) {
+			ch_free( op->orr_newrdn.bv_val );
+			ch_free( op->orr_nnewrdn.bv_val );
+			op->orr_newrdn = roc->ros.orr_newrdn;
+			op->orr_nnewrdn = roc->ros.orr_nnewrdn;
+		}
 	}
 
-	/* TODO: rewrite newRDN, attribute types, 
-	 * values of DN-valued attributes ... */
-
-	op->o_callback = &roc->cb;
-
-	return SLAP_CB_CONTINUE;
+	return rc;
 }
 
 
@@ -725,7 +803,98 @@
  	return SLAP_CB_CONTINUE;
 }
 
+/*
+ * NOTE: this implementation of get/release entry is probably far from
+ * optimal.  The rationale consists in intercepting the request directed
+ * to the underlying database, in order to rewrite/remap the request,
+ * perform it using the modified data, duplicate the resulting entry
+ * and finally free it when release is called.
+ * This implies that subsequent overlays are not called, as the request
+ * is directly shunted to the underlying database.
+ */
 static int
+rwm_entry_release_rw( Operation *op, Entry *e, int rw )
+{
+	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
+
+	/* can't be ours */
+	if ( ((BackendInfo *)on->on_info->oi_orig)->bi_entry_get_rw == NULL ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* just free entry if (probably) ours */
+	if ( e->e_private == NULL ) {
+		entry_free( e );
+		return LDAP_SUCCESS;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rwm_entry_get_rw( Operation *op, struct berval *ndn,
+	ObjectClass *oc, AttributeDescription *at, int rw, Entry **ep )
+{
+	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
+	struct ldaprwmap	*rwmap = 
+			(struct ldaprwmap *)on->on_bi.bi_private;
+
+	int			rc;
+	dncookie		dc;
+
+	BackendDB		db;
+	Operation		op2;
+	SlapReply		rs = { REP_SEARCH };
+
+	rwm_op_state		ros = { 0 };
+
+	if ( ((BackendInfo *)on->on_info->oi_orig)->bi_entry_get_rw == NULL ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* massage DN */
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2 = *op;
+	op2.o_req_dn = *ndn;
+	op2.o_req_ndn = *ndn;
+	rc = rwm_op_dn_massage( &op2, &rs, "searchDN", &ros );
+	if ( rc != LDAP_SUCCESS ) {
+		return LDAP_OTHER;
+	}
+
+	/* map attribute & objectClass */
+	if ( at != NULL ) {
+	}
+
+	if ( oc != NULL ) {
+	}
+
+	/* fetch entry */
+	db = *op->o_bd;
+	op2.o_bd = &db;
+	op2.o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
+	op2.ors_attrs = slap_anlist_all_attributes;
+	rc = op2.o_bd->bd_info->bi_entry_get_rw( &op2, &ros.r_ndn, oc, at, rw, ep );
+	if ( rc == LDAP_SUCCESS && *ep != NULL ) {
+		rs.sr_entry = *ep;
+
+		/* duplicate & release */
+		op2.o_bd->bd_info = (BackendInfo *)on;
+		rc = rwm_send_entry( &op2, &rs );
+		if ( rc == SLAP_CB_CONTINUE ) {
+			*ep = rs.sr_entry;
+			rc = LDAP_SUCCESS;
+		}
+	}
+
+	if ( ros.r_ndn.bv_val != ndn->bv_val ) {
+		op->o_tmpfree( ros.r_ndn.bv_val, op->o_tmpmemctx );
+	}
+
+	return rc;
+}
+
+static int
 rwm_op_search( Operation *op, SlapReply *rs )
 {
 	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
@@ -800,14 +969,16 @@
 	}
 
 	if ( f != NULL ) {
-		filter_free_x( op, f );
+		filter_free_x( op, f, 1 );
 	}
 
 	if ( !BER_BVISNULL( &fstr ) ) {
 		ch_free( fstr.bv_val );
 	}
 
+	rwm_op_rollback( op, rs, &roc->ros );
 	op->oq_search = roc->ros.oq_search;
+	op->o_tmpfree( roc, op->o_tmpmemctx );
 
 	op->o_bd->bd_info = (BackendInfo *)on->on_info;
 	send_ldap_error( op, rs, rc, text );
@@ -1049,37 +1220,44 @@
 
 				/* try to normalize mapped Attributes if the original 
 				 * AttributeType was not normalized */
-				if ((rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS) && 
-					(!(*ap)->a_desc->ad_type->sat_equality || 
+				if ( (!(*ap)->a_desc->ad_type->sat_equality || 
 					!(*ap)->a_desc->ad_type->sat_equality->smr_normalize) &&
 					mapping->m_dst_ad->ad_type->sat_equality &&
 					mapping->m_dst_ad->ad_type->sat_equality->smr_normalize )
 				{
-					int i = 0;
-
-					last = (*ap)->a_numvals;
-					if ( last )
+					if ((rwmap->rwm_flags & RWM_F_NORMALIZE_MAPPED_ATTRS))
 					{
-						(*ap)->a_nvals = ch_malloc( (last+1) * sizeof(struct berval) );
+						int i = 0;
 
-						for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[i]); i++ ) {
-							int		rc;
-							/*
-							 * check that each value is valid per syntax
-							 * and pretty if appropriate
-							 */
-							rc = mapping->m_dst_ad->ad_type->sat_equality->smr_normalize(
-								SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
-								mapping->m_dst_ad->ad_type->sat_syntax,
-								mapping->m_dst_ad->ad_type->sat_equality,
-								&(*ap)->a_vals[i], &(*ap)->a_nvals[i],
-								NULL );
+						last = (*ap)->a_numvals;
+						if ( last )
+						{
+							(*ap)->a_nvals = ch_malloc( (last+1) * sizeof(struct berval) );
 
-							if ( rc != LDAP_SUCCESS ) {
-								BER_BVZERO( &(*ap)->a_nvals[i] );
+							for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[i]); i++ ) {
+								int		rc;
+								/*
+								 * check that each value is valid per syntax
+								 * and pretty if appropriate
+								 */
+								rc = mapping->m_dst_ad->ad_type->sat_equality->smr_normalize(
+									SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
+									mapping->m_dst_ad->ad_type->sat_syntax,
+									mapping->m_dst_ad->ad_type->sat_equality,
+									&(*ap)->a_vals[i], &(*ap)->a_nvals[i],
+									NULL );
+
+								if ( rc != LDAP_SUCCESS ) {
+									BER_BVZERO( &(*ap)->a_nvals[i] );
+								}
 							}
+							BER_BVZERO( &(*ap)->a_nvals[i] );
 						}
-						BER_BVZERO( &(*ap)->a_nvals[i] );
+
+					} else {
+						assert( (*ap)->a_nvals == (*ap)->a_vals );
+						(*ap)->a_nvals = NULL;
+						ber_bvarray_dup_x( &(*ap)->a_nvals, (*ap)->a_vals, NULL );
 					}
 				}
 
@@ -1135,7 +1313,9 @@
 					last--;
 					bv--;
 
-				} else if ( mapped.bv_val != bv[0].bv_val ) {
+				} else if ( mapped.bv_val != bv[0].bv_val
+					&& ber_bvstrcasecmp( &mapped, &bv[0] ) != 0 )
+				{
 					int	i;
 
 					for ( i = 0; !BER_BVISNULL( &(*ap)->a_vals[ i ] ); i++ ) {
@@ -1181,7 +1361,7 @@
 				|| ( mapping != NULL && mapping->m_src_ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) )
 		{
 			dc.ctx = "searchAttrDN";
-			rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals );
+			rc = rwm_dnattr_result_rewrite( &dc, (*ap)->a_vals, (*ap)->a_nvals );
 			if ( rc != LDAP_SUCCESS ) {
 				goto cleanup_attr;
 			}
@@ -1325,7 +1505,7 @@
 	(void)rwm_attrs( op, rs, &e->e_attrs, 1 );
 
 	if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
-		be_entry_release_rw( op, rs->sr_entry, 0 );
+		overlay_entry_release_ov( op, rs->sr_entry, 0, on );
 	}
 
 	rs->sr_entry = e;
@@ -1650,7 +1830,6 @@
 enum {
 	/* rewrite */
 	RWM_CF_REWRITE = 1,
-	RWM_CF_SUFFIXMASSAGE,
 
 	/* map */
 	RWM_CF_MAP,
@@ -1661,8 +1840,10 @@
 };
 
 static slap_verbmasks t_f_mode[] = {
+	{ BER_BVC( "true" ),		RWM_F_SUPPORT_T_F },
 	{ BER_BVC( "yes" ),		RWM_F_SUPPORT_T_F },
 	{ BER_BVC( "discover" ),	RWM_F_SUPPORT_T_F_DISCOVER },
+	{ BER_BVC( "false" ),		RWM_F_NONE },
 	{ BER_BVC( "no" ),		RWM_F_NONE },
 	{ BER_BVNULL,			0 }
 };
@@ -1672,7 +1853,7 @@
 static ConfigTable rwmcfg[] = {
 	{ "rwm-rewrite", "rewrite",
 		2, 0, STRLENOF("rwm-rewrite"),
-		ARG_MAGIC|ARG_QUOTE|RWM_CF_REWRITE, rwm_cf_gen,
+		ARG_MAGIC|RWM_CF_REWRITE, rwm_cf_gen,
 		"( OLcfgOvAt:16.1 NAME 'olcRwmRewrite' "
 			"DESC 'Rewrites strings' "
 			"EQUALITY caseIgnoreMatch "
@@ -1681,7 +1862,7 @@
 		NULL, NULL },
 
 	{ "rwm-suffixmassage", "[virtual]> <real",
-		2, 3, 0, ARG_MAGIC|RWM_CF_SUFFIXMASSAGE, rwm_cf_gen,
+		2, 3, 0, ARG_MAGIC|RWM_CF_REWRITE, rwm_cf_gen,
 		NULL, NULL, NULL },
 		
 	{ "rwm-t-f-support", "true|false|discover",
@@ -1767,6 +1948,60 @@
 }
 
 static int
+rwm_bva_rewrite_add(
+	struct ldaprwmap	*rwmap,
+	int			idx,
+	const char		*argv[] )
+{
+	char		*line;
+	struct berval	bv;
+
+	line = ldap_charray2str( argv, "\" \"" );
+	if ( line != NULL ) {
+		int	len = strlen( argv[ 0 ] );
+
+		ber_str2bv( line, 0, 0, &bv );
+		AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ],
+			bv.bv_len - ( len + 1 ) );
+		bv.bv_val[ bv.bv_len - 1 ] = '"';
+
+		if ( idx == -1 ) {
+			ber_bvarray_add( &rwmap->rwm_bva_rewrite, &bv );
+
+		} else {
+			rwmap->rwm_bva_rewrite[ idx ] = bv;
+		}
+	}
+
+	return 0;
+}
+
+static int
+rwm_info_init( struct rewrite_info ** rwm_rw )
+{
+	char			*rargv[ 3 ];
+
+ 	*rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
+	if ( *rwm_rw == NULL ) {
+ 		return -1;
+ 	}
+
+	/* this rewriteContext by default must be null;
+	 * rules can be added if required */
+	rargv[ 0 ] = "rewriteContext";
+	rargv[ 1 ] = "searchFilter";
+	rargv[ 2 ] = NULL;
+	rewrite_parse( *rwm_rw, "<suffix massage>", 1, 2, rargv );
+
+	rargv[ 0 ] = "rewriteContext";
+	rargv[ 1 ] = "default";
+	rargv[ 2 ] = NULL;
+	rewrite_parse( *rwm_rw, "<suffix massage>", 2, 2, rargv );
+
+	return 0;
+}
+
+static int
 rwm_cf_gen( ConfigArgs *c )
 {
 	slap_overinst		*on = (slap_overinst *)c->bi;
@@ -1775,6 +2010,7 @@
 
 	BackendDB		db;
 	char			*argv0;
+	int			idx0 = 0;
 	int			rc = 0;
 
 	db = *c->be;
@@ -1832,15 +2068,57 @@
 		switch ( c->type ) {
 		case RWM_CF_REWRITE:
 			if ( c->valx >= 0 ) {
-				/* single modification is not allowed */
-				rc = 1;
+				ConfigArgs ca = { 0 };
+				int i;
 
+				for ( i = 0; !BER_BVISNULL( &rwmap->rwm_bva_rewrite[ i ] ); i++ )
+					/* count'em */ ;
+
+				if ( i >= c->valx ) {
+					rc = 1;
+					break;
+				}
+
+				ber_memfree( rwmap->rwm_bva_rewrite[ c->valx ].bv_val );
+				for ( i = c->valx; !BER_BVISNULL( &rwmap->rwm_bva_rewrite[ i + 1 ] ); i++ )
+				{
+					rwmap->rwm_bva_rewrite[ i ] = rwmap->rwm_bva_rewrite[ i + 1 ];
+				}
+				BER_BVZERO( &rwmap->rwm_bva_rewrite[ i ] );
+
+				rewrite_info_delete( &rwmap->rwm_rw );
+				assert( rwmap->rwm_rw == NULL );
+
+				rc = rwm_info_init( &rwmap->rwm_rw );
+
+				for ( i = 0; !BER_BVISNULL( &rwmap->rwm_bva_rewrite[ i ] ); i++ )
+				{
+					ca.line = rwmap->rwm_bva_rewrite[ i ].bv_val;
+					ca.argc = 0;
+					config_fp_parse_line( &ca );
+					
+					if ( strcasecmp( ca.argv[ 0 ], "suffixmassage" ) == 0 ) {
+						rc = rwm_suffixmassage_config( &db, c->fname, c->lineno,
+							ca.argc, ca.argv );
+
+					} else {
+						rc = rwm_rw_config( &db, c->fname, c->lineno,
+							ca.argc, ca.argv );
+					}
+
+					ch_free( ca.tline );
+
+					assert( rc == 0 );
+				}
+
 			} else if ( rwmap->rwm_rw != NULL ) {
 				rewrite_info_delete( &rwmap->rwm_rw );
 				assert( rwmap->rwm_rw == NULL );
 
 				ber_bvarray_free( rwmap->rwm_bva_rewrite );
 				rwmap->rwm_bva_rewrite = NULL;
+
+				rc = rwm_info_init( &rwmap->rwm_rw );
 			}
 			break;
 
@@ -1879,60 +2157,134 @@
 		return rc;
 	}
 
+	if ( strncasecmp( c->argv[ 0 ], "olcRwm", STRLENOF( "olcRwm" ) ) == 0 ) {
+		idx0 = 1;
+	}
+
 	switch ( c->type ) {
 	case RWM_CF_REWRITE:
-		argv0 = c->argv[ 0 ];
-		c->argv[ 0 ] += STRLENOF( "rwm-" );
-		rc = rwm_rw_config( &db, c->fname, c->lineno, c->argc, c->argv );
-		c->argv[ 0 ] = argv0;
-		if ( rc ) {
-			return 1;
+		if ( c->valx >= 0 ) {
+			struct rewrite_info *rwm_rw = rwmap->rwm_rw;
+			ConfigArgs ca = { 0 };
+			int i, last;
 
-		} else {
-			char		*line;
-			struct berval	bv;
+			for ( last = 0; !BER_BVISNULL( &rwmap->rwm_bva_rewrite[ last ] ); last++ )
+				/* count'em */ ;
 
-			line = ldap_charray2str( c->argv, "\" \"" );
-			if ( line != NULL ) {
-				int	len = strlen( c->argv[ 0 ] );
+			if ( c->valx > last ) {
+				c->valx = last;
+			}
 
-				ber_str2bv( line, 0, 0, &bv );
-				AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ],
-					bv.bv_len - ( len + 1 ) );
-				bv.bv_val[ bv.bv_len - 1 ] = '"';
-				ber_bvarray_add( &rwmap->rwm_bva_rewrite, &bv );
+			rwmap->rwm_rw = NULL;
+			rc = rwm_info_init( &rwmap->rwm_rw );
+
+			for ( i = 0; i < c->valx; i++ ) {
+				ca.line = rwmap->rwm_bva_rewrite[ i ].bv_val;
+				ca.argc = 0;
+				config_fp_parse_line( &ca );
+
+				argv0 = ca.argv[ 0 ];
+				ca.argv[ 0 ] += STRLENOF( "rwm-" );
+				
+				if ( strcasecmp( ca.argv[ 0 ], "suffixmassage" ) == 0 ) {
+					rc = rwm_suffixmassage_config( &db, c->fname, c->lineno,
+						ca.argc, ca.argv );
+
+				} else {
+					rc = rwm_rw_config( &db, c->fname, c->lineno,
+						ca.argc, ca.argv );
+				}
+
+				ca.argv[ 0 ] = argv0;
+
+				ch_free( ca.tline );
+
+				assert( rc == 0 );
 			}
-		}
-		break;
 
-	case RWM_CF_SUFFIXMASSAGE:
-		argv0 = c->argv[ 0 ];
-		c->argv[ 0 ] += STRLENOF( "rwm-" );
-		rc = rwm_suffixmassage_config( &db, c->fname, c->lineno, c->argc, c->argv );
-		c->argv[ 0 ] = argv0;
-		if ( rc ) {
-			return 1;
+			argv0 = c->argv[ idx0 ];
+			if ( strncasecmp( argv0, "rwm-", STRLENOF( "rwm-" ) ) != 0 ) {
+				return 1;
+			}
+			c->argv[ idx0 ] += STRLENOF( "rwm-" );
+			if ( strcasecmp( c->argv[ idx0 ], "suffixmassage" ) == 0 ) {
+				rc = rwm_suffixmassage_config( &db, c->fname, c->lineno,
+					c->argc - idx0, &c->argv[ idx0 ] );
 
-		} else {
-			char		*line;
-			struct berval	bv;
+			} else {
+				rc = rwm_rw_config( &db, c->fname, c->lineno,
+					c->argc - idx0, &c->argv[ idx0 ] );
+			}
+			c->argv[ idx0 ] = argv0;
+			if ( rc != 0 ) {
+				rewrite_info_delete( &rwmap->rwm_rw );
+				assert( rwmap->rwm_rw == NULL );
 
-			/* FIXME: not optimal; in fact, this keeps track
-			 * of the fact that a set of rules was added
-			 * using the rwm-suffixmassage shortcut, but the
-			 * rules are not clarified */
+				rwmap->rwm_rw = rwm_rw;
+				return 1;
+			}
 
-			line = ldap_charray2str( c->argv, "\" \"" );
-			if ( line != NULL ) {
-				int	len = strlen( c->argv[ 0 ] );
+			for ( i = c->valx; !BER_BVISNULL( &rwmap->rwm_bva_rewrite[ i ] ); i++ )
+			{
+				ca.line = rwmap->rwm_bva_rewrite[ i ].bv_val;
+				ca.argc = 0;
+				config_fp_parse_line( &ca );
+				
+				argv0 = ca.argv[ 0 ];
+				ca.argv[ 0 ] += STRLENOF( "rwm-" );
+				
+				if ( strcasecmp( ca.argv[ 0 ], "suffixmassage" ) == 0 ) {
+					rc = rwm_suffixmassage_config( &db, c->fname, c->lineno,
+						ca.argc, ca.argv );
 
-				ber_str2bv( line, 0, 0, &bv );
-				AC_MEMCPY( &bv.bv_val[ len ], &bv.bv_val[ len + 1 ],
-					bv.bv_len - ( len + 1 ) );
-				bv.bv_val[ bv.bv_len - 1 ] = '"';
-				ber_bvarray_add( &rwmap->rwm_bva_rewrite, &bv );
+				} else {
+					rc = rwm_rw_config( &db, c->fname, c->lineno,
+						ca.argc, ca.argv );
+				}
+
+				ca.argv[ 0 ] = argv0;
+
+				ch_free( ca.tline );
+
+				assert( rc == 0 );
 			}
+
+			rwmap->rwm_bva_rewrite = ch_realloc( rwmap->rwm_bva_rewrite,
+				( last + 2 )*sizeof( struct berval ) );
+
+			for ( i = last - 1; i >= c->valx; i-- )
+			{
+				rwmap->rwm_bva_rewrite[ i + 1 ] = rwmap->rwm_bva_rewrite[ i ];
+			}
+
+			rwm_bva_rewrite_add( rwmap, c->valx, &c->argv[ idx0 ] );
+
+			rewrite_info_delete( &rwm_rw );
+			assert( rwm_rw == NULL );
+
+			break;
 		}
+
+		argv0 = c->argv[ idx0 ];
+		if ( strncasecmp( argv0, "rwm-", STRLENOF( "rwm-" ) ) != 0 ) {
+			return 1;
+		}
+		c->argv[ idx0 ] += STRLENOF( "rwm-" );
+		if ( strcasecmp( c->argv[ idx0 ], "suffixmassage" ) == 0 ) {
+			rc = rwm_suffixmassage_config( &db, c->fname, c->lineno,
+				c->argc - idx0, &c->argv[ idx0 ] );
+
+		} else {
+			rc = rwm_rw_config( &db, c->fname, c->lineno,
+				c->argc - idx0, &c->argv[ idx0 ] );
+		}
+		c->argv[ idx0 ] = argv0;
+		if ( rc ) {
+			return 1;
+
+		} else {
+			rwm_bva_rewrite_add( rwmap, -1, &c->argv[ idx0 ] );
+		}
 		break;
 
 	case RWM_CF_T_F_SUPPORT:
@@ -1947,6 +2299,10 @@
 		break;
 
 	case RWM_CF_MAP:
+		if ( c->valx >= 0 ) {
+			return 1;
+		}
+
 		argv0 = c->argv[ 0 ];
 		c->argv[ 0 ] += STRLENOF( "rwm-" );
 		rc = rwm_m_config( &db, c->fname, c->lineno, c->argc, c->argv );
@@ -1989,29 +2345,12 @@
 {
 	slap_overinst		*on = (slap_overinst *) be->bd_info;
 	struct ldaprwmap	*rwmap;
-	char			*rargv[ 3 ];
 	int			rc = 0;
 
 	rwmap = (struct ldaprwmap *)ch_calloc( 1, sizeof( struct ldaprwmap ) );
 
- 	rwmap->rwm_rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
-	if ( rwmap->rwm_rw == NULL ) {
- 		rc = -1;
-		goto error_return;
- 	}
+	rc = rwm_info_init( &rwmap->rwm_rw );
 
-	/* this rewriteContext by default must be null;
-	 * rules can be added if required */
-	rargv[ 0 ] = "rewriteContext";
-	rargv[ 1 ] = "searchFilter";
-	rargv[ 2 ] = NULL;
-	rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 1, 2, rargv );
-
-	rargv[ 0 ] = "rewriteContext";
-	rargv[ 1 ] = "default";
-	rargv[ 2 ] = NULL;
-	rewrite_parse( rwmap->rwm_rw, "<suffix massage>", 2, 2, rargv );
-
 error_return:;
 	on->on_bi.bi_private = (void *)rwmap;
 
@@ -2084,6 +2423,10 @@
 	rwm.on_bi.bi_op_delete = rwm_op_delete;
 	rwm.on_bi.bi_op_unbind = rwm_op_unbind;
 	rwm.on_bi.bi_extended = rwm_extended;
+#if 1 /* TODO */
+	rwm.on_bi.bi_entry_release_rw = rwm_entry_release_rw;
+	rwm.on_bi.bi_entry_get_rw = rwm_entry_get_rw;
+#endif
 
 	rwm.on_bi.bi_operational = rwm_operational;
 	rwm.on_bi.bi_chk_referrals = 0 /* rwm_chk_referrals */ ;

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwm.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* rwm.h - dn rewrite/attribute mapping header file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.15.2.3 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwm.h,v 1.15.2.5 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -175,7 +175,7 @@
 	void			*cookie,
 	BerVarray		a_vals,
 	BerVarray		*pa_nvals );
-extern int rwm_dnattr_result_rewrite( dncookie *dc, BerVarray a_vals );
+extern int rwm_dnattr_result_rewrite( dncookie *dc, BerVarray a_vals, BerVarray a_nvals );
 extern int rwm_referral_result_rewrite( dncookie *dc, BerVarray a_vals );
 
 LDAP_END_DECL

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmconf.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* rwmconf.c - rewrite/map configuration file routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.25.2.3 2008/02/11 23:26:48 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmconf.c,v 1.25.2.5 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -71,6 +71,13 @@
 		return 1;
 	}
 
+	if ( !is_oc && map->map == NULL ) {
+		/* only init if required */
+		if ( rwm_map_init( map, &mapping ) != LDAP_SUCCESS ) {
+			return 1;
+		}
+	}
+
 	if ( strcmp( argv[2], "*" ) == 0 ) {
 		if ( argc < 4 || strcmp( argv[3], "*" ) == 0 ) {
 			map->drop_missing = ( argc < 4 );
@@ -225,11 +232,6 @@
 				rwm_mapping_cmp, rwm_mapping_dup );
 
 success_return:;
-	if ( !is_oc && map->map == NULL ) {
-		/* only init if required */
-		rc = rwm_map_init( map, &mapping ) != LDAP_SUCCESS;
-	}
-
 	return rc;
 
 error_return:;

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* rwmdn.c - massages dns */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmdn.c,v 1.18.2.4 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmdn.c,v 1.18.2.5 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/rwmmap.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* rwmmap.c - rewrite/mapping routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.31.2.6 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/rwmmap.c,v 1.31.2.11 2009/02/05 19:42:04 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999-2003 Howard Chu.
  * Portions Copyright 2000-2003 Pierangelo Masarati.
  * All rights reserved.
@@ -81,7 +81,9 @@
 		return LDAP_NO_MEMORY;
 	}
 
-	/* FIXME: I don't think this is needed any more... */
+	/* NOTE: this is needed to make sure that
+	 *	rwm-map attribute *
+	 * does not  filter out all attributes including objectClass */
 	rc = slap_str2ad( "objectClass", &mapping[0].m_src_ad, &text );
 	if ( rc != LDAP_SUCCESS ) {
 		ch_free( mapping );
@@ -493,6 +495,10 @@
 		return LDAP_OTHER;
 	}
 
+	if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
+		goto computed;
+	}
+
 	switch ( f->f_choice & SLAPD_FILTER_MASK ) {
 	case LDAP_FILTER_EQUALITY:
 		ad = f->f_av_desc;
@@ -704,7 +710,7 @@
 
 	case -1:
 computed:;
-		filter_free_x( op, f );
+		filter_free_x( op, f, 0 );
 		f->f_choice = SLAPD_FILTER_COMPUTED;
 		f->f_result = SLAPD_COMPARE_UNDEFINED;
 		/* fallthru */
@@ -1172,7 +1178,8 @@
 int
 rwm_dnattr_result_rewrite(
 	dncookie		*dc,
-	BerVarray		a_vals )
+	BerVarray		a_vals,
+	BerVarray		a_nvals )
 {
 	int		i, last;
 
@@ -1180,11 +1187,11 @@
 	last--;
 
 	for ( i = 0; !BER_BVISNULL( &a_vals[i] ); i++ ) {
-		struct berval	dn;
+		struct berval	pdn, ndn = BER_BVNULL;
 		int		rc;
 		
-		dn = a_vals[i];
-		rc = rwm_dn_massage_pretty( dc, &a_vals[i], &dn );
+		pdn = a_vals[i];
+		rc = rwm_dn_massage_pretty_normalize( dc, &a_vals[i], &pdn, &ndn );
 		switch ( rc ) {
 		case LDAP_UNWILLING_TO_PERFORM:
 			/*
@@ -1192,20 +1199,28 @@
 			 * legal to trim values when adding/modifying;
 			 * it should be when searching (e.g. ACLs).
 			 */
+			assert( a_vals[i].bv_val != a_nvals[i].bv_val );
 			ch_free( a_vals[i].bv_val );
+			ch_free( a_nvals[i].bv_val );
 			if ( last > i ) {
 				a_vals[i] = a_vals[last];
+				a_nvals[i] = a_nvals[last];
 			}
 			BER_BVZERO( &a_vals[last] );
+			BER_BVZERO( &a_nvals[last] );
 			last--;
 			break;
 
 		default:
 			/* leave attr untouched if massage failed */
-			if ( !BER_BVISNULL( &dn ) && a_vals[i].bv_val != dn.bv_val ) {
+			if ( !BER_BVISNULL( &pdn ) && a_vals[i].bv_val != pdn.bv_val ) {
 				ch_free( a_vals[i].bv_val );
-				a_vals[i] = dn;
+				a_vals[i] = pdn;
 			}
+			if ( !BER_BVISNULL( &ndn ) && a_nvals[i].bv_val != ndn.bv_val ) {
+				ch_free( a_nvals[i].bv_val );
+				a_nvals[i] = ndn;
+			}
 			break;
 		}
 	}

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/seqmod.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 /* seqmod.c - sequenced modifies */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/syncprov.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.147.2.34 2008/07/10 00:13:08 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/syncprov.c,v 1.147.2.44 2009/01/30 18:49:57 quanah Exp $ */
 /* syncprov.c - syncrepl provider */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -393,9 +393,6 @@
 static int
 syncprov_findbase( Operation *op, fbase_cookie *fc )
 {
-	opcookie *opc = op->o_callback->sc_private;
-	slap_overinst *on = opc->son;
-
 	/* Use basic parameters from syncrepl search, but use
 	 * current op's threadctx / tmpmemctx
 	 */
@@ -630,7 +627,7 @@
 		cf.f_av_value = si->si_ctxcsn[maxid];
 		fop.ors_filterstr.bv_len = snprintf( buf, sizeof( buf ),
 			"(entryCSN>=%s)", cf.f_av_value.bv_val );
-		if ( fop.ors_filterstr.bv_len < 0 || fop.ors_filterstr.bv_len >= sizeof( buf ) ) {
+		if ( fop.ors_filterstr.bv_len >= sizeof( buf ) ) {
 			return LDAP_OTHER;
 		}
 		fop.ors_attrsonly = 0;
@@ -667,7 +664,7 @@
 			fop.ors_filterstr.bv_len = snprintf( buf, sizeof( buf ),
 				"(entryCSN<=%s)", cf.f_av_value.bv_val );
 		}
-		if ( fop.ors_filterstr.bv_len < 0 || fop.ors_filterstr.bv_len >= sizeof( buf ) ) {
+		if ( fop.ors_filterstr.bv_len >= sizeof( buf ) ) {
 			return LDAP_OTHER;
 		}
 		fop.ors_attrsonly = 1;
@@ -803,7 +800,7 @@
 		rs.sr_entry = *e;
 		if ( rs.sr_entry->e_private )
 			rs.sr_flags = REP_ENTRY_MUSTRELEASE;
-		if ( opc->sreference ) {
+		if ( opc->sreference && so->s_op->o_managedsait <= SLAP_CONTROL_IGNORED ) {
 			rs.sr_ref = get_entry_referrals( op, rs.sr_entry );
 			rs.sr_err = send_search_reference( op, &rs );
 			ber_bvarray_free( rs.sr_ref );
@@ -826,7 +823,7 @@
 		e_uuid.e_name = opc->sdn;
 		e_uuid.e_nname = opc->sndn;
 		rs.sr_entry = &e_uuid;
-		if ( opc->sreference ) {
+		if ( opc->sreference && so->s_op->o_managedsait <= SLAP_CONTROL_IGNORED ) {
 			struct berval bv = BER_BVNULL;
 			rs.sr_ref = &bv;
 			rs.sr_err = send_search_reference( op, &rs );
@@ -911,6 +908,10 @@
 	} else {
 		/* bail out on any error */
 		ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+
+		/* Prevent duplicate remove */
+		if ( so->s_qtask == rtask )
+			so->s_qtask = NULL;
 	}
 	ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
 	ldap_pvt_thread_mutex_unlock( &so->s_mutex );
@@ -1258,6 +1259,12 @@
 			/* send DELETE */
 			syncprov_qresp( opc, ss, LDAP_SYNC_DELETE );
 		}
+		if ( !saveit && found ) {
+			/* Decrement s_inuse, was incremented when called
+			 * with saveit == TRUE
+			 */
+			syncprov_free_syncop( ss );
+		}
 	}
 	ldap_pvt_thread_mutex_unlock( &si->si_ops_mutex );
 
@@ -1603,12 +1610,12 @@
 	{
 		struct berval maxcsn = BER_BVNULL;
 		char cbuf[LDAP_LUTIL_CSNSTR_BUFSIZE];
-		int do_check = 0, have_psearches;
+		int do_check = 0, have_psearches, foundit;
 
 		/* Update our context CSN */
 		cbuf[0] = '\0';
 		ldap_pvt_thread_rdwr_wlock( &si->si_csn_rwlock );
-		slap_get_commit_csn( op, &maxcsn );
+		slap_get_commit_csn( op, &maxcsn, &foundit );
 		if ( BER_BVISNULL( &maxcsn ) && SLAP_GLUE_SUBORDINATE( op->o_bd )) {
 			/* syncrepl queues the CSN values in the db where
 			 * it is configured , not where the changes are made.
@@ -1617,7 +1624,7 @@
 			 */
 			BackendDB *be = op->o_bd;
 			op->o_bd = select_backend( &be->be_nsuffix[0], 1);
-			slap_get_commit_csn( op, &maxcsn );
+			slap_get_commit_csn( op, &maxcsn, &foundit );
 			op->o_bd = be;
 		}
 		if ( !BER_BVISNULL( &maxcsn ) ) {
@@ -1640,15 +1647,14 @@
 					sizeof(int));
 				si->si_sids[i] = sid;
 			}
-		} else {
+		} else if ( !foundit ) {
 			/* internal ops that aren't meant to be replicated */
 			ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
 			return SLAP_CB_CONTINUE;
 		}
 
 		/* Don't do any processing for consumer contextCSN updates */
-		if ( SLAP_SYNC_SHADOW( op->o_bd ) && 
-			op->o_msgid == SLAP_SYNC_UPDATE_MSGID ) {
+		if ( op->o_dont_replicate ) {
 			ldap_pvt_thread_rdwr_wunlock( &si->si_csn_rwlock );
 			return SLAP_CB_CONTINUE;
 		}
@@ -1677,8 +1683,11 @@
 			ldap_pvt_thread_rdwr_runlock( &si->si_csn_rwlock );
 		}
 
-		opc->sctxcsn.bv_len = maxcsn.bv_len;
-		opc->sctxcsn.bv_val = cbuf;
+		/* only update consumer ctx if this is the greatest csn */
+		if ( bvmatch( &maxcsn, &op->o_csn )) {
+			opc->sctxcsn.bv_len = maxcsn.bv_len;
+			opc->sctxcsn.bv_val = cbuf;
+		}
 
 		/* Handle any persistent searches */
 		ldap_pvt_thread_mutex_lock( &si->si_ops_mutex );
@@ -1940,6 +1949,7 @@
 	op2->o_time = op->o_time;
 	op2->o_bd = on->on_info->oi_origdb;
 	op2->o_request = op->o_request;
+	op2->o_managedsait = op->o_managedsait;
 	LDAP_SLIST_FIRST(&op2->o_extra)->oe_key = on;
 	LDAP_SLIST_NEXT(LDAP_SLIST_FIRST(&op2->o_extra), oe_next) = NULL;
 
@@ -2113,17 +2123,16 @@
 				op->o_tmpfree( cookie.bv_val, op->o_tmpmemctx );
 
 			/* Detach this Op from frontend control */
-			ldap_pvt_thread_mutex_lock( &ss->ss_so->s_mutex );
 			ldap_pvt_thread_mutex_lock( &op->o_conn->c_mutex );
 
 			/* But not if this connection was closed along the way */
 			if ( op->o_abandon ) {
 				ldap_pvt_thread_mutex_unlock( &op->o_conn->c_mutex );
-				ldap_pvt_thread_mutex_unlock( &ss->ss_so->s_mutex );
 				/* syncprov_ab_cleanup will free this syncop */
 				return SLAPD_ABANDON;
 
 			} else {
+				ldap_pvt_thread_mutex_lock( &ss->ss_so->s_mutex );
 				/* Turn off the refreshing flag */
 				ss->ss_so->s_flags ^= PS_IS_REFRESHING;
 
@@ -2134,8 +2143,8 @@
 				/* If there are queued responses, fire them off */
 				if ( ss->ss_so->s_res )
 					syncprov_qstart( ss->ss_so );
+				ldap_pvt_thread_mutex_unlock( &ss->ss_so->s_mutex );
 			}
-			ldap_pvt_thread_mutex_unlock( &ss->ss_so->s_mutex );
 
 			return LDAP_SUCCESS;
 		}
@@ -2166,7 +2175,6 @@
 	}
 
 	srs = op->o_controls[slap_cids.sc_LDAPsync];
-	op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
 
 	/* If this is a persistent search, set it up right away */
 	if ( op->o_sync_mode & SLAP_SYNC_PERSIST ) {
@@ -2535,7 +2543,7 @@
 				struct berval bv;
 				bv.bv_len = snprintf( c->cr_msg, sizeof( c->cr_msg ),
 					"%d %d", si->si_chkops, si->si_chktime );
-				if ( bv.bv_len < 0 || bv.bv_len >= sizeof( c->cr_msg ) ) {
+				if ( bv.bv_len >= sizeof( c->cr_msg ) ) {
 					rc = 1;
 				} else {
 					bv.bv_val = c->cr_msg;
@@ -2729,7 +2737,7 @@
 			si->si_sids = slap_parse_csn_sids( si->si_ctxcsn, a->a_numvals, NULL );
 		}
 		overlay_entry_release_ov( op, e, 0, on );
-		if ( si->si_ctxcsn ) {
+		if ( si->si_ctxcsn && !SLAP_DBCLEAN( be )) {
 			op->o_req_dn = be->be_suffix[0];
 			op->o_req_ndn = be->be_nsuffix[0];
 			op->ors_scope = LDAP_SCOPE_SUBTREE;

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/translucent.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* translucent.c - translucent proxy module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.13.2.16 2008/04/14 21:13:44 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/translucent.c,v 1.13.2.26 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2005 Symas Corporation.
  * All rights reserved.
  *
@@ -41,6 +41,8 @@
 	int strict;
 	int no_glue;
 	int defer_db_open;
+	int bind_local;
+	int pwmod_local;
 } translucent_info;
 
 static ConfigLDAPadd translucent_ldadd;
@@ -67,40 +69,45 @@
 	  "DESC 'Disable automatic glue records for ADD and MODRDN' "
 	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
 	{ "translucent_local", "attr[,attr...]", 1, 2, 0,
-	  ARG_STRING|ARG_MAGIC|TRANS_LOCAL,
+	  ARG_MAGIC|TRANS_LOCAL,
 	  translucent_cf_gen,
 	  "( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' "
 	  "DESC 'Attributes to use in local search filter' "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
 	{ "translucent_remote", "attr[,attr...]", 1, 2, 0,
-	  ARG_STRING|ARG_MAGIC|TRANS_REMOTE,
+	  ARG_MAGIC|TRANS_REMOTE,
 	  translucent_cf_gen,
 	  "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' "
 	  "DESC 'Attributes to use in remote search filter' "
 	  "SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "translucent_bind_local", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET,
+	  (void *)offsetof(translucent_info, bind_local),
+	  "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' "
+	  "DESC 'Enable local bind' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
+	{ "translucent_pwmod_local", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET,
+	  (void *)offsetof(translucent_info, pwmod_local),
+	  "( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' "
+	  "DESC 'Enable local RFC 3062 Password Modify extended operation' "
+	  "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL },
 	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
 };
 
-static ConfigTable transdummy[] = {
-	{ "", "", 0, 0, 0, ARG_IGNORED,
-		NULL, "( OLcfgGlAt:13 NAME 'olcDatabase' "
-			"DESC 'The backend type for a database instance' "
-			"SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", NULL, NULL },
-	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
-};
-
 static ConfigOCs translucentocs[] = {
 	{ "( OLcfgOvOc:14.1 "
 	  "NAME 'olcTranslucentConfig' "
 	  "DESC 'Translucent configuration' "
 	  "SUP olcOverlayConfig "
 	  "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $"
-	  " olcTranslucentLocal $ olcTranslucentRemote ) )",
+	  " olcTranslucentLocal $ olcTranslucentRemote $"
+	  " olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )",
 	  Cft_Overlay, translucentcfg, NULL, translucent_cfadd },
 	{ "( OLcfgOvOc:14.2 "
 	  "NAME 'olcTranslucentDatabase' "
 	  "DESC 'Translucent target database configuration' "
-	  "AUXILIARY )", Cft_Misc, transdummy, translucent_ldadd },
+	  "AUXILIARY )", Cft_Misc, olcDatabaseDummy, translucent_ldadd },
 	{ NULL, 0, NULL }
 };
 /* for translucent_init() */
@@ -152,7 +159,7 @@
 	/* FIXME: should not hardcode "olcDatabase" here */
 	bv.bv_len = snprintf( ca->cr_msg, sizeof( ca->cr_msg ),
 		"olcDatabase=%s", ov->db.bd_info->bi_type );
-	if ( bv.bv_len < 0 || bv.bv_len >= sizeof( ca->cr_msg ) ) {
+	if ( bv.bv_len >= sizeof( ca->cr_msg ) ) {
 		return -1;
 	}
 	bv.bv_val = ca->cr_msg;
@@ -425,6 +432,7 @@
 
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
 	if(rc != LDAP_SUCCESS || re == NULL ) {
 		send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
@@ -622,13 +630,137 @@
 */
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_op_compare(op, rs);
 	op->o_bd = db;
 
 	return(rc);
 }
 
+static int translucent_pwmod(Operation *op, SlapReply *rs) {
+	SlapReply nrs = { REP_RESULT };
+	Operation nop;
+
+	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+	translucent_info *ov = on->on_bi.bi_private;
+	const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
+	Entry *e = NULL, *re = NULL;
+	BackendDB *db;
+	int rc = 0;
+	slap_callback cb = { 0 };
+
+	if (!ov->pwmod_local) {
+		rs->sr_err = LDAP_CONSTRAINT_VIOLATION,
+		rs->sr_text = "attempt to modify password in local database";
+		return rs->sr_err;
+	}
+
 /*
+** fetch entry from the captive backend;
+** if it did not exist, fail;
+** release it, if captive backend supports this;
+**
+*/
+	db = op->o_bd;
+	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
+	rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
+	if(rc != LDAP_SUCCESS || re == NULL ) {
+		send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
+			"attempt to modify nonexistent local record");
+		return(rs->sr_err);
+	}
+	op->o_bd = db;
+/*
+** fetch entry from local backend;
+** if it exists:
+**	return CONTINUE;
+*/
+
+	op->o_bd->bd_info = (BackendInfo *) on->on_info;
+	rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
+	op->o_bd->bd_info = (BackendInfo *) on;
+
+	if(e && rc == LDAP_SUCCESS) {
+		if(re) {
+			if(ov->db.bd_info->bi_entry_release_rw) {
+				op->o_bd = &ov->db;
+				ov->db.bd_info->bi_entry_release_rw(op, re, 0);
+				op->o_bd = db;
+			} else {
+				entry_free(re);
+			}
+		}
+		op->o_bd->bd_info = (BackendInfo *) on->on_info;
+		be_entry_release_r(op, e);
+		op->o_bd->bd_info = (BackendInfo *) on;
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* don't leak remote entry copy */
+	if(re) {
+		if(ov->db.bd_info->bi_entry_release_rw) {
+			op->o_bd = &ov->db;
+			ov->db.bd_info->bi_entry_release_rw(op, re, 0);
+			op->o_bd = db;
+		} else {
+			entry_free(re);
+		}
+	}
+/*
+** glue_parent() for this Entry;
+** call bi_op_add() in local backend;
+**
+*/
+	e = entry_alloc();
+	ber_dupbv( &e->e_name, &op->o_req_dn );
+	ber_dupbv( &e->e_nname, &op->o_req_ndn );
+	e->e_attrs = NULL;
+
+	nop = *op;
+	nop.o_tag = LDAP_REQ_ADD;
+	cb.sc_response = slap_null_cb;
+	nop.oq_add.rs_e	= e;
+
+	glue_parent(&nop);
+
+	nop.o_callback = &cb;
+	rc = on->on_info->oi_orig->bi_op_add(&nop, &nrs);
+	if ( nop.ora_e == e ) {
+		entry_free( e );
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	return rc;
+}
+
+static int translucent_exop(Operation *op, SlapReply *rs) {
+	SlapReply nrs = { REP_RESULT };
+
+	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+	translucent_info *ov = on->on_bi.bi_private;
+	const struct berval bv_exop_pwmod = BER_BVC(LDAP_EXOP_MODIFY_PASSWD);
+
+	Debug(LDAP_DEBUG_TRACE, "==> translucent_exop: %s\n",
+		op->o_req_dn.bv_val, 0, 0);
+
+	if(ov->defer_db_open) {
+		send_ldap_error(op, rs, LDAP_UNAVAILABLE,
+			"remote DB not available");
+		return(rs->sr_err);
+	}
+
+	if ( bvmatch( &bv_exop_pwmod, &op->ore_reqoid ) ) {
+		return translucent_pwmod( op, rs );
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+/*
 ** translucent_search_cb()
 **	merge local data with remote data
 **
@@ -663,6 +795,7 @@
 	Entry *le, *re;
 	Attribute *a, *ax, *an, *as = NULL;
 	int rc;
+	int test_f = 0;
 
 	tc = op->o_callback->sc_private;
 
@@ -691,7 +824,7 @@
 			if ( re ) {
 				if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
 					rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
-					be_entry_release_r( op, rs->sr_entry );
+					overlay_entry_release_ov( op, rs->sr_entry, 0, on );
 				}
 				if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
 					rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
@@ -715,6 +848,7 @@
 			Entry *tmp = entry_dup( re );
 			be_entry_release_r( op, re );
 			re = tmp;
+			test_f = 1;
 		}
 	} else {
 	/* Else we have remote, get local */
@@ -724,7 +858,7 @@
 			re = entry_dup( rs->sr_entry );
 			if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
 				rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
-				be_entry_release_r( op, rs->sr_entry );
+				overlay_entry_release_ov( op, rs->sr_entry, 0, on );
 			}
 			if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
 				rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
@@ -767,7 +901,7 @@
 		if ( tc->step & LCL_SIDE ) {
 			if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
 				rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
-				be_entry_release_r( op, rs->sr_entry );
+				overlay_entry_release_ov( op, rs->sr_entry, 0, on );
 			}
 			if ( rs->sr_flags & REP_ENTRY_MUSTBEFREED ) {
 				rs->sr_flags ^= REP_ENTRY_MUSTBEFREED;
@@ -795,7 +929,16 @@
 		/* send it now */
 			rs->sr_entry = re;
 			rs->sr_flags |= REP_ENTRY_MUSTBEFREED;
-			rc = SLAP_CB_CONTINUE;
+			if ( test_f ) {
+				rc = test_filter( op, rs->sr_entry, tc->orig );
+				if ( rc == LDAP_COMPARE_TRUE ) {
+					rc = SLAP_CB_CONTINUE;
+				} else {
+					rc = 0;
+				}
+			} else {
+				rc = SLAP_CB_CONTINUE;
+			}
 		}
 	} else if ( le ) {
 	/* Only a local entry: remote was deleted
@@ -956,6 +1099,7 @@
 	cb.sc_private = &tc;
 	cb.sc_next = op->o_callback;
 
+	ov->db.be_acl = op->o_bd->be_acl;
 	tc.db = op->o_bd;
 	tc.on = on;
 	tc.orig = op->ors_filter;
@@ -1033,6 +1177,7 @@
 	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
 	translucent_info *ov = on->on_bi.bi_private;
 	BackendDB *db;
+	slap_callback sc = { 0 }, *save_cb;
 	int rc;
 
 	Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n",
@@ -1043,10 +1188,26 @@
 			"remote DB not available");
 		return(rs->sr_err);
 	}
+
+	if (ov->bind_local) {
+		sc.sc_response = slap_null_cb;
+		save_cb = op->o_callback;
+		op->o_callback = &sc;
+	}
+
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_op_bind(op, rs);
 	op->o_bd = db;
+
+	if (ov->bind_local) {
+		op->o_callback = save_cb;
+		if (rc != LDAP_SUCCESS) {
+			rc = SLAP_CB_CONTINUE;
+		}
+	}
+
 	return rc;
 }
 
@@ -1112,7 +1273,6 @@
 	on->on_bi.bi_private = ov;
 	ov->db = *be;
 	ov->db.be_private = NULL;
-	ov->db.be_pcl_mutexp = &ov->db.be_pcl_mutex;
 	ov->defer_db_open = 1;
 
 	if ( !backend_db_init( "ldap", &ov->db, -1, NULL )) {
@@ -1235,6 +1395,7 @@
 	translucent.on_bi.bi_op_search	= translucent_search;
 	translucent.on_bi.bi_op_compare	= translucent_compare;
 	translucent.on_bi.bi_connection_destroy = translucent_connection_destroy;
+	translucent.on_bi.bi_extended	= translucent_exop;
 
 	translucent.on_bi.bi_cf_ocs = translucentocs;
 	rc = config_register_schema ( translucentcfg, translucentocs );

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/unique.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/unique.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/unique.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* unique.c - attribute uniqueness module */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/unique.c,v 1.20.2.9 2008/07/09 23:45:53 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/unique.c,v 1.20.2.14 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004,2006-2007 Symas Corporation.
  * All rights reserved.
  *
@@ -197,6 +197,15 @@
 			goto exit;
 		}
 
+		if ( be->be_nsuffix == NULL ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				  "suffix must be set" );
+			Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
+				c->cr_msg, NULL, NULL );
+			rc = ARG_BAD_CONF;
+			goto exit;
+		}
+
 		if ( !dnIsSuffix ( &uri->ndn, &be->be_nsuffix[0] ) ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg ),
 				  "dn <%s> is not a suffix of backend base dn <%s>",
@@ -239,6 +248,7 @@
 
 	if (url_desc->lud_filter) {
 		Filter *f = str2filter( url_desc->lud_filter );
+		char *ptr;
 		if ( !f ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg ),
 				  "unique: bad filter");
@@ -248,6 +258,14 @@
 		/* make sure the strfilter is in normal form (ITS#5581) */
 		filter2bv( f, &uri->filter );
 		filter_free( f );
+		ptr = strstr( uri->filter.bv_val, "(?=" /*)*/ );
+		if ( ptr != NULL && ptr <= ( uri->filter.bv_val - STRLENOF( "(?=" /*)*/ ) + uri->filter.bv_len ) )
+		{
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				  "unique: bad filter");
+			rc = ARG_BAD_CONF;
+			goto exit;
+		}
 	}
 exit:
 	uri->next = *urip;
@@ -406,6 +424,14 @@
 			rc = ARG_BAD_CONF;
 			break;
 		}
+		if ( be->be_nsuffix == NULL ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				  "suffix must be set" );
+			Debug ( LDAP_DEBUG_CONFIG, "unique config: %s\n",
+				c->cr_msg, NULL, NULL );
+			rc = ARG_BAD_CONF;
+			break;
+		}
 		if ( !dnIsSuffix ( &c->value_ndn,
 				   &be->be_nsuffix[0] ) ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg ),
@@ -956,9 +982,16 @@
 	unique_counter uq = { NULL, 0 };
 	int rc;
 
-	Debug(LDAP_DEBUG_TRACE, "==> unique_search %s\n", key, 0, 0);
+	Debug(LDAP_DEBUG_TRACE, "==> unique_search %s\n", key->bv_val, 0, 0);
 
 	nop->ors_filter = str2filter_x(nop, key->bv_val);
+	if(nop->ors_filter == NULL) {
+		op->o_bd->bd_info = (BackendInfo *) on->on_info;
+		send_ldap_error(op, rs, LDAP_OTHER,
+			"unique_search invalid filter");
+		return(rs->sr_err);
+	}
+
 	nop->ors_filterstr = *key;
 
 	cb.sc_response	= (slap_response*)count_attr_cb;
@@ -980,7 +1013,7 @@
 
 	nop->o_bd = on->on_info->oi_origdb;
 	rc = nop->o_bd->be_search(nop, &nrs);
-	filter_free_x(nop, nop->ors_filter);
+	filter_free_x(nop, nop->ors_filter, 1);
 	op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
 
 	if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {

Modified: openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/overlays/valsort.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* valsort.c - sort attribute values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.17.2.5 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/overlays/valsort.c,v 1.17.2.6 2009/01/22 00:01:13 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * Portions copyright 2005 Symas Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/passwd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/passwd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/passwd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* passwd.c - password extended operation routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/passwd.c,v 1.128.2.10 2008/02/11 23:34:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/passwd.c,v 1.128.2.12 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -503,6 +503,7 @@
 	int			result = 1;
 	struct berval		*bv;
 	AccessControlState	acl_state = ACL_STATE_INIT;
+	char		credNul = cred->bv_val[cred->bv_len];
 
 #ifdef SLAPD_SPASSWD
 	void		*old_authctx = NULL;
@@ -511,6 +512,8 @@
 		op->o_conn->c_sasl_authctx, 0, &old_authctx, NULL );
 #endif
 
+	if ( credNul ) cred->bv_val[cred->bv_len] = 0;
+
 	for ( bv = a->a_vals; bv->bv_val != NULL; bv++ ) {
 		/* if e is provided, check access */
 		if ( e && access_allowed( op, e, a->a_desc, bv,
@@ -525,6 +528,8 @@
 		}
 	}
 
+	if ( credNul ) cred->bv_val[cred->bv_len] = credNul;
+
 #ifdef SLAPD_SPASSWD
 	ldap_pvt_thread_pool_setkey( op->o_threadctx, (void *)slap_sasl_bind,
 		old_authctx, 0, NULL, NULL );

Modified: openldap/vendor/openldap-release/servers/slapd/phonetic.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/phonetic.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/phonetic.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* phonetic.c - routines to do phonetic matching */
-/* $OpenLDAP: pkg/ldap/servers/slapd/phonetic.c,v 1.22.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/phonetic.c,v 1.22.2.4 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/proto-slap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/proto-slap.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/proto-slap.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.670.2.26 2008/07/08 19:25:38 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/proto-slap.h,v 1.670.2.40 2009/02/06 01:03:12 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -93,7 +93,7 @@
 	struct berval *default_set_attribute ));
 LDAP_SLAPD_F (int) acl_string_expand LDAP_P((
 	struct berval *newbuf, struct berval *pattern,
-	char *match, int nmatch, regmatch_t *matches ));
+	struct berval *dnmatch, struct berval *valmatch, AclRegexMatches *matches ));
 
 /*
  * aclparse.c
@@ -111,7 +111,7 @@
 LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char*, int debug ));
 LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
 LDAP_SLAPD_F (void) acl_unparse LDAP_P(( AccessControl*, struct berval* ));
-LDAP_SLAPD_F (void) acl_destroy LDAP_P(( AccessControl*, AccessControl* ));
+LDAP_SLAPD_F (void) acl_destroy LDAP_P(( AccessControl* ));
 LDAP_SLAPD_F (void) acl_free LDAP_P(( AccessControl *a ));
 
 
@@ -426,7 +426,7 @@
  */
 
 LDAP_SLAPD_F (int) glue_sub_init( void );
-LDAP_SLAPD_F (int) glue_sub_attach( void );
+LDAP_SLAPD_F (int) glue_sub_attach( int online );
 LDAP_SLAPD_F (int) glue_sub_add( BackendDB *be, int advert, int online );
 LDAP_SLAPD_F (int) glue_sub_del( BackendDB *be );
 
@@ -473,6 +473,9 @@
 LDAP_SLAPD_F (void) overlay_remove LDAP_P((
 	BackendDB *be, slap_overinst *on ));
 #endif /* SLAP_CONFIG_DELETE */
+LDAP_SLAPD_F (int) overlay_callback_after_backover LDAP_P((
+	Operation *op, slap_callback *sc, int append ));
+
 /*
  * bconfig.c
  */
@@ -657,6 +660,13 @@
 slap_ctrl_session_tracking_request_add LDAP_P((
 	Operation *op, SlapReply *rs, LDAPControl *ctrl ));
 #endif /* SLAP_CONTROL_X_SESSION_TRACKING */
+#ifdef SLAP_CONTROL_X_WHATFAILED
+LDAP_SLAPD_F (int)
+slap_ctrl_whatFailed_add LDAP_P((
+	Operation *op,
+	SlapReply *rs,
+	char **oids ));
+#endif /* SLAP_CONTROL_X_WHATFAILED */
 
 /*
  * config.c
@@ -735,6 +745,7 @@
 
 LDAP_SLAPD_F (void) connection_closing LDAP_P((
 	Connection *c, const char *why ));
+LDAP_SLAPD_F (void) connection_hangup LDAP_P(( ber_socket_t fd ));
 LDAP_SLAPD_F (int) connection_state_closing LDAP_P(( Connection *c ));
 LDAP_SLAPD_F (const char *) connection_state2str LDAP_P(( int state ))
 	LDAP_GCCATTR((const));
@@ -794,7 +805,7 @@
 LDAP_SLAPD_V( const struct berval ) slap_ldapsync_bv;
 LDAP_SLAPD_V( const struct berval ) slap_ldapsync_cn_bv;
 LDAP_SLAPD_F (void) slap_get_commit_csn LDAP_P((
-	Operation *, struct berval *maxcsn ));
+	Operation *, struct berval *maxcsn, int *foundit ));
 LDAP_SLAPD_F (void) slap_rewind_commit_csn LDAP_P(( Operation * ));
 LDAP_SLAPD_F (void) slap_graduate_commit_csn LDAP_P(( Operation * ));
 LDAP_SLAPD_F (Entry *) slap_create_context_csn_entry LDAP_P(( Backend *, struct berval *));
@@ -1026,7 +1037,7 @@
 	const char **text ));
 
 LDAP_SLAPD_F (void) filter_free LDAP_P(( Filter *f ));
-LDAP_SLAPD_F (void) filter_free_x LDAP_P(( Operation *op, Filter *f ));
+LDAP_SLAPD_F (void) filter_free_x LDAP_P(( Operation *op, Filter *f, int freeme ));
 LDAP_SLAPD_F (void) filter2bv LDAP_P(( Filter *f, struct berval *bv ));
 LDAP_SLAPD_F (void) filter2bv_x LDAP_P(( Operation *op, Filter *f, struct berval *bv ));
 LDAP_SLAPD_F (Filter *) filter_dup LDAP_P(( Filter *f, void *memctx ));
@@ -1112,9 +1123,6 @@
 /*
  * limits.c
  */
-LDAP_SLAPD_F (int) limits_get LDAP_P((
-	Operation *op, struct berval *ndn,
-	struct slap_limits_set **limit ));
 LDAP_SLAPD_F (int) limits_parse LDAP_P((
 	Backend *be, const char *fname, int lineno,
 	int argc, char **argv ));
@@ -1635,6 +1643,7 @@
 	Attribute *attrs,
 	int manage,
 	int add,
+	Attribute **socp,
 	const char** text,
 	char *textbuf, size_t textlen );
 
@@ -1696,6 +1705,8 @@
 LDAP_SLAPD_F (char *) scherr2str LDAP_P((int code)) LDAP_GCCATTR((const));
 LDAP_SLAPD_F (int) dscompare LDAP_P(( const char *s1, const char *s2del,
 	char delim ));
+LDAP_SLAPD_F (int) parse_syn LDAP_P((
+	struct config_args_s *ca, Syntax **sat, Syntax *prev ));
 
 /*
  * sessionlog.c
@@ -1755,7 +1766,10 @@
 	const char *syndesc, int *slen ));
 LDAP_SLAPD_F (int) syn_add LDAP_P((
 	LDAPSyntax *syn,
+	int user,
 	slap_syntax_defs_rec *def,
+	Syntax **ssyn,
+	Syntax *prev,
 	const char **err ));
 LDAP_SLAPD_F (void) syn_destroy LDAP_P(( void ));
 
@@ -1764,6 +1778,13 @@
 
 LDAP_SLAPD_F (int) syn_schema_info( Entry *e );
 
+LDAP_SLAPD_F (int) syn_start LDAP_P(( Syntax **at ));
+LDAP_SLAPD_F (int) syn_next LDAP_P(( Syntax **at ));
+LDAP_SLAPD_F (void) syn_delete LDAP_P(( Syntax *at ));
+
+LDAP_SLAPD_F (void) syn_unparse LDAP_P((
+	BerVarray *bva, Syntax *start, Syntax *end, int system ));
+
 /*
  * user.c
  */

Modified: openldap/vendor/openldap-release/servers/slapd/referral.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/referral.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/referral.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* referral.c - muck with referrals */
-/* $OpenLDAP: pkg/ldap/servers/slapd/referral.c,v 1.28.2.5 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/referral.c,v 1.28.2.6 2009/01/22 00:01:02 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/result.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/result.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/result.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* result.c - routines to send ldap results, errors, and referrals */
-/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.289.2.14 2008/05/28 16:28:18 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/result.c,v 1.289.2.21 2009/01/26 20:48:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -137,27 +137,53 @@
 	BerElement *ber )
 {
 	ber_len_t bytes;
+	long ret = 0;
+	int closing = 0;
 
 	ber_get_option( ber, LBER_OPT_BER_BYTES_TO_WRITE, &bytes );
 
 	/* write only one pdu at a time - wait til it's our turn */
-	ldap_pvt_thread_mutex_lock( &conn->c_write_mutex );
+	ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
+	if ( connection_state_closing( conn )) {
+		ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
+		return 0;
+	}
+	while ( conn->c_writers > 0 ) {
+		ldap_pvt_thread_cond_wait( &conn->c_write1_cv, &conn->c_write1_mutex );
+	}
+	/* connection was closed under us */
+	if ( conn->c_writers < 0 ) {
+		closing = 1;
+		/* we're the last waiter, let the closer continue */
+		if ( conn->c_writers == -1 )
+			ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
+	}
 
-	/* lock the connection */ 
-	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
+	conn->c_writers++;
 
+	if ( closing ) {
+		ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
+		return 0;
+	}
+
 	/* write the pdu */
 	while( 1 ) {
 		int err;
 
-		if ( connection_state_closing( conn ) ) {
-			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
-			ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
-
-			return 0;
+		/* lock the connection */ 
+		if ( ldap_pvt_thread_mutex_trylock( &conn->c_mutex )) {
+			ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
+			ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
+			if ( conn->c_writers < 0 ) {
+				ret = 0;
+				break;
+			}
+			continue;
 		}
 
 		if ( ber_flush2( conn->c_sb, ber, LBER_FLUSH_FREE_NEVER ) == 0 ) {
+			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+			ret = bytes;
 			break;
 		}
 
@@ -173,26 +199,42 @@
 		    err, sock_errstr(err), 0 );
 
 		if ( err != EWOULDBLOCK && err != EAGAIN ) {
+			conn->c_writers--;
+			ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
 			connection_closing( conn, "connection lost on write" );
 
 			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
-			ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
-
-			return( -1 );
+			return -1;
 		}
 
 		/* wait for socket to be write-ready */
+		ldap_pvt_thread_mutex_lock( &conn->c_write2_mutex );
 		conn->c_writewaiter = 1;
 		slapd_set_write( conn->c_sd, 1 );
 
-		ldap_pvt_thread_cond_wait( &conn->c_write_cv, &conn->c_mutex );
+		ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
+		ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
+		ldap_pvt_thread_cond_wait( &conn->c_write2_cv, &conn->c_write2_mutex );
 		conn->c_writewaiter = 0;
+		ldap_pvt_thread_mutex_unlock( &conn->c_write2_mutex );
+		ldap_pvt_thread_mutex_lock( &conn->c_write1_mutex );
+		if ( conn->c_writers < 0 ) {
+			ret = 0;
+			break;
+		}
 	}
 
-	ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
-	ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
+	if ( conn->c_writers < 0 ) {
+		conn->c_writers++;
+		if ( !conn->c_writers )
+			ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
+	} else {
+		conn->c_writers--;
+		ldap_pvt_thread_cond_signal( &conn->c_write1_cv );
+	}
+	ldap_pvt_thread_mutex_unlock( &conn->c_write1_mutex );
 
-	return bytes;
+	return ret;
 }
 
 static int
@@ -538,6 +580,14 @@
 		}
 	}
 
+	if ( rs->sr_flags & REP_CTRLS_MUSTBEFREED ) {
+		rs->sr_flags ^= REP_CTRLS_MUSTBEFREED; /* paranoia */
+		if ( rs->sr_ctrls ) {
+			slap_free_ctrls( op, rs->sr_ctrls );
+			rs->sr_ctrls = NULL;
+		}
+	}
+
 	return rc;
 }
 
@@ -641,14 +691,10 @@
 
 	if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) {
 		if ( op->o_tag == LDAP_REQ_SEARCH ) {
-			char nbuf[64];
-			snprintf( nbuf, sizeof nbuf, "%d nentries=%d",
-				rs->sr_err, rs->sr_nentries );
-
 			Statslog( LDAP_DEBUG_STATS,
-			"%s SEARCH RESULT tag=%lu err=%s text=%s\n",
-				op->o_log_prefix, rs->sr_tag, nbuf,
-				rs->sr_text ? rs->sr_text : "", 0 );
+				"%s SEARCH RESULT tag=%lu err=%d nentries=%d text=%s\n",
+				op->o_log_prefix, rs->sr_tag, rs->sr_err,
+				rs->sr_nentries, rs->sr_text ? rs->sr_text : "" );
 		} else {
 			Statslog( LDAP_DEBUG_STATS,
 				"%s RESULT tag=%lu err=%d text=%s\n",
@@ -739,7 +785,6 @@
 	BerElement	*ber = (BerElement *) &berbuf;
 	Attribute	*a;
 	int		i, j, rc = LDAP_UNAVAILABLE, bytes;
-	char		*edn;
 	int		userattrs;
 	AccessControlState acl_state = ACL_STATE_INIT;
 	int			 attrsonly;
@@ -802,8 +847,6 @@
 		goto error_return;
 	}
 
-	edn = rs->sr_entry->e_nname.bv_val;
-
 	if ( op->o_res_ber ) {
 		/* read back control or LDAP_CONNECTIONLESS */
 	    ber = op->o_res_ber;
@@ -1190,6 +1233,9 @@
 		goto error_return;
 	}
 
+	Statslog( LDAP_DEBUG_STATS2, "%s ENTRY dn=\"%s\"\n",
+	    op->o_log_prefix, rs->sr_entry->e_nname.bv_val, 0, 0, 0 );
+
 	if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
 		be_entry_release_rw( op, rs->sr_entry, 0 );
 		rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
@@ -1217,9 +1263,6 @@
 		ldap_pvt_thread_mutex_unlock( &op->o_counters->sc_mutex );
 	}
 
-	Statslog( LDAP_DEBUG_STATS2, "%s ENTRY dn=\"%s\"\n",
-	    op->o_log_prefix, edn, 0, 0, 0 );
-
 	Debug( LDAP_DEBUG_TRACE,
 		"<= send_search_entry: conn %lu exit.\n", op->o_connid, 0, 0 );
 
@@ -1265,6 +1308,7 @@
 	BerElement	*ber = (BerElement *) &berbuf;
 	int rc = 0;
 	int bytes;
+	char *edn = rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)";
 
 	AttributeDescription *ad_ref = slap_schema.si_ad_ref;
 	AttributeDescription *ad_entry = slap_schema.si_ad_entry;
@@ -1279,7 +1323,7 @@
 
 	Debug( LDAP_DEBUG_TRACE,
 		"=> send_search_reference: dn=\"%s\"\n",
-		rs->sr_entry ? rs->sr_entry->e_name.bv_val : "(null)", 0, 0 );
+		edn, 0, 0 );
 
 	if (  rs->sr_entry && ! access_allowed( op, rs->sr_entry,
 		ad_entry, NULL, ACL_READ, NULL ) )
@@ -1305,7 +1349,7 @@
 	if( op->o_domain_scope ) {
 		Debug( LDAP_DEBUG_ANY,
 			"send_search_reference: domainScope control in (%s)\n", 
-			rs->sr_entry->e_dn, 0, 0 );
+			edn, 0, 0 );
 		rc = 0;
 		goto rel;
 	}
@@ -1313,7 +1357,7 @@
 	if( rs->sr_ref == NULL ) {
 		Debug( LDAP_DEBUG_ANY,
 			"send_search_reference: null ref in (%s)\n", 
-			rs->sr_entry ? rs->sr_entry->e_dn : "(null)", 0, 0 );
+			edn, 0, 0 );
 		rc = 1;
 		goto rel;
 	}
@@ -1363,6 +1407,7 @@
 
 	rc = 0;
 	if ( rs->sr_flags & REP_ENTRY_MUSTRELEASE ) {
+		assert( rs->sr_entry != NULL );
 		be_entry_release_rw( op, rs->sr_entry, 0 );
 		rs->sr_flags ^= REP_ENTRY_MUSTRELEASE;
 		rs->sr_entry = NULL;
@@ -1512,8 +1557,8 @@
 	LDAPControl c;
 	Operation myop;
 
-	Debug( LDAP_DEBUG_ANY, "slap_read_controls: (%s) %s\n",
-		oid->bv_val, e->e_dn, 0 );
+	Debug( LDAP_DEBUG_ANY, "%s slap_read_controls: (%s) %s\n",
+		op->o_log_prefix, oid->bv_val, e->e_dn );
 
 	rs->sr_entry = e;
 	rs->sr_attrs = ( oid == &slap_pre_read_bv ) ?
@@ -1538,7 +1583,7 @@
 
 	rc = ber_flatten2( ber, &c.ldctl_value, 0 );
 
-	if( rc == LBER_ERROR ) return LDAP_OTHER;
+	if( rc == -1 ) return LDAP_OTHER;
 
 	c.ldctl_oid = oid->bv_val;
 	c.ldctl_iscritical = 0;

Modified: openldap/vendor/openldap-release/servers/slapd/root_dse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/root_dse.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/root_dse.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* root_dse.c - Provides the Root DSA-Specific Entry */
-/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.113.2.8 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/root_dse.c,v 1.113.2.9 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/sasl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sasl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/sasl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.239.2.12 2008/02/12 00:54:34 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sasl.c,v 1.239.2.16 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -117,7 +117,7 @@
 	}
 
 	Debug( level, "SASL [conn=%ld] %s: %s\n",
-		conn ? conn->c_connid: -1,
+		conn ? (long) conn->c_connid: -1L,
 		label, message );
 
 
@@ -397,7 +397,8 @@
 	Operation op = {0};
 	Opheader oph;
 	SlapReply rs = {REP_RESULT};
-	int rc, i, j;
+	int rc, i;
+	unsigned j;
 	Connection *conn = NULL;
 	const struct propval *pr;
 	Modifications *modlist = NULL, **modtail = &modlist, *mod;
@@ -554,7 +555,7 @@
 	*out_len = 0;
 
 	Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
-		conn ? conn->c_connid : -1,
+		conn ? (long) conn->c_connid : -1L,
 		(flags & SASL_CU_AUTHID) ? "authcid" : "authzid",
 		in ? in : "<empty>");
 
@@ -636,7 +637,7 @@
 	prop_set( props, names[0], dn.bv_val, dn.bv_len );
 
 	Debug( LDAP_DEBUG_ARGS, "SASL Canonicalize [conn=%ld]: %s=\"%s\"\n",
-		conn ? conn->c_connid : -1, names[0]+1,
+		conn ? (long) conn->c_connid : -1L, names[0]+1,
 		dn.bv_val ? dn.bv_val : "<EMPTY>" );
 
 	/* Not needed any more, SASL has copied it */
@@ -679,7 +680,7 @@
 
 	Debug( LDAP_DEBUG_ARGS, "SASL proxy authorize [conn=%ld]: "
 		"authcid=\"%s\" authzid=\"%s\"\n",
-		conn ? conn->c_connid : -1, auth_identity, requested_user );
+		conn ? (long) conn->c_connid : -1L, auth_identity, requested_user );
 	if ( conn->c_sasl_dn.bv_val ) {
 		BER_BVZERO( &conn->c_sasl_dn );
 	}
@@ -709,7 +710,7 @@
 	if ( rc != LDAP_SUCCESS ) {
 		Debug( LDAP_DEBUG_TRACE, "SASL Proxy Authorize [conn=%ld]: "
 			"proxy authorization disallowed (%d)\n",
-			(long) (conn ? conn->c_connid : -1), rc, 0 );
+			conn ? (long) conn->c_connid : -1L, rc, 0 );
 
 		sasl_seterror( sconn, 0, "not authorized" );
 		return SASL_NOAUTHZ;
@@ -729,7 +730,7 @@
 
 	Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: "
 		" proxy authorization allowed authzDN=\"%s\"\n",
-		(long) (conn ? conn->c_connid : -1), 
+		conn ? (long) conn->c_connid : -1L, 
 		authzDN.bv_val ? authzDN.bv_val : "", 0 );
 	return SASL_OK;
 } 
@@ -1044,7 +1045,7 @@
 		}
 		rc = REWRITE_ERR;
 	}
-	filter_free_x( op, op->ors_filter );
+	filter_free_x( op, op->ors_filter, 1 );
 	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/saslauthz.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/saslauthz.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/saslauthz.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/saslauthz.c,v 1.163.2.8 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/saslauthz.c,v 1.163.2.11 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 2000 Mark Adamson, Carnegie Mellon.
  * All rights reserved.
  *
@@ -1226,7 +1226,7 @@
 
 done:
 	if( rc != LDAP_SUCCESS ) {
-		if( *filter ) filter_free_x( op, *filter );
+		if( *filter ) filter_free_x( op, *filter, 1 );
 		BER_BVZERO( base );
 		BER_BVZERO( fstr );
 	} else {
@@ -1699,7 +1699,7 @@
 
 			/* leave room for at least one char of attributeType,
 			 * one for '=' and one for ',' */
-			if ( d < STRLENOF( "x=,") ) {
+			if ( d < (int) STRLENOF( "x=,") ) {
 				goto CONCLUDED;
 			}
 
@@ -1843,7 +1843,7 @@
 CONCLUDED:
 	if( !BER_BVISNULL( &op.o_req_dn ) ) slap_sl_free( op.o_req_dn.bv_val, opx->o_tmpmemctx );
 	if( !BER_BVISNULL( &op.o_req_ndn ) ) slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
-	if( op.ors_filter ) filter_free_x( opx, op.ors_filter );
+	if( op.ors_filter ) filter_free_x( opx, op.ors_filter, 1 );
 	if( !BER_BVISNULL( &op.ors_filterstr ) ) ch_free( op.ors_filterstr.bv_val );
 
 	Debug( LDAP_DEBUG_TRACE,
@@ -2015,7 +2015,7 @@
 		slap_sl_free( op.o_req_ndn.bv_val, opx->o_tmpmemctx );
 	}
 	if( op.ors_filter ) {
-		filter_free_x( opx, op.ors_filter );
+		filter_free_x( opx, op.ors_filter, 1 );
 	}
 	if( !BER_BVISNULL( &op.ors_filterstr ) ) {
 		ch_free( op.ors_filterstr.bv_val );

Modified: openldap/vendor/openldap-release/servers/slapd/schema/README
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/README	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/README	2009-02-17 16:18:54 UTC (rev 1195)
@@ -34,7 +34,7 @@
 
 This notice applies to all files in this directory.
 
-Copyright 1998-2008 The OpenLDAP Foundation, Redwood City, California, USA
+Copyright 1998-2009 The OpenLDAP Foundation, Redwood City, California, USA
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -77,4 +77,4 @@
 
 
 ---
-$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.3 2008/02/11 23:26:49 kurt Exp $
+$OpenLDAP: pkg/ldap/servers/slapd/schema/README,v 1.29.2.4 2009/01/22 00:01:13 kurt Exp $

Modified: openldap/vendor/openldap-release/servers/slapd/schema/cosine.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/cosine.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/cosine.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # RFC1274: Cosine and Internet X.500 schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.ldif,v 1.1.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/duaconf.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/duaconf.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/duaconf.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/duaconf.schema,v 1.5.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/dyngroup.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # dyngroup.schema -- Dynamic Group schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.4 2008/02/12 05:17:43 quanah Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.5 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # InetOrgPerson (RFC2798)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.ldif,v 1.1.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/inetorgperson.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # inetorgperson.schema -- InetOrgPerson (RFC2798)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.18.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/misc.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/misc.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/misc.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # misc.schema -- assorted schema definitions
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/misc.schema,v 1.30.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/nadf.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/nadf.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/nadf.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # nadf.schema -- NADF-defined schema
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/nadf.schema,v 1.13.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nadf.schema,v 1.13.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/nis.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/nis.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/nis.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # NIS (RFC2307)
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.ldif,v 1.1.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/nis.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/nis.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/nis.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/nis.schema,v 1.15.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/openldap.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.4 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.ldif,v 1.2.2.5 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema/openldap.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.4 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/openldap.schema,v 1.24.2.5 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/servers/slapd/schema/pmi.schema
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema/pmi.schema	                        (rev 0)
+++ openldap/vendor/openldap-release/servers/slapd/schema/pmi.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,464 @@
+# OpenLDAP X.509 PMI schema
+# $OpenLDAP: pkg/ldap/servers/slapd/schema/pmi.schema,v 1.1.2.2 2009/01/22 00:01:14 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+#
+## Portions Copyright (C) The Internet Society (1997-2006).
+## All Rights Reserved.
+##
+## This document and translations of it may be copied and furnished to
+## others, and derivative works that comment on or otherwise explain it
+## or assist in its implementation may be prepared, copied, published
+## and distributed, in whole or in part, without restriction of any
+## kind, provided that the above copyright notice and this paragraph are
+## included on all such copies and derivative works.  However, this
+## document itself may not be modified in any way, such as by removing
+## the copyright notice or references to the Internet Society or other
+## Internet organizations, except as needed for the purpose of
+## developing Internet standards in which case the procedures for
+## copyrights defined in the Internet Standards process must be         
+## followed, or as required to translate it into languages other than
+## English.
+##                                                                      
+## The limited permissions granted above are perpetual and will not be  
+## revoked by the Internet Society or its successors or assigns.        
+## 
+## This document and the information contained herein is provided on an 
+## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+#
+#
+# Includes LDAPv3 schema items from:
+# ITU X.509 (08/2005)
+#
+## X.509 (08/2005) pp. 120-121
+## 
+## -- object identifier assignments --
+## -- object classes --
+## id-oc-pmiUser                            OBJECT IDENTIFIER ::= {id-oc 24}
+## id-oc-pmiAA                              OBJECT IDENTIFIER ::= {id-oc 25}
+## id-oc-pmiSOA                             OBJECT IDENTIFIER ::= {id-oc 26}
+## id-oc-attCertCRLDistributionPts          OBJECT IDENTIFIER ::= {id-oc 27}
+## id-oc-privilegePolicy                    OBJECT IDENTIFIER ::= {id-oc 32}
+## id-oc-pmiDelegationPath                  OBJECT IDENTIFIER ::= {id-oc 33}
+## id-oc-protectedPrivilegePolicy           OBJECT IDENTIFIER ::= {id-oc 34}
+## -- directory attributes --
+## id-at-attributeCertificate               OBJECT IDENTIFIER ::= {id-at 58}
+## id-at-attributeCertificateRevocationList OBJECT IDENTIFIER ::= {id-at 59}
+## id-at-aACertificate                      OBJECT IDENTIFIER ::= {id-at 61}
+## id-at-attributeDescriptorCertificate     OBJECT IDENTIFIER ::= {id-at 62}
+## id-at-attributeAuthorityRevocationList   OBJECT IDENTIFIER ::= {id-at 63}
+## id-at-privPolicy                         OBJECT IDENTIFIER ::= {id-at 71}
+## id-at-role                               OBJECT IDENTIFIER ::= {id-at 72}
+## id-at-delegationPath                     OBJECT IDENTIFIER ::= {id-at 73}
+## id-at-protPrivPolicy                     OBJECT IDENTIFIER ::= {id-at 74}
+## id-at-xMLPrivilegeInfo                   OBJECT IDENTIFIER ::= {id-at 75}
+## id-at-xMLPprotPrivPolicy                 OBJECT IDENTIFIER ::= {id-at 76}
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier       OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier             OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints                OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints           OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification                  OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor                OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice                         OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier                      OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies             OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation                  OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail                         OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies        OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer                     OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion                        OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf                   OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+## id-mr-attributeCertificateMatch          OBJECT IDENTIFIER ::= {id-mr 42}
+## id-mr-attributeCertificateExactMatch     OBJECT IDENTIFIER ::= {id-mr 45}
+## id-mr-holderIssuerMatch                  OBJECT IDENTIFIER ::= {id-mr 46}
+## id-mr-authAttIdMatch                     OBJECT IDENTIFIER ::= {id-mr 53}
+## id-mr-roleSpecCertIdMatch                OBJECT IDENTIFIER ::= {id-mr 54}
+## id-mr-basicAttConstraintsMatch           OBJECT IDENTIFIER ::= {id-mr 55}
+## id-mr-delegatedNameConstraintsMatch      OBJECT IDENTIFIER ::= {id-mr 56}
+## id-mr-timeSpecMatch                      OBJECT IDENTIFIER ::= {id-mr 57}
+## id-mr-attDescriptorMatch                 OBJECT IDENTIFIER ::= {id-mr 58}
+## id-mr-acceptableCertPoliciesMatch        OBJECT IDENTIFIER ::= {id-mr 59}
+## id-mr-delegationPathMatch                OBJECT IDENTIFIER ::= {id-mr 61}
+## id-mr-sOAIdentifierMatch                 OBJECT IDENTIFIER ::= {id-mr 66}
+## id-mr-indirectIssuerMatch                OBJECT IDENTIFIER ::= {id-mr 67}
+## 
+## 
+## X.509 (08/2005) pp. 71, 86-89
+##
+## 14.4.1 Role attribute
+## role  ATTRIBUTE ::= {
+##       WITH SYNTAX         RoleSyntax
+##       ID                  id-at-role }
+## RoleSyntax ::= SEQUENCE {
+## roleAuthority     [0]     GeneralNames  OPTIONAL,
+## roleName          [1]     GeneralName }
+## 
+## 14.5     XML privilege information attribute
+##    xmlPrivilegeInfo ATTRIBUTE ::= {
+##      WITH SYNTAX UTF8String -- contains XML-encoded privilege information
+##      ID                 id-at-xMLPrivilegeInfo }
+## 
+## 17.1 PMI directory object classes
+## 
+## 17.1.1   PMI user object class
+##    pmiUser OBJECT-CLASS ::= {
+##    -- a PMI user (i.e., a "holder")
+##      SUBCLASS OF          {top}
+##      KIND                 auxiliary
+##      MAY CONTAIN          {attributeCertificateAttribute}
+##      ID                   id-oc-pmiUser }
+## 
+## 17.1.2     PMI AA object class
+##     pmiAA OBJECT-CLASS ::= {
+##     -- a PMI AA
+##       SUBCLASS OF          {top}
+##       KIND                 auxiliary
+##       MAY CONTAIN          {aACertificate |
+##                            attributeCertificateRevocationList |
+##                            attributeAuthorityRevocationList}
+##       ID                   id-oc-pmiAA }
+## 
+## 17.1.3     PMI SOA object class
+##     pmiSOA OBJECT-CLASS ::= { -- a PMI Source of Authority
+##       SUBCLASS OF {top}
+##       KIND                 auxiliary
+##       MAY CONTAIN          {attributeCertificateRevocationList |
+##                            attributeAuthorityRevocationList |
+##                            attributeDescriptorCertificate}
+##       ID                   id-oc-pmiSOA }
+## 
+## 17.1.4     Attribute certificate CRL distribution point object class
+##     attCertCRLDistributionPt          OBJECT-CLASS ::= {
+##       SUBCLASS OF {top}
+##       KIND                 auxiliary
+##       MAY CONTAIN          { attributeCertificateRevocationList |
+##                            attributeAuthorityRevocationList }
+##       ID                   id-oc-attCertCRLDistributionPts }
+## 
+## 17.1.5     PMI delegation path
+##     pmiDelegationPath            OBJECT-CLASS ::= {
+##         SUBCLASS OF              {top}
+##         KIND                     auxiliary
+##         MAY CONTAIN              { delegationPath }
+##         ID                       id-oc-pmiDelegationPath }
+## 
+## 17.1.6     Privilege policy object class
+##     privilegePolicy        OBJECT-CLASS ::= {
+##         SUBCLASS OF              {top}
+##         KIND                     auxiliary
+##         MAY CONTAIN              {privPolicy }
+##         ID                       id-oc-privilegePolicy }
+## 
+## 17.1.7     Protected privilege policy object class
+##     protectedPrivilegePolicy               OBJECT-CLASS       ::= {
+##         SUBCLASS OF              {top}
+##         KIND                     auxiliary
+##         MAY CONTAIN            {protPrivPolicy }
+##         ID                     id-oc-protectedPrivilegePolicy }
+## 
+## 17.2       PMI Directory attributes
+## 
+## 17.2.1     Attribute certificate attribute
+##     attributeCertificateAttribute ATTRIBUTE ::= {
+##         WITH SYNTAX                            AttributeCertificate
+##         EQUALITY MATCHING RULE                 attributeCertificateExactMatch
+##         ID                                     id-at-attributeCertificate }
+## 
+## 17.2.2     AA certificate attribute
+##     aACertificate         ATTRIBUTE ::= {
+##         WITH SYNTAX                            AttributeCertificate
+##         EQUALITY MATCHING RULE                 attributeCertificateExactMatch
+##         ID                                     id-at-aACertificate }
+## 
+## 17.2.3     Attribute descriptor certificate attribute
+##     attributeDescriptorCertificate        ATTRIBUTE ::= {
+##         WITH SYNTAX                            AttributeCertificate
+##         EQUALITY MATCHING RULE                 attributeCertificateExactMatch
+##         ID                                     id-at-attributeDescriptorCertificate }
+## 
+## 17.2.4     Attribute certificate revocation list attribute
+##     attributeCertificateRevocationList         ATTRIBUTE ::= {
+##         WITH SYNTAX                            CertificateList
+##         EQUALITY MATCHING RULE                 certificateListExactMatch
+##         ID                                     id-at-attributeCertificateRevocationList}
+## 
+## 17.2.5     AA certificate revocation list attribute
+##     attributeAuthorityRevocationList           ATTRIBUTE ::= {
+##         WITH SYNTAX                            CertificateList
+##         EQUALITY MATCHING RULE                 certificateListExactMatch
+##         ID                                     id-at-attributeAuthorityRevocationList }
+## 
+## 17.2.6     Delegation path attribute
+##     delegationPath        ATTRIBUTE ::= {
+##         WITH SYNTAX                  AttCertPath
+##         ID                           id-at-delegationPath }
+##     AttCertPath      ::= SEQUENCE OF AttributeCertificate
+## 
+## 17.2.7     Privilege policy attribute
+##     privPolicy ATTRIBUTE ::= {
+##         WITH SYNTAX             PolicySyntax
+##         ID                      id-at-privPolicy }
+## 
+## 17.2.8     Protected privilege policy attribute
+##        protPrivPolicy       ATTRIBUTE        ::= {
+##         WITH SYNTAX                          AttributeCertificate
+##         EQUALITY MATCHING RULE               attributeCertificateExactMatch
+##         ID                                   id-at-protPrivPolicy }
+## 
+## 17.2.9     XML Protected privilege policy attribute
+##        xmlPrivPolicy        ATTRIBUTE ::= {
+##         WITH SYNTAX         UTF8String -- contains XML-encoded privilege policy information
+##         ID                  id-at-xMLPprotPrivPolicy }
+## 
+
+## -- object identifier assignments --
+## -- object classes --
+objectidentifier	id-oc-pmiUser 2.5.6.24
+objectidentifier	id-oc-pmiAA 2.5.6.25
+objectidentifier	id-oc-pmiSOA 2.5.6.26
+objectidentifier	id-oc-attCertCRLDistributionPts 2.5.6.27
+objectidentifier	id-oc-privilegePolicy 2.5.6.32
+objectidentifier	id-oc-pmiDelegationPath 2.5.6.33
+objectidentifier	id-oc-protectedPrivilegePolicy 2.5.6.34
+## -- directory attributes --
+objectidentifier	id-at-attributeCertificate 2.5.4.58
+objectidentifier	id-at-attributeCertificateRevocationList 2.5.4.59
+objectidentifier	id-at-aACertificate 2.5.4.61
+objectidentifier	id-at-attributeDescriptorCertificate 2.5.4.62
+objectidentifier	id-at-attributeAuthorityRevocationList 2.5.4.63
+objectidentifier	id-at-privPolicy 2.5.4.71
+objectidentifier	id-at-role 2.5.4.72
+objectidentifier	id-at-delegationPath 2.5.4.73
+objectidentifier	id-at-protPrivPolicy 2.5.4.74
+objectidentifier	id-at-xMLPrivilegeInfo 2.5.4.75
+objectidentifier	id-at-xMLPprotPrivPolicy 2.5.4.76
+## -- attribute certificate extensions --
+## id-ce-authorityAttributeIdentifier       OBJECT IDENTIFIER ::= {id-ce 38}
+## id-ce-roleSpecCertIdentifier             OBJECT IDENTIFIER ::= {id-ce 39}
+## id-ce-basicAttConstraints                OBJECT IDENTIFIER ::= {id-ce 41}
+## id-ce-delegatedNameConstraints           OBJECT IDENTIFIER ::= {id-ce 42}
+## id-ce-timeSpecification                  OBJECT IDENTIFIER ::= {id-ce 43}
+## id-ce-attributeDescriptor                OBJECT IDENTIFIER ::= {id-ce 48}
+## id-ce-userNotice                         OBJECT IDENTIFIER ::= {id-ce 49}
+## id-ce-sOAIdentifier                      OBJECT IDENTIFIER ::= {id-ce 50}
+## id-ce-acceptableCertPolicies             OBJECT IDENTIFIER ::= {id-ce 52}
+## id-ce-targetInformation                  OBJECT IDENTIFIER ::= {id-ce 55}
+## id-ce-noRevAvail                         OBJECT IDENTIFIER ::= {id-ce 56}
+## id-ce-acceptablePrivilegePolicies        OBJECT IDENTIFIER ::= {id-ce 57}
+## id-ce-indirectIssuer                     OBJECT IDENTIFIER ::= {id-ce 61}
+## id-ce-noAssertion                        OBJECT IDENTIFIER ::= {id-ce 62}
+## id-ce-issuedOnBehalfOf                   OBJECT IDENTIFIER ::= {id-ce 64}
+## -- PMI matching rules --
+objectidentifier	id-mr 2.5.13
+objectidentifier	id-mr-attributeCertificateMatch id-mr:42
+objectidentifier	id-mr-attributeCertificateExactMatch id-mr:45
+objectidentifier	id-mr-holderIssuerMatch id-mr:46
+objectidentifier	id-mr-authAttIdMatch id-mr:53
+objectidentifier	id-mr-roleSpecCertIdMatch id-mr:54
+objectidentifier	id-mr-basicAttConstraintsMatch id-mr:55
+objectidentifier	id-mr-delegatedNameConstraintsMatch id-mr:56
+objectidentifier	id-mr-timeSpecMatch id-mr:57
+objectidentifier	id-mr-attDescriptorMatch id-mr:58
+objectidentifier	id-mr-acceptableCertPoliciesMatch id-mr:59
+objectidentifier	id-mr-delegationPathMatch id-mr:61
+objectidentifier	id-mr-sOAIdentifierMatch id-mr:66
+objectidentifier	id-mr-indirectIssuerMatch id-mr:67
+## -- syntaxes --
+## NOTE: 1.3.6.1.4.1.4203.666.11.10 is the oid arc assigned by OpenLDAP
+## to this work in progress
+objectidentifier	AttributeCertificate 1.3.6.1.4.1.4203.666.11.10.2.1
+objectidentifier	CertificateList 1.3.6.1.4.1.1466.115.121.1.9
+objectidentifier	AttCertPath 1.3.6.1.4.1.4203.666.11.10.2.4
+objectidentifier	PolicySyntax 1.3.6.1.4.1.4203.666.11.10.2.5
+objectidentifier	RoleSyntax 1.3.6.1.4.1.4203.666.11.10.2.6
+#  NOTE: OIDs from <draft-ietf-pkix-ldap-schema-02.txt> (expired)
+#objectidentifier	AttributeCertificate 1.2.826.0.1.3344810.7.5
+#objectidentifier	AttCertPath 1.2.826.0.1.3344810.7.10
+#objectidentifier	PolicySyntax 1.2.826.0.1.3344810.7.17
+#objectidentifier	RoleSyntax 1.2.826.0.1.3344810.7.13
+##
+## Substitute syntaxes
+##
+## AttCertPath
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.4
+	NAME 'AttCertPath'
+	DESC 'X.509 PMI attribute cartificate path: SEQUENCE OF AttributeCertificate'
+	X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## PolicySyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.5
+	NAME 'PolicySyntax'
+	DESC 'X.509 PMI policy syntax'
+	X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## RoleSyntax
+ldapsyntax ( 1.3.6.1.4.1.4203.666.11.10.2.6
+	NAME 'RoleSyntax'
+	DESC 'X.509 PMI role syntax'
+	X-SUBST '1.3.6.1.4.1.1466.115.121.1.15' )
+##
+## X.509 (08/2005) pp. 71, 86-89
+## 
+## 14.4.1 Role attribute
+attributeType ( id-at-role
+	NAME 'role'
+	DESC 'X.509 Role attribute, use ;binary'
+	SYNTAX RoleSyntax )
+## 
+## 14.5     XML privilege information attribute
+##  -- contains XML-encoded privilege information
+attributeType ( id-at-xMLPrivilegeInfo
+	NAME 'xmlPrivilegeInfo'
+	DESC 'X.509 XML privilege information attribute'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+## 
+## 17.2       PMI Directory attributes
+## 
+## 17.2.1     Attribute certificate attribute
+attributeType ( id-at-attributeCertificate
+	NAME 'attributeCertificateAttribute'
+	DESC 'X.509 Attribute certificate attribute, use ;binary'
+	SYNTAX AttributeCertificate
+	EQUALITY attributeCertificateExactMatch )
+## 
+## 17.2.2     AA certificate attribute
+attributeType ( id-at-aACertificate
+	NAME 'aACertificate'
+	DESC 'X.509 AA certificate attribute, use ;binary'
+	SYNTAX AttributeCertificate
+	EQUALITY attributeCertificateExactMatch )
+## 
+## 17.2.3     Attribute descriptor certificate attribute
+attributeType ( id-at-attributeDescriptorCertificate
+	NAME 'attributeDescriptorCertificate'
+	DESC 'X.509 Attribute descriptor certificate attribute, use ;binary'
+	SYNTAX AttributeCertificate
+	EQUALITY attributeCertificateExactMatch )
+## 
+## 17.2.4     Attribute certificate revocation list attribute
+attributeType ( id-at-attributeCertificateRevocationList
+	NAME 'attributeCertificateRevocationList'
+	DESC 'X.509 Attribute certificate revocation list attribute, use ;binary'
+	SYNTAX CertificateList 
+	X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+## 
+## 17.2.5     AA certificate revocation list attribute
+attributeType ( id-at-attributeAuthorityRevocationList
+	NAME 'attributeAuthorityRevocationList'
+	DESC 'X.509 AA certificate revocation list attribute, use ;binary'
+	SYNTAX CertificateList
+	X-EQUALITY 'certificateListExactMatch, not implemented yet' )
+## 
+## 17.2.6     Delegation path attribute
+attributeType ( id-at-delegationPath
+	NAME 'delegationPath'
+	DESC 'X.509 Delegation path attribute, use ;binary'
+	SYNTAX AttCertPath )
+##     AttCertPath      ::= SEQUENCE OF AttributeCertificate
+## 
+## 17.2.7     Privilege policy attribute
+attributeType ( id-at-privPolicy
+	NAME 'privPolicy'
+	DESC 'X.509 Privilege policy attribute, use ;binary'
+	SYNTAX PolicySyntax )
+## 
+## 17.2.8     Protected privilege policy attribute
+attributeType ( id-at-protPrivPolicy
+	NAME 'protPrivPolicy'
+	DESC 'X.509 Protected privilege policy attribute, use ;binary'
+	SYNTAX AttributeCertificate
+	EQUALITY attributeCertificateExactMatch )
+## 
+## 17.2.9     XML Protected privilege policy attribute
+## -- contains XML-encoded privilege policy information
+attributeType ( id-at-xMLPprotPrivPolicy
+	NAME 'xmlPrivPolicy'
+	DESC 'X.509 XML Protected privilege policy attribute'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+##
+## 17.1 PMI directory object classes
+## 
+## 17.1.1   PMI user object class
+##    -- a PMI user (i.e., a "holder")
+objectClass ( id-oc-pmiUser
+	NAME 'pmiUser'
+	DESC 'X.509 PMI user object class'
+	SUP top
+	AUXILIARY
+	MAY ( attributeCertificateAttribute ) )
+## 
+## 17.1.2     PMI AA object class
+##     -- a PMI AA
+objectClass ( id-oc-pmiAA
+	NAME 'pmiAA'
+	DESC 'X.509 PMI AA object class'
+	SUP top
+	AUXILIARY
+	MAY ( aACertificate $
+		attributeCertificateRevocationList $
+		attributeAuthorityRevocationList
+	) )
+## 
+## 17.1.3     PMI SOA object class
+##     -- a PMI Source of Authority
+objectClass ( id-oc-pmiSOA
+	NAME 'pmiSOA'
+	DESC 'X.509 PMI SOA object class'
+	SUP top
+	AUXILIARY
+	MAY ( attributeCertificateRevocationList $
+		attributeAuthorityRevocationList $
+		attributeDescriptorCertificate
+	) )
+## 
+## 17.1.4     Attribute certificate CRL distribution point object class
+objectClass ( id-oc-attCertCRLDistributionPts
+	NAME 'attCertCRLDistributionPt'
+	DESC 'X.509 Attribute certificate CRL distribution point object class'
+	SUP top
+	AUXILIARY
+	MAY ( attributeCertificateRevocationList $
+		attributeAuthorityRevocationList
+	) )
+## 
+## 17.1.5     PMI delegation path
+objectClass ( id-oc-pmiDelegationPath
+	NAME 'pmiDelegationPath'
+	DESC 'X.509 PMI delegation path'
+	SUP top
+	AUXILIARY
+	MAY ( delegationPath ) )
+## 
+## 17.1.6     Privilege policy object class
+objectClass ( id-oc-privilegePolicy
+	NAME 'privilegePolicy'
+	DESC 'X.509 Privilege policy object class'
+	SUP top
+	AUXILIARY
+	MAY ( privPolicy ) )
+## 
+## 17.1.7     Protected privilege policy object class
+objectClass ( id-oc-protectedPrivilegePolicy
+	NAME 'protectedPrivilegePolicy'
+	DESC 'X.509 Protected privilege policy object class'
+	SUP top
+	AUXILIARY
+	MAY ( protPrivPolicy ) )
+

Modified: openldap/vendor/openldap-release/servers/slapd/schema.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* schema.c - routines to manage schema definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema.c,v 1.105.2.4 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema.c,v 1.105.2.5 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/schema_check.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_check.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema_check.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* schema_check.c - routines to enforce schema definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.103.2.6 2008/04/18 22:33:55 ando Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_check.c,v 1.103.2.9 2009/02/05 19:35:54 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -49,6 +49,7 @@
 	Attribute *oldattrs,
 	int manage,
 	int add,
+	Attribute **socp,
 	const char** text,
 	char *textbuf, size_t textlen )
 {
@@ -212,15 +213,28 @@
 		rc = LDAP_OBJECT_CLASS_VIOLATION;
 		goto done;
 
-	} else if ( sc != slap_schema.si_oc_glue && sc != oc ) {
-		snprintf( textbuf, textlen, 
-			"structural object class modification "
-			"from '%s' to '%s' not allowed",
-			asc->a_vals[0].bv_val, oc->soc_cname.bv_val );
-		rc = LDAP_NO_OBJECT_CLASS_MODS;
-		goto done;
-	} else if ( sc == slap_schema.si_oc_glue ) {
+	} else if ( sc != oc ) {
+		if ( !manage && sc != slap_schema.si_oc_glue ) {
+			snprintf( textbuf, textlen, 
+				"structural object class modification "
+				"from '%s' to '%s' not allowed",
+				asc->a_vals[0].bv_val, oc->soc_cname.bv_val );
+			rc = LDAP_NO_OBJECT_CLASS_MODS;
+			goto done;
+		}
+
+		assert( asc->a_vals != NULL );
+		assert( !BER_BVISNULL( &asc->a_vals[0] ) );
+		assert( BER_BVISNULL( &asc->a_vals[1] ) );
+		assert( asc->a_nvals == asc->a_vals );
+
+		/* draft-zeilenga-ldap-relax: automatically modify
+		 * structuralObjectClass if changed with relax */
 		sc = oc;
+		ber_bvreplace( &asc->a_vals[ 0 ], &sc->soc_cname );
+		if ( socp ) {
+			*socp = asc;
+		}
 	}
 
 	/* naming check */
@@ -880,11 +894,13 @@
 						ava->la_attr.bv_val );
 					break;
 				case LDAP_NO_SUCH_ATTRIBUTE:
-					snprintf( textbuf, textlen, 
-						"value of naming attribute '%s' is not present in entry",
-						ava->la_attr.bv_val );
 					if ( add_naming ) {
 						add = 1;
+						rc = LDAP_SUCCESS;
+					} else {
+						snprintf( textbuf, textlen, 
+							"value of naming attribute '%s' is not present in entry",
+							ava->la_attr.bv_val );
 					}
 					break;
 				default:
@@ -892,7 +908,10 @@
 						"naming attribute '%s' is inappropriate",
 						ava->la_attr.bv_val );
 				}
-				rc = LDAP_NAMING_VIOLATION;
+
+				if ( !add ) {
+					rc = LDAP_NAMING_VIOLATION;
+				}
 			}
 		}
 

Modified: openldap/vendor/openldap-release/servers/slapd/schema_init.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_init.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema_init.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* schema_init.c - init builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.386.2.22 2008/07/10 00:02:48 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_init.c,v 1.386.2.31 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -57,6 +57,32 @@
 
 #define authzMatch				octetStringMatch
 
+/* X.509 PMI ldapSyntaxes */
+/* FIXME: need to create temporary OIDs under OpenLDAP's arc;
+ * these are currently hijacked
+ *
+ *	1.3.6.1.4.1.4203.666		OpenLDAP
+ *	1.3.6.1.4.1.4203.666.11		self-contained works
+ *	1.3.6.1.4.1.4203.666.11.10	X.509 PMI
+ *	1.3.6.1.4.1.4203.666.11.10.2	X.509 PMI ldapSyntaxes
+ *	1.3.6.1.4.1.4203.666.11.10.2.1	AttributeCertificate (supported)
+ *	1.3.6.1.4.1.4203.666.11.10.2.2	AttributeCertificateExactAssertion (supported)
+ *	1.3.6.1.4.1.4203.666.11.10.2.3	AttributeCertificateAssertion (not supported)
+ *	1.3.6.1.4.1.4203.666.11.10.2.4	AttCertPath (X-SUBST'ed right now in pmi.schema)
+ *	1.3.6.1.4.1.4203.666.11.10.2.5	PolicySyntax (X-SUBST'ed right now in pmi.schema)
+ *	1.3.6.1.4.1.4203.666.11.10.2.6	RoleSyntax (X-SUBST'ed right now in pmi.schema)
+ */
+#if 0 /* from <draft-ietf-pkix-ldap-schema-02.txt> (expired) */
+#define attributeCertificateSyntaxOID			"1.2.826.0.1.3344810.7.5"
+#define attributeCertificateExactAssertionSyntaxOID	"1.2.826.0.1.3344810.7.6"
+#define attributeCertificateAssertionSyntaxOID		"1.2.826.0.1.3344810.7.7"
+#else /* from OpenLDAP's experimental oid arc */
+#define X509_PMI_SyntaxOID				"1.3.6.1.4.1.4203.666.11.10.2"
+#define attributeCertificateSyntaxOID			X509_PMI_SyntaxOID ".1"
+#define attributeCertificateExactAssertionSyntaxOID	X509_PMI_SyntaxOID ".2"
+#define attributeCertificateAssertionSyntaxOID		X509_PMI_SyntaxOID ".3"
+#endif
+
 unsigned int index_substr_if_minlen = SLAP_INDEX_SUBSTR_IF_MINLEN_DEFAULT;
 unsigned int index_substr_if_maxlen = SLAP_INDEX_SUBSTR_IF_MAXLEN_DEFAULT;
 unsigned int index_substr_any_len = SLAP_INDEX_SUBSTR_ANY_LEN_DEFAULT;
@@ -74,7 +100,14 @@
 	Syntax *syntax,
 	struct berval *in );
 
+#ifdef SUPPORT_OBSOLETE_UTC_SYNTAX
 static int
+utcTimeValidate(
+	Syntax *syntax,
+	struct berval *in );
+#endif /* SUPPORT_OBSOLETE_UTC_SYNTAX */
+
+static int
 inValidate(
 	Syntax *syntax,
 	struct berval *in )
@@ -113,6 +146,12 @@
 	SLAP_X509_V3		= 2
 };
 
+enum {
+	SLAP_TAG_UTCTIME		= 0x17U,
+	SLAP_TAG_GENERALIZEDTIME	= 0x18U
+};
+
+
 #define	SLAP_X509_OPTION	(LBER_CLASS_CONTEXT|LBER_CONSTRUCTED)
 
 enum {
@@ -126,8 +165,43 @@
 	SLAP_X509_OPT_CL_CRLEXTENSIONS	= SLAP_X509_OPTION + 0
 };
 
+/*
+GeneralName ::= CHOICE {
+  otherName                 [0] INSTANCE OF OTHER-NAME,
+  rfc822Name                [1] IA5String,
+  dNSName                   [2] IA5String,
+  x400Address               [3] ORAddress,
+  directoryName             [4] Name,
+  ediPartyName              [5] EDIPartyName,
+  uniformResourceIdentifier [6] IA5String,
+  iPAddress                 [7] OCTET STRING,
+  registeredID              [8] OBJECT IDENTIFIER }
+*/
+enum {
+	SLAP_X509_GN_OTHERNAME		= SLAP_X509_OPTION + 0,
+	SLAP_X509_GN_RFC822NAME		= SLAP_X509_OPTION + 1,
+	SLAP_X509_GN_DNSNAME		= SLAP_X509_OPTION + 2,
+	SLAP_X509_GN_X400ADDRESS	= SLAP_X509_OPTION + 3,
+	SLAP_X509_GN_DIRECTORYNAME	= SLAP_X509_OPTION + 4,
+	SLAP_X509_GN_EDIPARTYNAME	= SLAP_X509_OPTION + 5,
+	SLAP_X509_GN_URI		= SLAP_X509_OPTION + 6,
+	SLAP_X509_GN_IPADDRESS		= SLAP_X509_OPTION + 7,
+	SLAP_X509_GN_REGISTEREDID	= SLAP_X509_OPTION + 8
+};
+
+/* X.509 PMI related stuff */
+enum {
+	SLAP_X509AC_V1		= 0,
+	SLAP_X509AC_V2		= 1
+};
+
+enum {
+	SLAP_X509AC_ISSUER	= SLAP_X509_OPTION + 0
+};
+
 /* X.509 certificate validation */
-static int certificateValidate( Syntax *syntax, struct berval *in )
+static int
+certificateValidate( Syntax *syntax, struct berval *in )
 {
 	BerElementBuffer berbuf;
 	BerElement *ber = (BerElement *)&berbuf;
@@ -199,7 +273,8 @@
 }
 
 /* X.509 certificate list validation */
-static int certificateListValidate( Syntax *syntax, struct berval *in )
+static int
+certificateListValidate( Syntax *syntax, struct berval *in )
 {
 	BerElementBuffer berbuf;
 	BerElement *ber = (BerElement *)&berbuf;
@@ -227,11 +302,11 @@
 	ber_skip_data( ber, len );
 	tag = ber_skip_tag( ber, &len );	/* thisUpdate */
 	/* Time is a CHOICE { UTCTime, GeneralizedTime } */
-	if ( tag != 0x17U && tag != 0x18U ) return LDAP_INVALID_SYNTAX;
+	if ( tag != SLAP_TAG_UTCTIME && tag != SLAP_TAG_GENERALIZEDTIME ) return LDAP_INVALID_SYNTAX;
 	ber_skip_data( ber, len );
 	/* Optional nextUpdate */
 	tag = ber_skip_tag( ber, &len );
-	if ( tag == 0x17U || tag == 0x18U ) {
+	if ( tag == SLAP_TAG_UTCTIME || tag == SLAP_TAG_GENERALIZEDTIME ) {
 		ber_skip_data( ber, len );
 		tag = ber_skip_tag( ber, &len );
 	}
@@ -265,6 +340,89 @@
 	return LDAP_SUCCESS;
 }
 
+/* X.509 PMI Attribute Certificate Validate */
+static int
+attributeCertificateValidate( Syntax *syntax, struct berval *in )
+{
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len;
+	ber_int_t version;
+	int cont = 0;
+
+	ber_init2( ber, in, LBER_USE_DER );
+	
+	tag = ber_skip_tag( ber, &len );	/* Signed wrapper */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+
+	tag = ber_skip_tag( ber, &len );	/* Sequence */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+
+	tag = ber_peek_tag( ber, &len );	/* Version */
+	if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
+	tag = ber_get_int( ber, &version );	/* X.509 only allows v2 */
+	if ( version != SLAP_X509AC_V2 ) return LDAP_INVALID_SYNTAX;
+
+	tag = ber_skip_tag( ber, &len );	/* Holder */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	ber_skip_data( ber, len );
+
+	tag = ber_skip_tag( ber, &len );	/* Issuer */
+	if ( tag != SLAP_X509AC_ISSUER ) return LDAP_INVALID_SYNTAX;
+	ber_skip_data( ber, len );
+
+	tag = ber_skip_tag( ber, &len );	/* Signature */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	ber_skip_data( ber, len );
+
+	tag = ber_skip_tag( ber, &len );	/* Serial number */
+	if ( tag != LBER_INTEGER ) return LDAP_INVALID_SYNTAX;
+	ber_skip_data( ber, len );
+
+	tag = ber_skip_tag( ber, &len );	/* AttCertValidityPeriod */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	ber_skip_data( ber, len );
+
+	tag = ber_skip_tag( ber, &len );	/* Attributes */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	ber_skip_data( ber, len );
+
+	ber_peek_tag( ber, &len );
+
+	if ( tag == LBER_BITSTRING ) {	/* issuerUniqueID */
+		tag = ber_skip_tag( ber, &len );
+		ber_skip_data( ber, len );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag == LBER_SEQUENCE ) {	/* extensions or signatureAlgorithm */
+		tag = ber_skip_tag( ber, &len );
+		ber_skip_data( ber, len );
+		cont++;
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag == LBER_SEQUENCE ) {	/* signatureAlgorithm */
+		tag = ber_skip_tag( ber, &len );
+		ber_skip_data( ber, len );
+		cont++;
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag == LBER_BITSTRING ) {	/* Signature */
+		tag = ber_skip_tag( ber, &len );
+		ber_skip_data( ber, len );
+		cont++;
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	/* Must be at end now */
+	if ( len != 0 || tag != LBER_DEFAULT || cont < 2 ) return LDAP_INVALID_SYNTAX;
+
+	return LDAP_SUCCESS;
+}
+
 int
 octetStringMatch(
 	int *matchp,
@@ -851,8 +1009,8 @@
 	}
 
 	/* RFC 4517 Section 3.3.2 Bit String:
-     *	BitString    = SQUOTE *binary-digit SQUOTE "B"
-     *	binary-digit = "0" / "1"
+	 *	BitString    = SQUOTE *binary-digit SQUOTE "B"
+	 *	binary-digit = "0" / "1"
 	 *
 	 * where SQUOTE [RFC4512] is
 	 *	SQUOTE  = %x27 ; single quote ("'")
@@ -947,12 +1105,7 @@
   ...
       
  *
- * Note: normalization strips any leading "0"s, unless the
- * bit string is exactly "'0'B", so the normalized example,
- * in slapd, would result in
- * 
- * 1.3.6.1.4.1.1466.0=#04024869,o=test,c=gb#'101'B
- * 
+ * Note:
  * RFC 4514 clarifies that SHARP, i.e. "#", doesn't have to
  * be escaped except when at the beginning of a value, the
  * definition of Name and Optional UID appears to be flawed,
@@ -976,11 +1129,11 @@
  *
  * in fact "com#'1'B" is a valid IA5 string.
  *
- * As a consequence, current slapd code assumes that the
- * presence of portions of a BitString at the end of the string 
- * representation of a NameAndOptionalUID means a BitString
- * is expected, and cause an error otherwise.  This is quite
- * arbitrary, and might change in the future.
+ * As a consequence, current slapd code takes the presence of
+ * #<valid BitString> at the end of the string representation
+ * of a NameAndOptionalUID to mean this is indeed a BitString.
+ * This is quite arbitrary - it has changed the past and might
+ * change in the future.
  */
 
 
@@ -1051,7 +1204,8 @@
 
 			if ( rc == LDAP_SUCCESS ) {
 				ber_dupbv_x( &dnval, val, ctx );
-				dnval.bv_len -= uidval.bv_len + 1;
+				uidval.bv_val--;
+				dnval.bv_len -= ++uidval.bv_len;
 				dnval.bv_val[dnval.bv_len] = '\0';
 
 			} else {
@@ -1068,36 +1222,18 @@
 		}
 
 		if( !BER_BVISNULL( &uidval ) ) {
-			int	i, c, got1;
 			char	*tmp;
 
 			tmp = slap_sl_realloc( out->bv_val, out->bv_len 
-				+ STRLENOF( "#" ) + uidval.bv_len + 1,
+				+ uidval.bv_len + 1,
 				ctx );
 			if( tmp == NULL ) {
 				ber_memfree_x( out->bv_val, ctx );
 				return LDAP_OTHER;
 			}
 			out->bv_val = tmp;
-			out->bv_val[out->bv_len++] = '#';
-			out->bv_val[out->bv_len++] = '\'';
-
-			got1 = uidval.bv_len < sizeof("'0'B"); 
-			for( i = 1; i < uidval.bv_len - 2; i++ ) {
-				c = uidval.bv_val[i];
-				switch(c) {
-					case '0':
-						if( got1 ) out->bv_val[out->bv_len++] = c;
-						break;
-					case '1':
-						got1 = 1;
-						out->bv_val[out->bv_len++] = c;
-						break;
-				}
-			}
-
-			out->bv_val[out->bv_len++] = '\'';
-			out->bv_val[out->bv_len++] = 'B';
+			memcpy( out->bv_val + out->bv_len, uidval.bv_val, uidval.bv_len );
+			out->bv_len += uidval.bv_len;
 			out->bv_val[out->bv_len] = '\0';
 		}
 	}
@@ -1528,8 +1664,8 @@
 	void *ctx )
 {
 	struct berval tmp, nvalue;
-	int flags;
-	int i, wasspace;
+	int flags, wasspace;
+	ber_len_t i;
 
 	assert( SLAP_MR_IS_VALUE_OF_SYNTAX( use ) != 0 );
 
@@ -1604,7 +1740,7 @@
 	int match = 0;
 	SubstringsAssertion *sub = assertedValue;
 	struct berval left = *value;
-	int i;
+	ber_len_t i;
 	int priorspace=0;
 
 	if ( !BER_BVISNULL( &sub->sa_initial ) ) {
@@ -1777,7 +1913,7 @@
 	}
 
 	/* Work through the asserted value's words, to see if at least some
-	   of the words are there, in the same order. */
+	 * of the words are there, in the same order. */
 	len = 0;
 	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
 		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
@@ -1987,6 +2123,119 @@
 	return LDAP_SUCCESS;
 }
 
+static int
+postalAddressValidate(
+	Syntax *syntax,
+	struct berval *in )
+{
+	struct berval bv = *in;
+	ber_len_t c;
+
+	for ( c = 0; c < in->bv_len; c++ ) {
+		if ( in->bv_val[c] == '\\' ) {
+			c++;
+			if ( strncasecmp( &in->bv_val[c], "24", STRLENOF( "24" ) ) != 0
+				&& strncasecmp( &in->bv_val[c], "5C", STRLENOF( "5C" ) ) != 0 )
+			{
+				return LDAP_INVALID_SYNTAX;
+			}
+			continue;
+		}
+
+		if ( in->bv_val[c] == '$' ) {
+			bv.bv_len = &in->bv_val[c] - bv.bv_val;
+			if ( UTF8StringValidate( NULL, &bv ) != LDAP_SUCCESS ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+			bv.bv_val = &in->bv_val[c] + 1;
+		}
+	}
+
+	bv.bv_len = &in->bv_val[c] - bv.bv_val;
+	return UTF8StringValidate( NULL, &bv );
+}
+
+static int
+postalAddressNormalize(
+	slap_mask_t usage,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *val,
+	struct berval *normalized,
+	void *ctx )
+{
+	BerVarray lines = NULL, nlines = NULL;
+	ber_len_t l, c;
+	int rc = LDAP_SUCCESS;
+	MatchingRule *xmr = NULL;
+	char *p;
+
+	if ( SLAP_MR_ASSOCIATED( mr, slap_schema.si_mr_caseIgnoreListMatch ) ) {
+		xmr = slap_schema.si_mr_caseIgnoreMatch;
+
+	} else {
+		xmr = slap_schema.si_mr_caseExactMatch;
+	}
+
+	for ( l = 0, c = 0; c < val->bv_len; c++ ) {
+		if ( val->bv_val[c] == '$' ) {
+			l++;
+		}
+	}
+
+	lines = slap_sl_calloc( sizeof( struct berval ), 2 * ( l + 2 ), ctx );
+	nlines = &lines[l + 2];
+
+	lines[0].bv_val = val->bv_val;
+	for ( l = 0, c = 0; c < val->bv_len; c++ ) {
+		if ( val->bv_val[c] == '$' ) {
+			lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val;
+			l++;
+			lines[l].bv_val = &val->bv_val[c + 1];
+		}
+	}
+	lines[l].bv_len = &val->bv_val[c] - lines[l].bv_val;
+
+	normalized->bv_len = l;
+
+	for ( l = 0; !BER_BVISNULL( &lines[l] ); l++ ) {
+		/* NOTE: we directly normalize each line,
+		 * without unescaping the values, since the special
+		 * values '\24' ('$') and '\5C' ('\') are not affected
+		 * by normalization */
+		rc = UTF8StringNormalize( usage, NULL, xmr, &lines[l], &nlines[l], ctx );
+		if ( rc != LDAP_SUCCESS ) {
+			rc = LDAP_INVALID_SYNTAX;
+			goto done;
+		}
+
+		normalized->bv_len += nlines[l].bv_len;
+	}
+
+	normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx );
+
+	p = normalized->bv_val;
+	for ( l = 0; !BER_BVISNULL( &nlines[l] ); l++ ) {
+		p = lutil_strncopy( p, nlines[l].bv_val, nlines[l].bv_len );
+
+		*p++ = '$';
+	}
+	*--p = '\0';
+
+	assert( p == &normalized->bv_val[normalized->bv_len] );
+
+done:;
+	if ( nlines != NULL ) {
+		for ( l = 0; !BER_BVISNULL( &nlines[ l ] ); l++ ) {
+			slap_sl_free( nlines[l].bv_val, ctx );
+		}
+
+		slap_sl_free( lines, ctx );
+	}
+
+	return rc;
+}
+
 int
 numericoidValidate(
 	Syntax *syntax,
@@ -2720,14 +2969,69 @@
 }
 
 static int
+checkNum( struct berval *in, struct berval *out )
+{
+	/* parse serialNumber */
+	ber_len_t neg = 0, extra = 0;
+	char first = '\0';
+
+	out->bv_val = in->bv_val;
+	out->bv_len = 0;
+
+	if ( out->bv_val[0] == '-' ) {
+		neg++;
+		out->bv_len++;
+	}
+
+	if ( strncasecmp( out->bv_val, "0x", STRLENOF("0x") ) == 0 ) {
+		first = out->bv_val[2];
+		extra = 2;
+
+		out->bv_len += STRLENOF("0x");
+		for ( ; out->bv_len < in->bv_len; out->bv_len++ ) {
+			if ( !ASCII_HEX( out->bv_val[out->bv_len] ) ) break;
+		}
+
+	} else if ( out->bv_val[0] == '\'' ) {
+		first = out->bv_val[1];
+		extra = 3;
+
+		out->bv_len += STRLENOF("'");
+
+		for ( ; out->bv_len < in->bv_len; out->bv_len++ ) {
+			if ( !ASCII_HEX( out->bv_val[out->bv_len] ) ) break;
+		}
+		if ( strncmp( &out->bv_val[out->bv_len], "'H", STRLENOF("'H") ) != 0 ) {
+			return -1;
+		}
+		out->bv_len += STRLENOF("'H");
+
+	} else {
+		first = out->bv_val[0];
+		for ( ; out->bv_len < in->bv_len; out->bv_len++ ) {
+			if ( !ASCII_DIGIT( out->bv_val[out->bv_len] ) ) break;
+		}
+	}
+
+	if ( !( out->bv_len > neg ) ) {
+		return -1;
+	}
+
+	if ( ( out->bv_len > extra + 1 + neg ) && ( first == '0' ) ) {
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
 serialNumberAndIssuerCheck(
 	struct berval *in,
 	struct berval *sn,
 	struct berval *is,
-	void *ctx
-)
+	void *ctx )
 {
-	int is_hex = 0, n;
+	ber_len_t n;
 
 	if( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
 
@@ -2755,268 +3059,127 @@
 
 	} else {
 		/* Parse GSER format */ 
-		int havesn = 0, haveissuer = 0, numdquotes = 0;
+		enum {
+			HAVE_NONE = 0x0,
+			HAVE_ISSUER = 0x1,
+			HAVE_SN = 0x2,
+			HAVE_ALL = ( HAVE_ISSUER | HAVE_SN )
+		} have = HAVE_NONE;
+
+		int numdquotes = 0;
 		struct berval x = *in;
 		struct berval ni;
 		x.bv_val++;
-		x.bv_len-=2;
+		x.bv_len -= 2;
 
-		/* eat leading spaces */
-		for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
-			/* empty */;
-		}
-
-		if ( x.bv_len < STRLENOF("serialNumber 0,issuer \"\"")) {
-			return LDAP_INVALID_SYNTAX;
-		}
-
-		/* should be at issuer or serialNumber NamedValue */
-		if( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer")) == 0 ) {
-			/* parse issuer */
-			x.bv_val += STRLENOF("issuer");
-			x.bv_len -= STRLENOF("issuer");
-
-			if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
-			x.bv_val++; x.bv_len--;
-
+		do {
 			/* eat leading spaces */
-			for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
 				/* empty */;
 			}
 
-			/* For backward compatibility, this part is optional */
-			if( !strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:"))) {
-				x.bv_val += STRLENOF("rdnSequence:");
-				x.bv_len -= STRLENOF("rdnSequence:");
-			}
+			/* should be at issuer or serialNumber NamedValue */
+			if ( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer") ) == 0 ) {
+				if ( have & HAVE_ISSUER ) return LDAP_INVALID_SYNTAX;
 
-			if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
-			x.bv_val++; x.bv_len--;
+				/* parse issuer */
+				x.bv_val += STRLENOF("issuer");
+				x.bv_len -= STRLENOF("issuer");
 
-			is->bv_val = x.bv_val;
-			is->bv_len = 0;
+				if ( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
+				x.bv_val++;
+				x.bv_len--;
 
-			for( ; is->bv_len < x.bv_len; ) {
-				if ( is->bv_val[is->bv_len] != '"' ) {
-					is->bv_len++;
-					continue;
+				/* eat leading spaces */
+				for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+					/* empty */;
 				}
-				if ( is->bv_val[is->bv_len+1] == '"' ) {
-					/* double dquote */
-					is->bv_len+=2;
-					continue;
+
+				/* For backward compatibility, this part is optional */
+				if ( strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:") ) == 0 ) {
+					x.bv_val += STRLENOF("rdnSequence:");
+					x.bv_len -= STRLENOF("rdnSequence:");
 				}
-				break;
-			}
-			x.bv_val += is->bv_len+1;
-			x.bv_len -= is->bv_len+1;
 
-			if ( x.bv_len < STRLENOF(",serialNumber 0")) {
-				return LDAP_INVALID_SYNTAX;
-			}
+				if ( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
+				x.bv_val++;
+				x.bv_len--;
 
-			haveissuer++;
+				is->bv_val = x.bv_val;
+				is->bv_len = 0;
 
-		} else if( strncasecmp( x.bv_val, "serialNumber",
-			STRLENOF("serialNumber")) == 0 )
-		{
-			/* parse serialNumber */
-			int neg = 0;
-			char first = '\0';
-			int extra = 0;
+				for ( ; is->bv_len < x.bv_len; ) {
+					if ( is->bv_val[is->bv_len] != '"' ) {
+						is->bv_len++;
+						continue;
+					}
+					if ( is->bv_val[is->bv_len+1] == '"' ) {
+						/* double dquote */
+						is->bv_len += 2;
+						continue;
+					}
+					break;
+				}
+				x.bv_val += is->bv_len + 1;
+				x.bv_len -= is->bv_len + 1;
 
-			x.bv_val += STRLENOF("serialNumber");
-			x.bv_len -= STRLENOF("serialNumber");
+				have |= HAVE_ISSUER;
 
-			if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
-			x.bv_val++; x.bv_len--;
-
-			/* eat leading spaces */
-			for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
-				/* empty */;
-			}
-			
-			sn->bv_val = x.bv_val;
-			sn->bv_len = 0;
-
-			if( sn->bv_val[0] == '-' ) {
-				neg++;
-				sn->bv_len++;
-			}
-
-			if ( sn->bv_val[0] == '0' && ( sn->bv_val[1] == 'x' ||
-				sn->bv_val[1] == 'X' ))
+			} else if ( strncasecmp( x.bv_val, "serialNumber", STRLENOF("serialNumber") ) == 0 )
 			{
-				is_hex = 1;
-				first = sn->bv_val[2];
-				extra = 2;
+				if ( have & HAVE_SN ) return LDAP_INVALID_SYNTAX;
 
-				sn->bv_len += STRLENOF("0x");
-				for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
-					if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
-				}
+				/* parse serialNumber */
+				x.bv_val += STRLENOF("serialNumber");
+				x.bv_len -= STRLENOF("serialNumber");
 
-			} else if ( sn->bv_val[0] == '\'' ) {
-				first = sn->bv_val[1];
-				extra = 3;
+				if ( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
+				x.bv_val++;
+				x.bv_len--;
 
-				sn->bv_len += STRLENOF("'");
-
-				for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
-					if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
+				/* eat leading spaces */
+				for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+					/* empty */;
 				}
-				if ( sn->bv_val[sn->bv_len] == '\'' &&
-					sn->bv_val[sn->bv_len + 1] == 'H' )
-				{
-					sn->bv_len += STRLENOF("'H");
-					is_hex = 1;
 
-				} else {
+				if ( checkNum( &x, sn ) ) {
 					return LDAP_INVALID_SYNTAX;
 				}
 
-			} else {
-				first = sn->bv_val[0];
-				for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
-					if ( !ASCII_DIGIT( sn->bv_val[sn->bv_len] )) break;
-				}
-			}
+				x.bv_val += sn->bv_len;
+				x.bv_len -= sn->bv_len;
 
-			if (!( sn->bv_len > neg )) return LDAP_INVALID_SYNTAX;
-			if (( sn->bv_len > extra+1+neg ) && ( first == '0' )) {
-				return LDAP_INVALID_SYNTAX;
-			}
+				have |= HAVE_SN;
 
-			x.bv_val += sn->bv_len; x.bv_len -= sn->bv_len;
-
-			if ( x.bv_len < STRLENOF( ",issuer \"\"" )) {
+			} else {
 				return LDAP_INVALID_SYNTAX;
 			}
 
-			havesn++;
-
-		} else return LDAP_INVALID_SYNTAX;
-
-		if( x.bv_val[0] != ',' ) return LDAP_INVALID_SYNTAX;
-		x.bv_val++; x.bv_len--;
-
-		/* eat spaces */
-		for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
-			/* empty */;
-		}
-
-		/* should be at remaining NamedValue */
-		if( !haveissuer && (strncasecmp( x.bv_val, "issuer",
-			STRLENOF("issuer" )) == 0 ))
-		{
-			/* parse issuer */
-			x.bv_val += STRLENOF("issuer");
-			x.bv_len -= STRLENOF("issuer");
-
-			if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
-			x.bv_val++; x.bv_len--;
-
 			/* eat leading spaces */
-			for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
-				 /* empty */;
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
 			}
 
-			/* For backward compatibility, this part is optional */
-			if( !strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:"))) {
-				x.bv_val += STRLENOF("rdnSequence:");
-				x.bv_len -= STRLENOF("rdnSequence:");
-			}
-
-			if( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
-			x.bv_val++; x.bv_len--;
-
-			is->bv_val = x.bv_val;
-			is->bv_len = 0;
-
-			for( ; is->bv_len < x.bv_len; ) {
-				if ( is->bv_val[is->bv_len] != '"' ) {
-					is->bv_len++;
-					continue;
-				}
-				if ( is->bv_val[is->bv_len+1] == '"' ) {
-					/* double dquote */
-					numdquotes++;
-					is->bv_len+=2;
-					continue;
-				}
+			if ( have == HAVE_ALL ) {
 				break;
 			}
-			x.bv_val += is->bv_len+1;
-			x.bv_len -= is->bv_len+1;
 
-		} else if( !havesn && (strncasecmp( x.bv_val, "serialNumber",
-			STRLENOF("serialNumber")) == 0 ))
-		{
-			/* parse serialNumber */
-			int neg=0;
-			x.bv_val += STRLENOF("serialNumber");
-			x.bv_len -= STRLENOF("serialNumber");
-
-			if( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
-			x.bv_val++; x.bv_len--;
-
-			/* eat leading spaces */
-			for( ; (x.bv_val[0] == ' ') && x.bv_len ; x.bv_val++, x.bv_len--) {
-				/* empty */;
-			}
-			
-			sn->bv_val = x.bv_val;
-			sn->bv_len = 0;
-
-			if( sn->bv_val[0] == '-' ) {
-				neg++;
-				sn->bv_len++;
-			}
-
-			if ( sn->bv_val[0] == '0' && ( sn->bv_val[1] == 'x' ||
-				sn->bv_val[1] == 'X' )) {
-				is_hex = 1;
-				for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
-					if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
-				}
-			} else if ( sn->bv_val[0] == '\'' ) {
-				for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
-					if ( !ASCII_HEX( sn->bv_val[sn->bv_len] )) break;
-				}
-				if ( sn->bv_val[sn->bv_len] == '\'' &&
-					sn->bv_val[sn->bv_len+1] == 'H' )
-					is_hex = 1;
-				else
-					return LDAP_INVALID_SYNTAX;
-				sn->bv_len += 2;
-			} else {
-				for( ; sn->bv_len < x.bv_len; sn->bv_len++ ) {
-					if ( !ASCII_DIGIT( sn->bv_val[sn->bv_len] )) break;
-				}
-			}
-
-			if (!( sn->bv_len > neg )) return LDAP_INVALID_SYNTAX;
-			if (( sn->bv_len > 1+neg ) && ( sn->bv_val[neg] == '0' )) {
+			if ( x.bv_val[0] != ',' ) {
 				return LDAP_INVALID_SYNTAX;
 			}
 
-			x.bv_val += sn->bv_len;
-			x.bv_len -= sn->bv_len;
+			x.bv_val++;
+			x.bv_len--;
+		} while ( 1 );
 
-		} else return LDAP_INVALID_SYNTAX;
-
-		/* eat trailing spaces */
-		for( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
-			/* empty */;
-		}
-
 		/* should have no characters left... */
-		if( x.bv_len ) return LDAP_INVALID_SYNTAX;
+		if ( x.bv_len ) return LDAP_INVALID_SYNTAX;
 
 		if ( numdquotes == 0 ) {
 			ber_dupbv_x( &ni, is, ctx );
+
 		} else {
-			ber_int_t src, dst;
+			ber_len_t src, dst;
 
 			ni.bv_len = is->bv_len - numdquotes;
 			ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx );
@@ -3047,91 +3210,164 @@
 		in->bv_val, 0, 0 );
 
 	rc = serialNumberAndIssuerCheck( in, &sn, &i, NULL );
-	if ( rc )
-		return rc;
+	if ( rc ) {
+		goto done;
+	}
 
 	/* validate DN -- doesn't handle double dquote */ 
 	rc = dnValidate( NULL, &i );
-	if( rc )
+	if ( rc ) {
 		rc = LDAP_INVALID_SYNTAX;
+	}
 
-	if( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
 		slap_sl_free( i.bv_val, NULL );
 	}
 
-	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerValidate: OKAY\n",
-		0, 0, 0 );
+	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerValidate: <%s> err=%d\n",
+		in->bv_val, rc, 0 );
+
+done:;
 	return rc;
 }
 
-int
+static int
 serialNumberAndIssuerPretty(
 	Syntax *syntax,
 	struct berval *in,
 	struct berval *out,
 	void *ctx )
 {
-	int n, rc;
-	struct berval sn, i, ni;
+	int rc;
+	struct berval sn, i, ni = BER_BVNULL;
+	char *p;
 
 	assert( in != NULL );
 	assert( out != NULL );
 
+	BER_BVZERO( out );
+
 	Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerPretty: <%s>\n",
 		in->bv_val, 0, 0 );
 
 	rc = serialNumberAndIssuerCheck( in, &sn, &i, ctx );
-	if ( rc )
-		return rc;
+	if ( rc ) {
+		goto done;
+	}
 
 	rc = dnPretty( syntax, &i, &ni, ctx );
 
-	if( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
 		slap_sl_free( i.bv_val, ctx );
 	}
 
-	if( rc ) return LDAP_INVALID_SYNTAX;
+	if ( rc ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
 
 	/* make room from sn + "$" */
 	out->bv_len = STRLENOF("{ serialNumber , issuer rdnSequence:\"\" }")
 		+ sn.bv_len + ni.bv_len;
 	out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
 
-	if( out->bv_val == NULL ) {
+	if ( out->bv_val == NULL ) {
 		out->bv_len = 0;
-		slap_sl_free( ni.bv_val, ctx );
-		return LDAP_OTHER;
+		rc = LDAP_OTHER;
+		goto done;
 	}
 
-	n = 0;
-	AC_MEMCPY( &out->bv_val[n], "{ serialNumber ",
-		STRLENOF("{ serialNumber "));
-	n = STRLENOF("{ serialNumber ");
+	p = out->bv_val;
+	p = lutil_strcopy( p, "{ serialNumber " /*}*/ );
+	p = lutil_strncopy( p, sn.bv_val, sn.bv_len );
+	p = lutil_strcopy( p, ", issuer rdnSequence:\"" );
+	p = lutil_strncopy( p, ni.bv_val, ni.bv_len );
+	p = lutil_strcopy( p, /*{*/ "\" }" );
 
-	AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len );
-	n += sn.bv_len;
+	assert( p == &out->bv_val[out->bv_len] );
 
-	AC_MEMCPY( &out->bv_val[n], ", issuer rdnSequence:\"", STRLENOF(", issuer rdnSequence:\""));
-	n += STRLENOF(", issuer rdnSequence:\"");
+done:;
+	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerPretty: <%s> => <%s>\n",
+		in->bv_val, rc == LDAP_SUCCESS ? out->bv_val : "(err)", 0 );
 
-	AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len );
-	n += ni.bv_len;
+	slap_sl_free( ni.bv_val, ctx );
 
-	AC_MEMCPY( &out->bv_val[n], "\" }", STRLENOF("\" }"));
-	n += STRLENOF("\" }");
+	return LDAP_SUCCESS; 
+}
 
-	out->bv_val[n] = '\0';
+static int
+slap_bin2hex(
+	struct berval *in,
+	struct berval *out,
+	void *ctx )
 
-	assert( n == out->bv_len );
+{	
+	/* Use hex format. '123456789abcdef'H */
+	unsigned char *ptr, zero = '\0';
+	char *sptr;
+	int first;
+	ber_len_t i, len, nlen;
 
-	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerPretty: <%s>\n",
-		out->bv_val, 0, 0 );
+	assert( in != NULL );
+	assert( !BER_BVISNULL( in ) );
+	assert( out != NULL );
+	assert( !BER_BVISNULL( out ) );
 
-	slap_sl_free( ni.bv_val, ctx );
+	ptr = (unsigned char *)in->bv_val;
+	len = in->bv_len;
 
-	return LDAP_SUCCESS; 
+	/* Check for minimal encodings */
+	if ( len > 1 ) {
+		if ( ptr[0] & 0x80 ) {
+			if ( ( ptr[0] == 0xff ) && ( ptr[1] & 0x80 ) ) {
+				return -1;
+			}
+
+		} else if ( ptr[0] == 0 ) {
+			if ( !( ptr[1] & 0x80 ) ) {
+				return -1;
+			}
+			len--;
+			ptr++;
+		}
+
+	} else if ( len == 0 ) {
+		/* FIXME: this should not be possible,
+		 * since a value of zero would have length 1 */
+		len = 1;
+		ptr = &zero;
+	}
+
+	first = !( ptr[0] & 0xf0U );
+	nlen = len * 2 - first + STRLENOF("''H"); /* quotes, H */
+	if ( nlen >= out->bv_len ) {
+		out->bv_val = slap_sl_malloc( nlen + 1, ctx );
+	}
+	sptr = out->bv_val;
+	*sptr++ = '\'';
+	i = 0;
+	if ( first ) {
+		sprintf( sptr, "%01X", ( ptr[0] & 0x0fU ) );
+		sptr++;
+		i = 1;
+	}
+	for ( ; i < len; i++ ) {
+		sprintf( sptr, "%02X", ptr[i] );
+		sptr += 2;
+	}
+	*sptr++ = '\'';
+	*sptr++ = 'H';
+	*sptr = '\0';
+
+	assert( sptr == &out->bv_val[nlen] );
+
+	out->bv_len = nlen;
+
+	return 0;
 }
 
+#define SLAP_SN_BUFLEN	(64)
+
 /*
  * This routine is called by certificateExactNormalize when
  * certificateExactNormalize receives a search string instead of
@@ -3147,10 +3383,11 @@
 	struct berval *out,
 	void *ctx )
 {
-	struct berval sn, sn2, i, ni;
-	char sbuf[64], *stmp = sbuf;
+	struct berval sn, sn2, sn3, i, ni;
+	char sbuf2[SLAP_SN_BUFLEN];
+	char sbuf3[SLAP_SN_BUFLEN];
+	char *p;
 	int rc;
-	ber_len_t n;
 
 	assert( in != NULL );
 	assert( out != NULL );
@@ -3159,78 +3396,70 @@
 		in->bv_val, 0, 0 );
 
 	rc = serialNumberAndIssuerCheck( in, &sn, &i, ctx );
-	if ( rc )
+	if ( rc ) {
 		return rc;
+	}
 
 	rc = dnNormalize( usage, syntax, mr, &i, &ni, ctx );
 
-	if( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
 		slap_sl_free( i.bv_val, ctx );
 	}
 
-	if( rc ) return LDAP_INVALID_SYNTAX;
+	if ( rc ) {
+		return LDAP_INVALID_SYNTAX;
+	}
 
 	/* Convert sn to canonical hex */
-	if ( sn.bv_len > sizeof( sbuf )) {
-		stmp = slap_sl_malloc( sn.bv_len, ctx );
+	sn2.bv_val = sbuf2;
+	if ( sn.bv_len > sizeof( sbuf2 ) ) {
+		sn2.bv_val = slap_sl_malloc( sn.bv_len, ctx );
 	}
-	sn2.bv_val = stmp;
 	sn2.bv_len = sn.bv_len;
 	if ( lutil_str2bin( &sn, &sn2, ctx )) {
 		rc = LDAP_INVALID_SYNTAX;
 		goto func_leave;
 	}
 
-	/* make room for sn + "$" */
+	sn3.bv_val = sbuf3;
+	sn3.bv_len = sizeof(sbuf3);
+	if ( slap_bin2hex( &sn2, &sn3, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto func_leave;
+	}
+
 	out->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
-		+ ( sn2.bv_len * 2 + 3 ) + ni.bv_len;
+		+ sn3.bv_len + ni.bv_len;
 	out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
 
-	if( out->bv_val == NULL ) {
+	if ( out->bv_val == NULL ) {
 		out->bv_len = 0;
-		slap_sl_free( ni.bv_val, ctx );
 		rc = LDAP_OTHER;
 		goto func_leave;
 	}
 
-	n = 0;
-	AC_MEMCPY( &out->bv_val[n], "{ serialNumber ",
-		STRLENOF( "{ serialNumber " ));
-	n = STRLENOF( "{ serialNumber " );
+	p = out->bv_val;
 
-	AC_MEMCPY( &out->bv_val[n], sn.bv_val, sn.bv_len );
-	{
-		int j;
-		unsigned char *v = (unsigned char *)sn2.bv_val;
-		out->bv_val[n++] = '\'';
-		for ( j = 0; j < sn2.bv_len; j++ ) {
-			snprintf( &out->bv_val[n], out->bv_len - n + 1,
-				"%02X", v[j] );
-			n += 2;
-		}
-		out->bv_val[n++] = '\'';
-		out->bv_val[n++] = 'H';
-	}
+	p = lutil_strcopy( p, "{ serialNumber " /*}*/ );
+	p = lutil_strncopy( p, sn3.bv_val, sn3.bv_len );
+	p = lutil_strcopy( p, ", issuer rdnSequence:\"" );
+	p = lutil_strncopy( p, ni.bv_val, ni.bv_len );
+	p = lutil_strcopy( p, /*{*/ "\" }" );
 
-	AC_MEMCPY( &out->bv_val[n], ", issuer rdnSequence:\"", STRLENOF( ", issuer rdnSequence:\"" ));
-	n += STRLENOF( ", issuer rdnSequence:\"" );
+	assert( p == &out->bv_val[out->bv_len] );
 
-	AC_MEMCPY( &out->bv_val[n], ni.bv_val, ni.bv_len );
-	n += ni.bv_len;
+func_leave:
+	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s> => <%s>\n",
+		in->bv_val, rc == LDAP_SUCCESS ? out->bv_val : "(err)", 0 );
 
-	AC_MEMCPY( &out->bv_val[n], "\" }", STRLENOF( "\" }" ));
-	n += STRLENOF( "\" }" );
+	if ( sn2.bv_val != sbuf2 ) {
+		slap_sl_free( sn2.bv_val, ctx );
+	}
 
-	out->bv_val[n] = '\0';
+	if ( sn3.bv_val != sbuf3 ) {
+		slap_sl_free( sn3.bv_val, ctx );
+	}
 
-	assert( n == out->bv_len );
-
-	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerNormalize: <%s>\n",
-		out->bv_val, 0, 0 );
-
-func_leave:
-	if ( stmp != sbuf )
-		slap_sl_free( stmp, ctx );
 	slap_sl_free( ni.bv_val, ctx );
 
 	return rc;
@@ -3250,16 +3479,21 @@
 	ber_tag_t tag;
 	ber_len_t len;
 	ber_int_t i;
-	char serialbuf[64], *serial = serialbuf;
-	ber_len_t seriallen;
+	char serialbuf2[SLAP_SN_BUFLEN];
+	struct berval sn, sn2 = BER_BVNULL;
 	struct berval issuer_dn = BER_BVNULL, bvdn;
-	unsigned char *p;
+	char *p;
 	int rc = LDAP_INVALID_SYNTAX;
 
-	if( BER_BVISEMPTY( val ) ) goto done;
+	assert( val != NULL );
 
-	if( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
-		return serialNumberAndIssuerNormalize(0,NULL,NULL,val,normalized,ctx);
+	Debug( LDAP_DEBUG_TRACE, ">>> certificateExactNormalize: <%p, %lu>\n",
+		val->bv_val, val->bv_len, 0 );
+
+	if ( BER_BVISEMPTY( val ) ) goto done;
+
+	if ( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
+		return serialNumberAndIssuerNormalize( 0, NULL, NULL, val, normalized, ctx );
 	}
 
 	assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) != 0 );
@@ -3276,93 +3510,1233 @@
 	/* NOTE: move the test here from certificateValidate,
 	 * so that we can validate certs with serial longer
 	 * than sizeof(ber_int_t) */
-	tag = ber_peek_tag( ber, &len );	/* serial */
+	tag = ber_skip_tag( ber, &len );	/* serial */
+	sn.bv_len = len;
+	sn.bv_val = (char *)ber->ber_ptr;
+	sn2.bv_val = serialbuf2;
+	sn2.bv_len = sizeof(serialbuf2);
+	if ( slap_bin2hex( &sn, &sn2, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
+	ber_skip_data( ber, len );
 
-	/* Use hex format. '123456789abcdef'H
-	 */
-	{
-		unsigned char *ptr;
-		char *sptr;
+	tag = ber_skip_tag( ber, &len );	/* SignatureAlg */
+	ber_skip_data( ber, len );
+	tag = ber_peek_tag( ber, &len );	/* IssuerDN */
+	len = ber_ptrlen( ber );
+	bvdn.bv_val = val->bv_val + len;
+	bvdn.bv_len = val->bv_len - len;
+
+	rc = dnX509normalize( &bvdn, &issuer_dn );
+	if ( rc != LDAP_SUCCESS ) goto done;
+
+	normalized->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
+		+ sn2.bv_len + issuer_dn.bv_len;
+	normalized->bv_val = ch_malloc( normalized->bv_len + 1 );
+
+	p = normalized->bv_val;
+
+	p = lutil_strcopy( p, "{ serialNumber " /*}*/ );
+	p = lutil_strncopy( p, sn2.bv_val, sn2.bv_len );
+	p = lutil_strcopy( p, ", issuer rdnSequence:\"" );
+	p = lutil_strncopy( p, issuer_dn.bv_val, issuer_dn.bv_len );
+	p = lutil_strcopy( p, /*{*/ "\" }" );
+
+	rc = LDAP_SUCCESS;
+
+done:
+	Debug( LDAP_DEBUG_TRACE, "<<< certificateExactNormalize: <%p, %lu> => <%s>\n",
+		val->bv_val, val->bv_len, rc == LDAP_SUCCESS ? normalized->bv_val : "(err)" );
+
+	if ( issuer_dn.bv_val ) ber_memfree( issuer_dn.bv_val );
+	if ( sn2.bv_val != serialbuf2 ) ber_memfree_x( sn2.bv_val, ctx );
+
+	return rc;
+}
+
+/* X.509 PKI certificateList stuff */
+static int
+checkTime( struct berval *in, struct berval *out )
+{
+	int rc;
+	ber_len_t i;
+	char buf[STRLENOF("YYYYmmddHHMMSSZ") + 1];
+	struct berval bv;
+
+	assert( in != NULL );
+	assert( !BER_BVISNULL( in ) );
+	assert( !BER_BVISEMPTY( in ) );
+
+	if ( in->bv_len < STRLENOF( "YYmmddHHMMSSZ" ) ) {
+		return -1;
+	}
+
+	if ( out != NULL ) {
+		assert( !BER_BVISNULL( out ) );
+		assert( out->bv_len >= sizeof( buf ) );
+		bv.bv_val = out->bv_val;
+
+	} else {
+		bv.bv_val = buf;
+	}
+
+	for ( i = 0; i < STRLENOF( "YYYYmmddHHMMSS" ); i++ ) {
+		if ( !ASCII_DIGIT( in->bv_val[i] ) ) break;
+	}
+
+	if ( in->bv_val[i] != 'Z' ) {
+		return -1;
+	}
+	i++;
+
+	if ( i != in->bv_len ) {
+		return -1;
+	}
+
+	if ( i == STRLENOF( "YYYYmmddHHMMSSZ" ) ) {
+		lutil_strncopy( bv.bv_val, in->bv_val, i );
+		bv.bv_len = i;
 		
-		tag = ber_skip_tag( ber, &len );
-		ptr = (unsigned char *)ber->ber_ptr;
-		ber_skip_data( ber, len );
+	} else if ( i == STRLENOF( "YYmmddHHMMSSZ" ) ) {
+		char *p = bv.bv_val;
+		if ( in->bv_val[0] < '7' ) {
+			p = lutil_strcopy( p, "20" );
 
-		/* Check for minimal encodings */
-		if ( len > 1 ) {
-			if ( ptr[0] & 0x80 ) {
-				if (( ptr[0] == 0xff ) && ( ptr[1] & 0x80 ))
-					return LDAP_INVALID_SYNTAX;
-			} else if ( ptr[0] == 0 ) {
-				if (!( ptr[1] & 0x80 ))
-					return LDAP_INVALID_SYNTAX;
+		} else {
+			p = lutil_strcopy( p, "19" );
+		}
+		lutil_strncopy( p, in->bv_val, i );
+		bv.bv_len = 2 + i;
+
+	} else {
+		return -1;
+	}
+
+	rc = generalizedTimeValidate( NULL, &bv );
+	if ( rc == LDAP_SUCCESS && out != NULL ) {
+		out->bv_len = bv.bv_len;
+	}
+
+	return rc != LDAP_SUCCESS;
+}
+
+static int
+issuerAndThisUpdateCheck(
+	struct berval *in,
+	struct berval *is,
+	struct berval *tu,
+	void *ctx )
+{
+	int numdquotes = 0;
+	struct berval x = *in;
+	struct berval ni = BER_BVNULL;
+	/* Parse GSER format */ 
+	enum {
+		HAVE_NONE = 0x0,
+		HAVE_ISSUER = 0x1,
+		HAVE_THISUPDATE = 0x2,
+		HAVE_ALL = ( HAVE_ISSUER | HAVE_THISUPDATE )
+	} have = HAVE_NONE;
+
+
+	if ( in->bv_len < STRLENOF( "{issuer \"\",thisUpdate \"YYMMDDhhmmssZ\"}" ) ) return LDAP_INVALID_SYNTAX;
+
+	if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	x.bv_val++;
+	x.bv_len -= STRLENOF("{}");
+
+	do {
+		/* eat leading spaces */
+		for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+			/* empty */;
+		}
+
+		/* should be at issuer or thisUpdate */
+		if ( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer") ) == 0 ) {
+			if ( have & HAVE_ISSUER ) return LDAP_INVALID_SYNTAX;
+
+			/* parse issuer */
+			x.bv_val += STRLENOF("issuer");
+			x.bv_len -= STRLENOF("issuer");
+
+			if ( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
 			}
+
+			/* For backward compatibility, this part is optional */
+			if ( strncasecmp( x.bv_val, "rdnSequence:", STRLENOF("rdnSequence:") ) != 0 ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+			x.bv_val += STRLENOF("rdnSequence:");
+			x.bv_len -= STRLENOF("rdnSequence:");
+
+			if ( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			is->bv_val = x.bv_val;
+			is->bv_len = 0;
+
+			for ( ; is->bv_len < x.bv_len; ) {
+				if ( is->bv_val[is->bv_len] != '"' ) {
+					is->bv_len++;
+					continue;
+				}
+				if ( is->bv_val[is->bv_len+1] == '"' ) {
+					/* double dquote */
+					is->bv_len += 2;
+					continue;
+				}
+				break;
+			}
+			x.bv_val += is->bv_len + 1;
+			x.bv_len -= is->bv_len + 1;
+
+			have |= HAVE_ISSUER;
+
+		} else if ( strncasecmp( x.bv_val, "thisUpdate", STRLENOF("thisUpdate") ) == 0 )
+		{
+			if ( have & HAVE_THISUPDATE ) return LDAP_INVALID_SYNTAX;
+
+			/* parse thisUpdate */
+			x.bv_val += STRLENOF("thisUpdate");
+			x.bv_len -= STRLENOF("thisUpdate");
+
+			if ( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
+			}
+
+			if ( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			tu->bv_val = x.bv_val;
+			tu->bv_len = 0;
+
+			for ( ; tu->bv_len < x.bv_len; tu->bv_len++ ) {
+				if ( tu->bv_val[tu->bv_len] == '"' ) {
+					break;
+				}
+			}
+			x.bv_val += tu->bv_len + 1;
+			x.bv_len -= tu->bv_len + 1;
+
+			have |= HAVE_THISUPDATE;
+
+		} else {
+			return LDAP_INVALID_SYNTAX;
 		}
 
-		seriallen = len * 2 + 4;	/* quotes, H, NUL */
-		if ( seriallen > sizeof( serialbuf ))
-			serial = slap_sl_malloc( seriallen, ctx );
-		sptr = serial;
-		*sptr++ = '\'';
-		for ( i = 0; i<len; i++ ) {
-			sprintf( sptr, "%02X", ptr[i] );
-			sptr += 2;
+		/* eat leading spaces */
+		for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+			/* empty */;
 		}
-		*sptr++ = '\'';
-		*sptr++ = 'H';
-		seriallen--;
+
+		if ( have == HAVE_ALL ) {
+			break;
+		}
+
+		if ( x.bv_val[0] != ',' ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+
+		x.bv_val++;
+		x.bv_len--;
+	} while ( 1 );
+
+	/* should have no characters left... */
+	if ( x.bv_len ) return LDAP_INVALID_SYNTAX;
+
+	if ( numdquotes == 0 ) {
+		ber_dupbv_x( &ni, is, ctx );
+
+	} else {
+		ber_len_t src, dst;
+
+		ni.bv_len = is->bv_len - numdquotes;
+		ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx );
+		for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) {
+			if ( is->bv_val[src] == '"' ) {
+				src++;
+			}
+			ni.bv_val[dst] = is->bv_val[src];
+		}
+		ni.bv_val[dst] = '\0';
 	}
-	tag = ber_skip_tag( ber, &len );	/* SignatureAlg */
+		
+	*is = ni;
+
+	return 0;
+}
+
+static int
+issuerAndThisUpdateValidate(
+	Syntax *syntax,
+	struct berval *in )
+{
+	int rc;
+	struct berval i, tu;
+
+	Debug( LDAP_DEBUG_TRACE, ">>> issuerAndThisUpdateValidate: <%s>\n",
+		in->bv_val, 0, 0 );
+
+	rc = issuerAndThisUpdateCheck( in, &i, &tu, NULL );
+	if ( rc ) {
+		goto done;
+	}
+
+	/* validate DN -- doesn't handle double dquote */ 
+	rc = dnValidate( NULL, &i );
+	if ( rc ) {
+		rc = LDAP_INVALID_SYNTAX;
+
+	} else if ( checkTime( &tu, NULL ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+	}
+
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+		slap_sl_free( i.bv_val, NULL );
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "<<< issuerAndThisUpdateValidate: <%s> err=%d\n",
+		in->bv_val, rc, 0 );
+
+done:;
+	return rc;
+}
+
+static int
+issuerAndThisUpdatePretty(
+	Syntax *syntax,
+	struct berval *in,
+	struct berval *out,
+	void *ctx )
+{
+	int rc;
+	struct berval i, tu, ni = BER_BVNULL;
+	char *p;
+
+	assert( in != NULL );
+	assert( out != NULL );
+
+	BER_BVZERO( out );
+
+	Debug( LDAP_DEBUG_TRACE, ">>> issuerAndThisUpdatePretty: <%s>\n",
+		in->bv_val, 0, 0 );
+
+	rc = issuerAndThisUpdateCheck( in, &i, &tu, ctx );
+	if ( rc ) {
+		goto done;
+	}
+
+	rc = dnPretty( syntax, &i, &ni, ctx );
+
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+		slap_sl_free( i.bv_val, ctx );
+	}
+
+	if ( rc || checkTime( &tu, NULL ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
+
+	/* make room */
+	out->bv_len = STRLENOF("{ issuer rdnSequence:\"\", thisUpdate \"\" }")
+		+ ni.bv_len + tu.bv_len;
+	out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
+
+	if ( out->bv_val == NULL ) {
+		out->bv_len = 0;
+		rc = LDAP_OTHER;
+		goto done;
+	}
+
+	p = out->bv_val;
+	p = lutil_strcopy( p, "{ issuer rdnSequence:\"" /*}*/ );
+	p = lutil_strncopy( p, ni.bv_val, ni.bv_len );
+	p = lutil_strcopy( p, "\", thisUpdate \"" );
+	p = lutil_strncopy( p, tu.bv_val, tu.bv_len );
+	p = lutil_strcopy( p, /*{*/ "\" }" );
+
+	assert( p == &out->bv_val[out->bv_len] );
+
+done:;
+	Debug( LDAP_DEBUG_TRACE, "<<< issuerAndThisUpdatePretty: <%s> => <%s>\n",
+		in->bv_val, rc == LDAP_SUCCESS ? out->bv_val : "(err)", 0 );
+
+	slap_sl_free( ni.bv_val, ctx );
+
+	return rc; 
+}
+
+static int
+issuerAndThisUpdateNormalize(
+	slap_mask_t usage,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *in,
+	struct berval *out,
+	void *ctx )
+{
+	struct berval i, ni, tu, tu2;
+	char sbuf[STRLENOF("YYYYmmddHHMMSSZ") + 1];
+	char *p;
+	int rc;
+
+	assert( in != NULL );
+	assert( out != NULL );
+
+	Debug( LDAP_DEBUG_TRACE, ">>> issuerAndThisUpdateNormalize: <%s>\n",
+		in->bv_val, 0, 0 );
+
+	rc = issuerAndThisUpdateCheck( in, &i, &tu, ctx );
+	if ( rc ) {
+		return rc;
+	}
+
+	rc = dnNormalize( usage, syntax, mr, &i, &ni, ctx );
+
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+		slap_sl_free( i.bv_val, ctx );
+	}
+
+	tu2.bv_val = sbuf;
+	tu2.bv_len = sizeof( sbuf );
+	if ( rc || checkTime( &tu, &tu2 ) ) {
+		return LDAP_INVALID_SYNTAX;
+	}
+
+	out->bv_len = STRLENOF( "{ issuer rdnSequence:\"\", thisUpdate \"\" }" )
+		+ ni.bv_len + tu2.bv_len;
+	out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
+
+	if ( out->bv_val == NULL ) {
+		out->bv_len = 0;
+		rc = LDAP_OTHER;
+		goto func_leave;
+	}
+
+	p = out->bv_val;
+
+	p = lutil_strcopy( p, "{ issuer rdnSequence:\"" /*}*/ );
+	p = lutil_strncopy( p, ni.bv_val, ni.bv_len );
+	p = lutil_strcopy( p, "\", thisUpdate \"" );
+	p = lutil_strncopy( p, tu2.bv_val, tu2.bv_len );
+	p = lutil_strcopy( p, /*{*/ "\" }" );
+
+	assert( p == &out->bv_val[out->bv_len] );
+
+func_leave:
+	Debug( LDAP_DEBUG_TRACE, "<<< issuerAndThisUpdateNormalize: <%s> => <%s>\n",
+		in->bv_val, rc == LDAP_SUCCESS ? out->bv_val : "(err)", 0 );
+
+	slap_sl_free( ni.bv_val, ctx );
+
+	return rc;
+}
+
+static int
+certificateListExactNormalize(
+	slap_mask_t usage,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *val,
+	struct berval *normalized,
+	void *ctx )
+{
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len;
+	ber_int_t version;
+	struct berval issuer_dn = BER_BVNULL, bvdn,
+		thisUpdate, bvtu;
+	char *p, tubuf[STRLENOF("YYYYmmddHHMMSSZ") + 1];
+	int rc = LDAP_INVALID_SYNTAX;
+
+	assert( val != NULL );
+
+	Debug( LDAP_DEBUG_TRACE, ">>> certificateListExactNormalize: <%p, %lu>\n",
+		val->bv_val, val->bv_len, 0 );
+
+	if ( BER_BVISEMPTY( val ) ) goto done;
+
+	if ( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
+		return issuerAndThisUpdateNormalize( 0, NULL, NULL, val, normalized, ctx );
+	}
+
+	assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) != 0 );
+
+	ber_init2( ber, val, LBER_USE_DER );
+	tag = ber_skip_tag( ber, &len );	/* Signed wrapper */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	tag = ber_skip_tag( ber, &len );	/* Sequence */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	tag = ber_peek_tag( ber, &len );
+	/* Optional version */
+	if ( tag == LBER_INTEGER ) {
+		tag = ber_get_int( ber, &version );
+		assert( tag == LBER_INTEGER );
+		if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+	}
+	tag = ber_skip_tag( ber, &len );	/* Signature Algorithm */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
 	ber_skip_data( ber, len );
+
 	tag = ber_peek_tag( ber, &len );	/* IssuerDN */
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
 	len = ber_ptrlen( ber );
 	bvdn.bv_val = val->bv_val + len;
 	bvdn.bv_len = val->bv_len - len;
+	tag = ber_skip_tag( ber, &len );
+	ber_skip_data( ber, len );
 
+	tag = ber_skip_tag( ber, &len );	/* thisUpdate */
+	/* Time is a CHOICE { UTCTime, GeneralizedTime } */
+	if ( tag != SLAP_TAG_UTCTIME && tag != SLAP_TAG_GENERALIZEDTIME ) return LDAP_INVALID_SYNTAX;
+	bvtu.bv_val = (char *)ber->ber_ptr;
+	bvtu.bv_len = len;
+
 	rc = dnX509normalize( &bvdn, &issuer_dn );
-	if( rc != LDAP_SUCCESS ) goto done;
+	if ( rc != LDAP_SUCCESS ) goto done;
 
-	normalized->bv_len = STRLENOF( "{ serialNumber , issuer rdnSequence:\"\" }" )
-		+ seriallen + issuer_dn.bv_len;
-	normalized->bv_val = ch_malloc(normalized->bv_len+1);
+	thisUpdate.bv_val = tubuf;
+	thisUpdate.bv_len = sizeof(tubuf);
+	if ( checkTime( &bvtu, &thisUpdate ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
 
-	p = (unsigned char *)normalized->bv_val;
+	normalized->bv_len = STRLENOF( "{ issuer rdnSequence:\"\", thisUpdate \"\" }" )
+		+ issuer_dn.bv_len + thisUpdate.bv_len;
+	normalized->bv_val = ch_malloc( normalized->bv_len + 1 );
 
-	AC_MEMCPY(p, "{ serialNumber ", STRLENOF( "{ serialNumber " ));
-	p += STRLENOF( "{ serialNumber " );
+	p = normalized->bv_val;
 
-	AC_MEMCPY(p, serial, seriallen);
-	p += seriallen;
+	p = lutil_strcopy( p, "{ issuer rdnSequence:\"" );
+	p = lutil_strncopy( p, issuer_dn.bv_val, issuer_dn.bv_len );
+	p = lutil_strcopy( p, "\", thisUpdate \"" );
+	p = lutil_strncopy( p, thisUpdate.bv_val, thisUpdate.bv_len );
+	p = lutil_strcopy( p, /*{*/ "\" }" );
 
-	AC_MEMCPY(p, ", issuer rdnSequence:\"", STRLENOF( ", issuer rdnSequence:\"" ));
-	p += STRLENOF( ", issuer rdnSequence:\"" );
+	rc = LDAP_SUCCESS;
 
-	AC_MEMCPY(p, issuer_dn.bv_val, issuer_dn.bv_len);
-	p += issuer_dn.bv_len;
+done:
+	Debug( LDAP_DEBUG_TRACE, "<<< certificateListExactNormalize: <%p, %lu> => <%s>\n",
+		val->bv_val, val->bv_len, rc == LDAP_SUCCESS ? normalized->bv_val : "(err)" );
 
-	AC_MEMCPY(p, "\" }", STRLENOF( "\" }" ));
-	p += STRLENOF( "\" }" );
+	if ( issuer_dn.bv_val ) ber_memfree( issuer_dn.bv_val );
 
-	*p = '\0';
+	return rc;
+}
 
-	Debug( LDAP_DEBUG_TRACE, "certificateExactNormalize: %s\n",
+/* X.509 PMI serialNumberAndIssuerSerialCheck
+
+AttributeCertificateExactAssertion     ::= SEQUENCE {
+   serialNumber              CertificateSerialNumber,
+   issuer                    AttCertIssuer }
+
+CertificateSerialNumber ::= INTEGER
+
+AttCertIssuer ::=    [0] SEQUENCE {
+issuerName                     GeneralNames OPTIONAL,
+baseCertificateID         [0] IssuerSerial OPTIONAL,
+objectDigestInfo          [1] ObjectDigestInfo OPTIONAL }
+-- At least one component shall be present
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+  otherName                 [0] INSTANCE OF OTHER-NAME,
+  rfc822Name                [1] IA5String,
+  dNSName                   [2] IA5String,
+  x400Address               [3] ORAddress,
+  directoryName             [4] Name,
+  ediPartyName              [5] EDIPartyName,
+  uniformResourceIdentifier [6] IA5String,
+  iPAddress                 [7] OCTET STRING,
+  registeredID              [8] OBJECT IDENTIFIER }
+
+IssuerSerial ::= SEQUENCE {
+   issuer       GeneralNames,
+   serial       CertificateSerialNumber,
+   issuerUID UniqueIdentifier OPTIONAL }
+
+ObjectDigestInfo ::= SEQUENCE {
+   digestedObjectType ENUMERATED {
+      publicKey           (0),
+      publicKeyCert       (1),
+      otherObjectTypes    (2) },
+   otherObjectTypeID      OBJECT IDENTIFIER OPTIONAL,
+   digestAlgorithm        AlgorithmIdentifier,
+   objectDigest           BIT STRING }
+
+ * The way I interpret it, an assertion should look like
+
+ { serialNumber 'dd'H,
+   issuer { issuerName { directoryName:rdnSequence:"cn=yyy" }, -- optional
+            baseCertificateID { serial '1d'H,
+                                issuer { directoryName:rdnSequence:"cn=zzz" },
+                                issuerUID <value>              -- optional
+                              },                               -- optional
+            objectDigestInfo { ... }                           -- optional
+          }
+ }
+ 
+ * with issuerName, baseCertificateID and objectDigestInfo optional,
+ * at least one present; the way it's currently implemented, it is
+
+ { serialNumber 'dd'H,
+   issuer { baseCertificateID { serial '1d'H,
+                                issuer { directoryName:rdnSequence:"cn=zzz" }
+                              }
+          }
+ }
+
+ * with all the above parts mandatory.
+ */
+static int
+serialNumberAndIssuerSerialCheck(
+	struct berval *in,
+	struct berval *sn,
+	struct berval *is,
+	struct berval *i_sn,	/* contain serial of baseCertificateID */
+	void *ctx )
+{
+	/* Parse GSER format */ 
+	enum {
+		HAVE_NONE = 0x0,
+		HAVE_SN = 0x1,
+		HAVE_ISSUER = 0x2,
+		HAVE_ALL = ( HAVE_SN | HAVE_ISSUER )
+	} have = HAVE_NONE, have2 = HAVE_NONE;
+	int numdquotes = 0;
+	struct berval x = *in;
+	struct berval ni;
+
+	if ( in->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
+
+	/* no old format */
+	if ( in->bv_val[0] != '{' && in->bv_val[in->bv_len-1] != '}' ) return LDAP_INVALID_SYNTAX;
+
+	x.bv_val++;
+	x.bv_len -= 2;
+
+	do {
+
+		/* eat leading spaces */
+		for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+			/* empty */;
+		}
+
+		/* should be at issuer or serialNumber NamedValue */
+		if ( strncasecmp( x.bv_val, "issuer", STRLENOF("issuer") ) == 0 ) {
+			if ( have & HAVE_ISSUER ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+
+			/* parse IssuerSerial */
+			x.bv_val += STRLENOF("issuer");
+			x.bv_len -= STRLENOF("issuer");
+
+			if ( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
+			}
+
+			if ( x.bv_val[0] != '{' /*}*/ ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
+			}
+
+			if ( strncasecmp( x.bv_val, "baseCertificateID ", STRLENOF("baseCertificateID ") ) != 0 ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+			x.bv_val += STRLENOF("baseCertificateID ");
+			x.bv_len -= STRLENOF("baseCertificateID ");
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
+			}
+
+			if ( x.bv_val[0] != '{' /*}*/ ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			do {
+				/* eat leading spaces */
+				for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+					/* empty */;
+				}
+
+				/* parse issuer of baseCertificateID */
+				if ( strncasecmp( x.bv_val, "issuer ", STRLENOF("issuer ") ) == 0 ) {
+					if ( have2 & HAVE_ISSUER ) {
+						return LDAP_INVALID_SYNTAX;
+					}
+
+					x.bv_val += STRLENOF("issuer ");
+					x.bv_len -= STRLENOF("issuer ");
+
+					/* eat leading spaces */
+					for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+						/* empty */;
+					}
+
+					if ( x.bv_val[0] != '{' /*}*/ ) return LDAP_INVALID_SYNTAX;
+					x.bv_val++;
+					x.bv_len--;
+
+					/* eat leading spaces */
+					for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+						/* empty */;
+					}
+
+					if ( strncasecmp( x.bv_val, "directoryName:rdnSequence:", STRLENOF("directoryName:rdnSequence:") ) != 0 ) {
+						return LDAP_INVALID_SYNTAX;
+					}
+					x.bv_val += STRLENOF("directoryName:rdnSequence:");
+					x.bv_len -= STRLENOF("directoryName:rdnSequence:");
+
+					if ( x.bv_val[0] != '"' ) return LDAP_INVALID_SYNTAX;
+					x.bv_val++;
+					x.bv_len--;
+
+					is->bv_val = x.bv_val;
+					is->bv_len = 0;
+
+					for ( ; is->bv_len < x.bv_len; ) {
+						if ( is->bv_val[is->bv_len] != '"' ) {
+							is->bv_len++;
+							continue;
+						}
+						if ( is->bv_val[is->bv_len + 1] == '"' ) {
+							/* double dquote */
+							is->bv_len += 2;
+							continue;
+						}
+						break;
+					}
+					x.bv_val += is->bv_len + 1;
+					x.bv_len -= is->bv_len + 1;
+
+					/* eat leading spaces */
+					for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+						/* empty */;
+					}
+
+					if ( x.bv_val[0] != /*{*/ '}' ) return LDAP_INVALID_SYNTAX;
+					x.bv_val++;
+					x.bv_len--;
+
+					have2 |= HAVE_ISSUER;
+
+				} else if ( strncasecmp( x.bv_val, "serial ", STRLENOF("serial ") ) == 0 ) {
+					if ( have2 & HAVE_SN ) {
+						return LDAP_INVALID_SYNTAX;
+					}
+
+					x.bv_val += STRLENOF("serial ");
+					x.bv_len -= STRLENOF("serial ");
+
+					/* eat leading spaces */
+					for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len--) {
+						/* empty */;
+					}
+
+					if ( checkNum( &x, i_sn ) ) {
+						return LDAP_INVALID_SYNTAX;
+					}
+
+					x.bv_val += i_sn->bv_len;
+					x.bv_len -= i_sn->bv_len;
+
+					have2 |= HAVE_SN;
+
+				} else {
+					return LDAP_INVALID_SYNTAX;
+				}
+
+				/* eat leading spaces */
+				for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+					/* empty */;
+				}
+
+				if ( have2 == HAVE_ALL ) {
+					break;
+				}
+
+				if ( x.bv_val[0] != ',' ) return LDAP_INVALID_SYNTAX;
+				x.bv_val++;
+				x.bv_len--;
+			} while ( 1 );
+
+			if ( x.bv_val[0] != /*{*/ '}' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
+			}
+
+			if ( x.bv_val[0] != /*{*/ '}' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			have |= HAVE_ISSUER;
+
+		} else if ( strncasecmp( x.bv_val, "serialNumber", STRLENOF("serialNumber") ) == 0 ) {
+			if ( have & HAVE_SN ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+
+			/* parse serialNumber */
+			x.bv_val += STRLENOF("serialNumber");
+			x.bv_len -= STRLENOF("serialNumber");
+
+			if ( x.bv_val[0] != ' ' ) return LDAP_INVALID_SYNTAX;
+			x.bv_val++;
+			x.bv_len--;
+
+			/* eat leading spaces */
+			for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+				/* empty */;
+			}
+			
+			if ( checkNum( &x, sn ) ) {
+				return LDAP_INVALID_SYNTAX;
+			}
+
+			x.bv_val += sn->bv_len;
+			x.bv_len -= sn->bv_len;
+
+			have |= HAVE_SN;
+
+		} else {
+			return LDAP_INVALID_SYNTAX;
+		}
+
+		/* eat spaces */
+		for ( ; (x.bv_val[0] == ' ') && x.bv_len; x.bv_val++, x.bv_len-- ) {
+			/* empty */;
+		}
+
+		if ( have == HAVE_ALL ) {
+			break;
+		}
+
+		if ( x.bv_val[0] != ',' ) {
+			return LDAP_INVALID_SYNTAX;
+		}
+		x.bv_val++ ;
+		x.bv_len--;
+	} while ( 1 );
+
+	/* should have no characters left... */
+	if( x.bv_len ) return LDAP_INVALID_SYNTAX;
+
+	if ( numdquotes == 0 ) {
+		ber_dupbv_x( &ni, is, ctx );
+
+	} else {
+		ber_len_t src, dst;
+
+		ni.bv_len = is->bv_len - numdquotes;
+		ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx );
+		for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) {
+			if ( is->bv_val[src] == '"' ) {
+				src++;
+			}
+			ni.bv_val[dst] = is->bv_val[src];
+		}
+		ni.bv_val[dst] = '\0';
+	}
+
+	*is = ni;
+
+	/* need to handle double dquotes here */
+	return 0;
+}
+
+/* X.509 PMI serialNumberAndIssuerSerialValidate */
+static int
+serialNumberAndIssuerSerialValidate(
+	Syntax *syntax,
+	struct berval *in )
+{
+	int rc;
+	struct berval sn, i, i_sn;
+
+	Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerSerialValidate: <%s>\n",
+		in->bv_val, 0, 0 );
+
+	rc = serialNumberAndIssuerSerialCheck( in, &sn, &i, &i_sn, NULL );
+	if ( rc ) {
+		goto done;
+	}
+
+	/* validate DN -- doesn't handle double dquote */ 
+	rc = dnValidate( NULL, &i );
+	if ( rc ) {
+		rc = LDAP_INVALID_SYNTAX;
+	}
+
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+		slap_sl_free( i.bv_val, NULL );
+	}
+
+done:;
+	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerSerialValidate: <%s> err=%d\n",
+		in->bv_val, rc, 0 );
+
+	return rc;
+}
+
+/* X.509 PMI serialNumberAndIssuerSerialPretty */
+static int
+serialNumberAndIssuerSerialPretty(
+	Syntax *syntax,
+	struct berval *in,
+	struct berval *out,
+	void *ctx )
+{
+	struct berval sn, i, i_sn, ni = BER_BVNULL;
+	char *p;
+	int rc;
+
+	assert( in != NULL );
+	assert( out != NULL );
+
+	Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerSerialPretty: <%s>\n",
+		in->bv_val, 0, 0 );
+
+	rc = serialNumberAndIssuerSerialCheck( in, &sn, &i, &i_sn, ctx );
+	if ( rc ) {
+		goto done;
+	}
+
+	rc = dnPretty( syntax, &i, &ni, ctx );
+
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+		slap_sl_free( i.bv_val, ctx );
+	}
+
+	if ( rc ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
+
+	/* make room from sn + "$" */
+	out->bv_len = STRLENOF("{ serialNumber , issuer { baseCertificateID { issuer { directoryName:rdnSequence:\"\" }, serial  } } }")
+		+ sn.bv_len + ni.bv_len + i_sn.bv_len;
+	out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
+
+	if ( out->bv_val == NULL ) {
+		out->bv_len = 0;
+		rc = LDAP_OTHER;
+		goto done;
+	}
+
+	p = out->bv_val;
+	p = lutil_strcopy( p, "{ serialNumber " );
+	p = lutil_strncopy( p, sn.bv_val, sn.bv_len );
+	p = lutil_strcopy( p, ", issuer { baseCertificateID { issuer { directoryName:rdnSequence:\"" );
+	p = lutil_strncopy( p, ni.bv_val, ni.bv_len );
+	p = lutil_strcopy( p, "\" }, serial " );
+	p = lutil_strncopy( p, i_sn.bv_val, i_sn.bv_len );
+	p = lutil_strcopy( p, " } } }" );
+
+	assert( p == &out->bv_val[out->bv_len] );
+
+done:;
+	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerSerialPretty: <%s> => <%s>\n",
+		in->bv_val, rc == LDAP_SUCCESS ? out->bv_val : "(err)", 0 );
+
+	slap_sl_free( ni.bv_val, ctx );
+
+	return rc; 
+}
+
+/* X.509 PMI serialNumberAndIssuerSerialNormalize */
+/*
+ * This routine is called by attributeCertificateExactNormalize
+ * when attributeCertificateExactNormalize receives a search 
+ * string instead of a attribute certificate. This routine 
+ * checks if the search value is valid and then returns the 
+ * normalized value
+ */
+static int
+serialNumberAndIssuerSerialNormalize(
+	slap_mask_t usage,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *in,
+	struct berval *out,
+	void *ctx )
+{
+	struct berval i, ni = BER_BVNULL,
+		sn, sn2 = BER_BVNULL, sn3 = BER_BVNULL,
+		i_sn, i_sn2 = BER_BVNULL, i_sn3 = BER_BVNULL;
+	char sbuf2[SLAP_SN_BUFLEN], i_sbuf2[SLAP_SN_BUFLEN],
+		sbuf3[SLAP_SN_BUFLEN], i_sbuf3[SLAP_SN_BUFLEN];
+	char *p;
+	int rc;
+
+	assert( in != NULL );
+	assert( out != NULL );
+
+	Debug( LDAP_DEBUG_TRACE, ">>> serialNumberAndIssuerSerialNormalize: <%s>\n",
+		in->bv_val, 0, 0 );
+
+	rc = serialNumberAndIssuerSerialCheck( in, &sn, &i, &i_sn, ctx );
+	if ( rc ) {
+		goto func_leave;
+	}
+
+	rc = dnNormalize( usage, syntax, mr, &i, &ni, ctx );
+
+	if ( in->bv_val[0] == '{' && in->bv_val[in->bv_len-1] == '}' ) {
+		slap_sl_free( i.bv_val, ctx );
+	}
+
+	if ( rc ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto func_leave;
+	}
+
+	/* Convert sn to canonical hex */
+	sn2.bv_val = sbuf2;
+	sn2.bv_len = sn.bv_len;
+	if ( sn.bv_len > sizeof( sbuf2 ) ) {
+		sn2.bv_val = slap_sl_malloc( sn.bv_len, ctx );
+	}
+	if ( lutil_str2bin( &sn, &sn2, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto func_leave;
+	}
+
+        /* Convert i_sn to canonical hex */
+	i_sn2.bv_val = i_sbuf2;
+	i_sn2.bv_len = i_sn.bv_len;
+	if ( i_sn.bv_len > sizeof( i_sbuf2 ) ) {
+		i_sn2.bv_val = slap_sl_malloc( i_sn.bv_len, ctx );
+	}
+	if ( lutil_str2bin( &i_sn, &i_sn2, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto func_leave;
+	}
+
+	sn3.bv_val = sbuf3;
+	sn3.bv_len = sizeof(sbuf3);
+	if ( slap_bin2hex( &sn2, &sn3, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto func_leave;
+	}
+
+	i_sn3.bv_val = i_sbuf3;
+	i_sn3.bv_len = sizeof(i_sbuf3);
+	if ( slap_bin2hex( &i_sn2, &i_sn3, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto func_leave;
+	}
+
+	out->bv_len = STRLENOF("{ serialNumber , issuer { baseCertificateID { issuer { directoryName:rdnSequence:\"\" }, serial  } } }")
+		+ sn3.bv_len + ni.bv_len + i_sn3.bv_len;
+	out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx );
+
+	if ( out->bv_val == NULL ) {
+		out->bv_len = 0;
+		rc = LDAP_OTHER;
+		goto func_leave;
+	}
+
+	p = out->bv_val;
+
+	p = lutil_strcopy( p, "{ serialNumber " );
+	p = lutil_strncopy( p, sn3.bv_val, sn3.bv_len );
+	p = lutil_strcopy( p, ", issuer { baseCertificateID { issuer { directoryName:rdnSequence:\"" );
+	p = lutil_strncopy( p, ni.bv_val, ni.bv_len );
+	p = lutil_strcopy( p, "\" }, serial " );
+	p = lutil_strncopy( p, i_sn3.bv_val, i_sn3.bv_len );
+	p = lutil_strcopy( p, " } } }" );
+
+	assert( p == &out->bv_val[out->bv_len] );
+
+func_leave:
+	Debug( LDAP_DEBUG_TRACE, "<<< serialNumberAndIssuerSerialNormalize: <%s> => <%s>\n",
+		in->bv_val, rc == LDAP_SUCCESS ? out->bv_val : "(err)", 0 );
+
+	if ( sn2.bv_val != sbuf2 ) {
+		slap_sl_free( sn2.bv_val, ctx );
+	}
+
+	if ( i_sn2.bv_val != i_sbuf2 ) {
+		slap_sl_free( i_sn2.bv_val, ctx );
+	}
+
+	if ( sn3.bv_val != sbuf3 ) {
+		slap_sl_free( sn3.bv_val, ctx );
+	}
+
+	if ( i_sn3.bv_val != i_sbuf3 ) {
+		slap_sl_free( i_sn3.bv_val, ctx );
+	}
+
+	slap_sl_free( ni.bv_val, ctx );
+
+	return rc;
+}
+
+/* X.509 PMI attributeCertificateExactNormalize */
+static int
+attributeCertificateExactNormalize(
+	slap_mask_t usage,
+	Syntax *syntax,
+	MatchingRule *mr,
+	struct berval *val,
+	struct berval *normalized,
+	void *ctx )
+{
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len;
+	char issuer_serialbuf[SLAP_SN_BUFLEN], serialbuf[SLAP_SN_BUFLEN];
+	struct berval sn, i_sn, sn2, i_sn2;
+	struct berval issuer_dn = BER_BVNULL, bvdn;
+	char *p;
+	int rc = LDAP_INVALID_SYNTAX;
+
+	if ( BER_BVISEMPTY( val ) ) {
+		goto done;
+	}
+
+	if ( SLAP_MR_IS_VALUE_OF_ASSERTION_SYNTAX(usage) ) {
+		return serialNumberAndIssuerSerialNormalize( 0, NULL, NULL, val, normalized, ctx );
+	}
+
+	assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) != 0 );
+
+	ber_init2( ber, val, LBER_USE_DER );
+	tag = ber_skip_tag( ber, &len );	/* Signed Sequence */
+	tag = ber_skip_tag( ber, &len );	/* Sequence */
+	tag = ber_skip_tag( ber, &len );	/* (Mandatory) version; must be v2(1) */
+	ber_skip_data( ber, len );
+	tag = ber_skip_tag( ber, &len );	/* Holder Sequence */
+	ber_skip_data( ber, len );
+
+	/* Issuer */
+	tag = ber_skip_tag( ber, &len );	/* Sequence */
+						/* issuerName (GeneralNames sequence; optional)? */
+	tag = ber_skip_tag( ber, &len );	/* baseCertificateID (sequence; optional)? */
+	tag = ber_skip_tag( ber, &len );	/* GeneralNames (sequence) */
+	tag = ber_skip_tag( ber, &len );	/* directoryName (we only accept this form of GeneralName) */
+	if ( tag != SLAP_X509_GN_DIRECTORYNAME ) { 
+		rc = LDAP_INVALID_SYNTAX; 
+		goto done;
+	}
+	tag = ber_peek_tag( ber, &len );	/* sequence of RDN */
+	len = ber_ptrlen( ber );
+	bvdn.bv_val = val->bv_val + len;
+	bvdn.bv_len = val->bv_len - len;
+	rc = dnX509normalize( &bvdn, &issuer_dn );
+	if ( rc != LDAP_SUCCESS ) goto done;
+	
+	tag = ber_skip_tag( ber, &len );	/* sequence of RDN */
+	ber_skip_data( ber, len ); 
+	tag = ber_skip_tag( ber, &len );	/* serial number */
+	if ( tag != LBER_INTEGER ) {
+		rc = LDAP_INVALID_SYNTAX; 
+		goto done;
+	}
+	i_sn.bv_val = (char *)ber->ber_ptr;
+	i_sn.bv_len = len;
+	i_sn2.bv_val = issuer_serialbuf;
+	i_sn2.bv_len = sizeof(issuer_serialbuf);
+	if ( slap_bin2hex( &i_sn, &i_sn2, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
+	ber_skip_data( ber, len );
+
+						/* issuerUID (bitstring; optional)? */
+						/* objectDigestInfo (sequence; optional)? */
+
+	tag = ber_skip_tag( ber, &len );	/* Signature (sequence) */
+	ber_skip_data( ber, len );
+	tag = ber_skip_tag( ber, &len );	/* serial number */ 
+	if ( tag != LBER_INTEGER ) {
+		rc = LDAP_INVALID_SYNTAX; 
+		goto done;
+	}
+	sn.bv_val = (char *)ber->ber_ptr;
+	sn.bv_len = len;
+	sn2.bv_val = serialbuf;
+	sn2.bv_len = sizeof(serialbuf);
+	if ( slap_bin2hex( &sn, &sn2, ctx ) ) {
+		rc = LDAP_INVALID_SYNTAX;
+		goto done;
+	}
+	ber_skip_data( ber, len );
+
+	normalized->bv_len = STRLENOF( "{ serialNumber , issuer { baseCertificateID { issuer { directoryName:rdnSequence:\"\" }, serial  } } }" )
+		+ sn2.bv_len + issuer_dn.bv_len + i_sn2.bv_len;
+	normalized->bv_val = ch_malloc( normalized->bv_len + 1 );
+
+	p = normalized->bv_val;
+
+	p = lutil_strcopy( p, "{ serialNumber " );
+	p = lutil_strncopy( p, sn2.bv_val, sn2.bv_len );
+	p = lutil_strcopy( p, ", issuer { baseCertificateID { issuer { directoryName:rdnSequence:\"" );
+	p = lutil_strncopy( p, issuer_dn.bv_val, issuer_dn.bv_len );
+	p = lutil_strcopy( p, "\" }, serial " );
+	p = lutil_strncopy( p, i_sn2.bv_val, i_sn2.bv_len );
+	p = lutil_strcopy( p, " } } }" );
+
+	Debug( LDAP_DEBUG_TRACE, "attributeCertificateExactNormalize: %s\n",
 		normalized->bv_val, NULL, NULL );
 
 	rc = LDAP_SUCCESS;
 
 done:
 	if ( issuer_dn.bv_val ) ber_memfree( issuer_dn.bv_val );
-	if ( serial != serialbuf ) ber_memfree_x( serial, ctx );
+	if ( i_sn2.bv_val != issuer_serialbuf ) ber_memfree_x( i_sn2.bv_val, ctx );
+	if ( sn2.bv_val != serialbuf ) ber_memfree_x( sn2.bv_val, ctx );
 
 	return rc;
 }
 
+
 static int
 hexValidate(
 	Syntax *syntax,
 	struct berval *in )
 {
-	int	i;
+	ber_len_t	i;
 
 	assert( in != NULL );
 	assert( !BER_BVISNULL( in ) );
@@ -3387,7 +4761,7 @@
 	struct berval *normalized,
 	void *ctx )
 {
-	int	i;
+	ber_len_t	i;
 
 	assert( val != NULL );
 	assert( normalized != NULL );
@@ -3478,7 +4852,7 @@
 	assert( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX(usage) != 0 );
 
 	ptr = ber_bvchr( val, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3486,7 +4860,7 @@
 	bv.bv_len = val->bv_len - ( ptr + 1 - val->bv_val );
 
 	ptr = ber_bvchr( &bv, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3494,7 +4868,7 @@
 	bv.bv_len = val->bv_len - ( ptr + 1 - val->bv_val );
 		
 	ptr = ber_bvchr( &bv, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3533,7 +4907,7 @@
 	bv = *in;
 
 	ptr = ber_bvchr( &bv, '#' );
-	if ( ptr == NULL || ptr - bv.bv_val == bv.bv_len ) {
+	if ( ptr == NULL || ptr == &bv.bv_val[bv.bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3553,7 +4927,7 @@
 	bv.bv_len = in->bv_len - ( bv.bv_val - in->bv_val );
 
 	ptr = ber_bvchr( &bv, '#' );
-	if ( ptr == NULL || ptr - in->bv_val == in->bv_len ) {
+	if ( ptr == NULL || ptr == &in->bv_val[in->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3571,7 +4945,7 @@
 	bv.bv_len = in->bv_len - ( bv.bv_val - in->bv_val );
 
 	ptr = ber_bvchr( &bv, '#' );
-	if ( ptr == NULL || ptr - in->bv_val == in->bv_len ) {
+	if ( ptr == NULL || ptr == &in->bv_val[in->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3611,7 +4985,7 @@
 	struct berval	bv;
 	char		buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
 	char		*ptr;
-	int		i;
+	ber_len_t	i;
 
 	assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
 	assert( !BER_BVISEMPTY( val ) );
@@ -3619,7 +4993,7 @@
 	gt = *val;
 
 	ptr = ber_bvchr( &gt, '#' );
-	if ( ptr == NULL || ptr - gt.bv_val == gt.bv_len ) {
+	if ( ptr == NULL || ptr == &gt.bv_val[gt.bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3636,7 +5010,7 @@
 	cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
 
 	ptr = ber_bvchr( &cnt, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3656,7 +5030,7 @@
 	sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
 		
 	ptr = ber_bvchr( &sid, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3694,7 +5068,7 @@
 	}
 	*ptr = '\0';
 
-	assert( ptr - bv.bv_val == bv.bv_len );
+	assert( ptr == &bv.bv_val[bv.bv_len] );
 
 	if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
 		return LDAP_INVALID_SYNTAX;
@@ -3719,7 +5093,7 @@
 	struct berval	bv;
 	char		buf[ STRLENOF( "YYYYmmddHHMMSS.uuuuuuZ#SSSSSS#SID#ssssss" ) + 1 ];
 	char		*ptr;
-	int		i;
+	ber_len_t	i;
 
 	assert( SLAP_MR_IS_VALUE_OF_SYNTAX( usage ) != 0 );
 	assert( !BER_BVISEMPTY( val ) );
@@ -3727,7 +5101,7 @@
 	gt = *val;
 
 	ptr = ber_bvchr( &gt, '#' );
-	if ( ptr == NULL || ptr - gt.bv_val == gt.bv_len ) {
+	if ( ptr == NULL || ptr == &gt.bv_val[gt.bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3740,7 +5114,7 @@
 	cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
 
 	ptr = ber_bvchr( &cnt, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3753,7 +5127,7 @@
 	sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
 		
 	ptr = ber_bvchr( &sid, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3786,7 +5160,7 @@
 	}
 	*ptr = '\0';
 
-	assert( ptr - bv.bv_val == bv.bv_len );
+	assert( ptr == &bv.bv_val[bv.bv_len] );
 	if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
 		return LDAP_INVALID_SYNTAX;
 	}
@@ -3808,7 +5182,7 @@
 {
 	struct berval	cnt, sid, mod;
 	char		*ptr;
-	int		i;
+	ber_len_t	i;
 
 	assert( val != NULL );
 	assert( normalized != NULL );
@@ -3836,7 +5210,7 @@
 	}
 
 	ptr = ber_bvchr( val, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3848,7 +5222,7 @@
 	cnt.bv_len = val->bv_len - ( cnt.bv_val - val->bv_val );
 
 	ptr = ber_bvchr( &cnt, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -3860,7 +5234,7 @@
 	sid.bv_len = val->bv_len - ( sid.bv_val - val->bv_val );
 		
 	ptr = ber_bvchr( &sid, '#' );
-	if ( ptr == NULL || ptr - val->bv_val == val->bv_len ) {
+	if ( ptr == NULL || ptr == &val->bv_val[val->bv_len] ) {
 		return LDAP_INVALID_SYNTAX;
 	}
 
@@ -4536,8 +5910,10 @@
 
 	if( val->bv_len < 3 ) return LDAP_INVALID_SYNTAX;
 
-	if( val->bv_val[0] != '(' /*')'*/ &&
-		val->bv_val[0] != '{' /*'}'*/ )
+	if( ! ( val->bv_val[0] == '(' /*')'*/
+			&& val->bv_val[val->bv_len - 1] == /*'('*/ ')' )
+		&& ! ( val->bv_val[0] == '{' /*'}'*/
+			&& val->bv_val[val->bv_len - 1] == /*'('*/ '}' ) )
 	{
 		return LDAP_INVALID_SYNTAX;
 	}
@@ -4552,7 +5928,7 @@
 
 	/* grab next word */
 	comp.bv_val = &val->bv_val[len];
-	len = val->bv_len - len;
+	len = val->bv_len - len - STRLENOF(/*"{"*/ "}");
 	for( comp.bv_len = 0;
 		!ASCII_SPACE(comp.bv_val[comp.bv_len]) && comp.bv_len < len;
 		comp.bv_len++ )
@@ -4616,6 +5992,10 @@
 		X_BINARY X_NOT_H_R ")",
 		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER,
 		NULL, sequenceValidate, NULL},
+	{"( " attributeCertificateSyntaxOID " DESC 'X.509 AttributeCertificate' "
+		X_BINARY X_NOT_H_R ")",
+		SLAP_SYNTAX_BINARY|SLAP_SYNTAX_BER,
+		NULL, attributeCertificateValidate, NULL},
 #if 0	/* need to go __after__ printableString */
 	{"( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )",
 		0, "1.3.6.1.4.1.1466.115.121.1.44",
@@ -4686,7 +6066,7 @@
 	{"( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )",
 		0, NULL, blobValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )",
-		0, NULL, UTF8StringValidate, NULL},
+		0, NULL, postalAddressValidate, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )",
 		0, NULL, NULL, NULL},
 	{"( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )",
@@ -4742,11 +6122,19 @@
 	{"( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )",
 		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )",
-		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
+		SLAP_SYNTAX_HIDE, NULL,
+		issuerAndThisUpdateValidate,
+		issuerAndThisUpdatePretty},
 	{"( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )",
 		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 	{"( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )",
 		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
+	{"( " attributeCertificateExactAssertionSyntaxOID " DESC 'AttributeCertificate Exact Assertion' )",
+		SLAP_SYNTAX_HIDE, NULL,
+		serialNumberAndIssuerSerialValidate,
+		serialNumberAndIssuerSerialPretty},
+	{"( " attributeCertificateAssertionSyntaxOID " DESC 'AttributeCertificate Assertion' )",
+		SLAP_SYNTAX_HIDE, NULL, NULL, NULL},
 
 #ifdef SLAPD_AUTHPASSWD
 	/* needs updating */
@@ -4782,12 +6170,24 @@
 	"1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
 	NULL
 };
+char *certificateListExactMatchSyntaxes[] = {
+	"1.3.6.1.4.1.1466.115.121.1.9" /* certificateList */,
+	NULL
+};
+char *attributeCertificateExactMatchSyntaxes[] = {
+	attributeCertificateSyntaxOID  /* attributeCertificate */,
+	NULL
+};
+
 #ifdef LDAP_COMP_MATCH
 char *componentFilterMatchSyntaxes[] = {
 	"1.3.6.1.4.1.1466.115.121.1.8" /* certificate */,
+	"1.3.6.1.4.1.1466.115.121.1.9" /* certificateList */,
+	attributeCertificateSyntaxOID /* attributeCertificate */,
 	NULL
 };
 #endif
+
 char *directoryStringSyntaxes[] = {
 	"1.3.6.1.4.1.1466.115.121.1.44" /* printableString */,
 	NULL
@@ -4819,8 +6219,6 @@
  * 2.5.13.33*	keywordMatch
  * 2.5.13.36+	certificatePairExactMatch
  * 2.5.13.37+	certificatePairMatch
- * 2.5.13.38+	certificateListExactMatch
- * 2.5.13.39+	certificateListMatch
  * 2.5.13.40+	algorithmIdentifierMatch
  * 2.5.13.41*	storedPrefixMatch
  * 2.5.13.42	attributeCertificateMatch
@@ -4991,7 +6389,9 @@
 	{"( 2.5.13.11 NAME 'caseIgnoreListMatch' "
 		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )",
 		SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
-		NULL, NULL, NULL, NULL, NULL, NULL },
+		NULL, postalAddressNormalize, octetStringMatch,
+		octetStringIndexer, octetStringFilter,
+		NULL },
 
 	{"( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' "
 		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )",
@@ -5123,6 +6523,32 @@
 		NULL, NULL, NULL, NULL, NULL,
 		NULL },
 
+	{"( 2.5.13.38 NAME 'certificateListExactMatch' "
+		"SYNTAX 1.3.6.1.1.15.5 )",
+		SLAP_MR_EQUALITY | SLAP_MR_EXT, certificateListExactMatchSyntaxes,
+		NULL, certificateListExactNormalize, octetStringMatch,
+		octetStringIndexer, octetStringFilter,
+		NULL },
+
+	{"( 2.5.13.39 NAME 'certificateListMatch' "
+		"SYNTAX 1.3.6.1.1.15.6 )",
+		SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,
+		NULL, NULL, NULL, NULL, NULL,
+		NULL },
+
+	{"( 2.5.13.45 NAME 'attributeCertificateExactMatch' "
+		"SYNTAX " attributeCertificateExactAssertionSyntaxOID " )",
+		SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_HIDE, attributeCertificateExactMatchSyntaxes,
+		NULL, attributeCertificateExactNormalize, octetStringMatch,
+		octetStringIndexer, octetStringFilter,
+		NULL },
+
+	{"( 2.5.13.46 NAME 'attributeCertificateMatch' "
+		"SYNTAX " attributeCertificateAssertionSyntaxOID " )",
+		SLAP_MR_EQUALITY | SLAP_MR_EXT | SLAP_MR_HIDE, NULL,
+		NULL, NULL, NULL, NULL, NULL,
+		NULL },
+
 	{"( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' "
 		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )",
 		SLAP_MR_EQUALITY | SLAP_MR_EXT, NULL,

Modified: openldap/vendor/openldap-release/servers/slapd/schema_prep.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schema_prep.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schema_prep.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* schema_prep.c - load builtin schema */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.169.2.8 2008/07/09 23:43:08 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schema_prep.c,v 1.169.2.11 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1072,6 +1072,10 @@
 	{ "objectIdentifierFirstComponentMatch",
 		offsetof(struct slap_internal_schema,
 			si_mr_objectIdentifierFirstComponentMatch) },
+	{ "caseIgnoreMatch",
+		offsetof(struct slap_internal_schema, si_mr_caseIgnoreMatch) },
+	{ "caseIgnoreListMatch",
+		offsetof(struct slap_internal_schema, si_mr_caseIgnoreListMatch) },
 	{ NULL, 0 }
 };
 
@@ -1266,7 +1270,6 @@
 					mr->smr_filter = ad_map[i].ssam_mr_filter;
 				}
 
-				/* FIXME: no-one will free this at exit */
 				(*adp)->ad_type->sat_equality = mr;
 			}
 		}

Modified: openldap/vendor/openldap-release/servers/slapd/schemaparse.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/schemaparse.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/schemaparse.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* schemaparse.c - routines to parse config file objectclass definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/schemaparse.c,v 1.80.2.4 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/schemaparse.c,v 1.80.2.7 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -50,6 +50,8 @@
 	"Syntax not found",
 	"Duplicate ldapSyntax",
 	"Superior syntax not found",
+	"Substitute syntax not specified",
+	"Substitute syntax not found",
 	"OID or name required",
 	"Qualifier not supported",
 	"Invalid NAME",
@@ -331,3 +333,68 @@
 
 	return code;
 }
+
+static void
+syn_usage( void )
+{
+	fprintf( stderr, "%s",
+		"SyntaxDescription = \"(\" whsp\n"
+		"  numericoid whsp                  ; object identifier\n"
+		"  [ whsp \"DESC\" whsp qdstring ]  ; description\n"
+		"  extensions whsp \")\"            ; extensions\n"
+		"  whsp \")\"\n");
+}
+
+int
+parse_syn(
+	struct config_args_s *c,
+	Syntax **ssyn,
+	Syntax *prev )
+{
+	LDAPSyntax		*syn;
+	slap_syntax_defs_rec	def = { 0 };
+	int			code;
+	const char		*err;
+	char			*line = strchr( c->line, '(' );
+
+	syn = ldap_str2syntax( line, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+	if ( !syn ) {
+		snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: %s before %s",
+			c->argv[0], ldap_scherr2str(code), err );
+		Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+			"%s %s\n", c->log, c->cr_msg, 0 );
+		syn_usage();
+		return 1;
+	}
+
+	if ( syn->syn_oid == NULL ) {
+		snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: OID is missing",
+			c->argv[0] );
+		Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+			"%s %s\n", c->log, c->cr_msg, 0 );
+		syn_usage();
+		code = 1;
+		goto done;
+	}
+
+	code = syn_add( syn, 1, &def, ssyn, prev, &err );
+	if ( code ) {
+		snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s: %s: \"%s\"",
+			c->argv[0], scherr2str(code), err);
+		Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
+			"%s %s\n", c->log, c->cr_msg, 0 );
+		code = 1;
+		goto done;
+	}
+
+done:;
+	if ( code ) {
+		ldap_syntax_free( syn );
+
+	} else {
+		ldap_memfree( syn );
+	}
+
+	return code;
+}
+

Modified: openldap/vendor/openldap-release/servers/slapd/search.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/search.c,v 1.181.2.5 2008/04/14 22:16:16 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/search.c,v 1.181.2.8 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -180,7 +180,7 @@
 
 	if ( StatslogTest( LDAP_DEBUG_STATS ) ) {
 		char abuf[BUFSIZ/2], *ptr = abuf;
-		int len = 0, alen;
+		unsigned len = 0, alen;
 
 		sprintf(abuf, "scope=%d deref=%d", op->ors_scope, op->ors_deref);
 		Statslog( LDAP_DEBUG_STATS,
@@ -227,7 +227,7 @@
 		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
 	}
 	if ( op->ors_filter != NULL) {
-		filter_free_x( op, op->ors_filter );
+		filter_free_x( op, op->ors_filter, 1 );
 	}
 	if ( op->ors_attrs != NULL ) {
 		op->o_tmpfree( op->ors_attrs, op->o_tmpmemctx );

Modified: openldap/vendor/openldap-release/servers/slapd/sets.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sets.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/sets.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.28.2.10 2008/07/08 20:36:58 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.c,v 1.28.2.13 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2000-2008 The OpenLDAP Foundation.
+ * Copyright 2000-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -120,7 +120,7 @@
 /* Join two sets according to operator op and flags op_flags.
  * op can be:
  *	'|' (or):	the union between the two sets is returned,
- *		 	eliminating diplicates
+ *		 	eliminating duplicates
  *	'&' (and):	the intersection between the two sets
  *			is returned
  *	'+' (add):	the inner product of the two sets is returned,
@@ -726,6 +726,7 @@
 			if ( len == 4
 				&& memcmp( "this", filter, len ) == 0 )
 			{
+				assert( !BER_BVISNULL( target ) );
 				if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
 					SF_ERROR( syntax );
 				}
@@ -746,15 +747,15 @@
 				if ( ( SF_TOP() == (void *)'/' ) || IS_SET( SF_TOP() ) ) {
 					SF_ERROR( syntax );
 				}
+				if ( BER_BVISNULL( user ) ) {
+					SF_ERROR( memory );
+				}
 				set = cp->set_op->o_tmpcalloc( 2, sizeof( struct berval ),
 						cp->set_op->o_tmpmemctx );
 				if ( set == NULL ) {
 					SF_ERROR( memory );
 				}
 				ber_dupbv_x( set, user, cp->set_op->o_tmpmemctx );
-				if ( BER_BVISNULL( set ) ) {
-					SF_ERROR( memory );
-				}
 				BER_BVZERO( &set[ 1 ] );
 				
 			} else if ( SF_TOP() != (void *)'/' ) {

Modified: openldap/vendor/openldap-release/servers/slapd/sets.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sets.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/sets.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/sets.h,v 1.21.2.4 2008/05/20 00:09:30 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sets.h,v 1.21.2.5 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for shell-backends
-# $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/Makefile.in,v 1.14.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/Makefile.in,v 1.14.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/passwd-shell.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* passwd-shell.c - passwd(5) shell-based backend for slapd(8) */
-/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/passwd-shell.c,v 1.14.2.4 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/passwd-shell.c,v 1.14.2.5 2009/01/22 00:01:14 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* shellutil.c - common routines useful when building shell-based backends */
-/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.c,v 1.17.2.3 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.c,v 1.17.2.4 2009/01/22 00:01:14 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/shell-backends/shellutil.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* shellutil.h */
-/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.h,v 1.11.2.3 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/shell-backends/shellutil.h,v 1.11.2.4 2009/01/22 00:01:14 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/sl_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/sl_malloc.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/sl_malloc.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* sl_malloc.c - malloc routines using a per-thread slab */
-/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.39.2.6 2008/02/11 23:34:15 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/sl_malloc.c,v 1.39.2.7 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slap.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slap.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slap.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* slap.h - stand alone ldap server include file */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.764.2.29 2008/07/08 19:25:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slap.h,v 1.764.2.47 2009/02/10 17:03:11 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -64,6 +64,7 @@
 #define LDAP_SYNC_TIMESTAMP
 #define SLAP_CONTROL_X_SORTEDRESULTS
 #define SLAP_CONTROL_X_SESSION_TRACKING
+#define SLAP_CONTROL_X_WHATFAILED
 #define SLAP_CONFIG_DELETE
 #endif
 
@@ -300,6 +301,8 @@
 	SLAP_SCHERR_SYN_NOT_FOUND,
 	SLAP_SCHERR_SYN_DUP,
 	SLAP_SCHERR_SYN_SUP_NOT_FOUND,
+	SLAP_SCHERR_SYN_SUBST_NOT_SPECIFIED,
+	SLAP_SCHERR_SYN_SUBST_NOT_FOUND,
 	SLAP_SCHERR_NO_NAME,
 	SLAP_SCHERR_NOT_SUPPORTED,
 	SLAP_SCHERR_BAD_DESCR,
@@ -415,6 +418,7 @@
 #else
 #define SLAP_SYNTAX_HIDE	0x8000U /* hide (do not publish) */
 #endif
+#define	SLAP_SYNTAX_HARDCODE	0x10000U	/* This is hardcoded schema */
 
 	Syntax				**ssyn_sups;
 
@@ -431,7 +435,7 @@
 	struct ComponentDesc* ssync_comp_syntax;
 #endif
 
-	LDAP_SLIST_ENTRY(Syntax)	ssyn_next;
+	LDAP_STAILQ_ENTRY(Syntax)	ssyn_next;
 };
 
 #define slap_syntax_is_flag(s,flag) ((int)((s)->ssyn_flags & (flag)) ? 1 : 0)
@@ -969,6 +973,8 @@
 	MatchingRule	*si_mr_integerMatch;
 	MatchingRule    *si_mr_integerFirstComponentMatch;
 	MatchingRule    *si_mr_objectIdentifierFirstComponentMatch;
+	MatchingRule    *si_mr_caseIgnoreMatch;
+	MatchingRule    *si_mr_caseIgnoreListMatch;
 
 	/* Syntaxes */
 	Syntax		*si_syn_directoryString;
@@ -1536,10 +1542,18 @@
 	slap_acl_state_t as_recorded;
 	int as_vd_acl_count;
 	int as_result;
+	int as_fe_done;
 } AccessControlState;
 #define ACL_STATE_INIT { NULL, NULL, NULL, \
-	ACL_STATE_NOT_RECORDED, 0, 0 }
+	ACL_STATE_NOT_RECORDED, 0, 0, 0 }
 
+typedef struct AclRegexMatches {        
+	int dn_count;
+        regmatch_t dn_data[MAXREMATCHES];
+	int val_count;
+        regmatch_t val_data[MAXREMATCHES];
+} AclRegexMatches;
+
 /*
  * Backend-info
  * represents a backend 
@@ -1593,6 +1607,7 @@
 	char *sb_tls_cacertdir;
 	char *sb_tls_reqcert;
 	char *sb_tls_cipher_suite;
+	char *sb_tls_protocol_min;
 #ifdef HAVE_OPENSSL_CRL
 	char *sb_tls_crlcheck;
 #endif
@@ -1636,6 +1651,7 @@
 
 struct slap_limits {
 	unsigned		lm_flags;	/* type of pattern */
+	/* Values must match lmpats[] in limits.c */
 #define SLAP_LIMITS_UNDEFINED		0x0000U
 #define SLAP_LIMITS_EXACT		0x0001U
 #define SLAP_LIMITS_BASE		SLAP_LIMITS_EXACT
@@ -1648,8 +1664,10 @@
 #define SLAP_LIMITS_ANY			0x0008U
 #define SLAP_LIMITS_MASK		0x000FU
 
-#define SLAP_LIMITS_TYPE_DN		0x0000U
+#define SLAP_LIMITS_TYPE_SELF		0x0000U
+#define SLAP_LIMITS_TYPE_DN		SLAP_LIMITS_TYPE_SELF
 #define SLAP_LIMITS_TYPE_GROUP		0x0010U
+#define SLAP_LIMITS_TYPE_THIS		0x0020U
 #define SLAP_LIMITS_TYPE_MASK		0x00F0U
 
 	regex_t			lm_regex;	/* regex data for REGEX */
@@ -1685,8 +1703,6 @@
 #define SLAP_SYNC_SID_MAX	4095	/* based on liblutil/csn.c field width */
 #define SLAP_SYNCUUID_SET_SIZE 256
 
-#define	SLAP_SYNC_UPDATE_MSGID	1
-
 struct sync_cookie {
 	struct berval *ctxcsn;
 	struct berval octet_str;
@@ -1783,6 +1799,9 @@
 #define SLAP_DBFLAG_SINGLE_SHADOW	0x4000U	/* a single-master shadow */
 #define SLAP_DBFLAG_SYNC_SHADOW		0x1000U /* a sync shadow */
 #define SLAP_DBFLAG_SLURP_SHADOW	0x2000U /* a slurp shadow */
+#define SLAP_DBFLAG_SHADOW_MASK		(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SINGLE_SHADOW|SLAP_DBFLAG_SYNC_SHADOW|SLAP_DBFLAG_SLURP_SHADOW)
+#define SLAP_DBFLAG_CLEAN		0x10000U /* was cleanly shutdown */
+#define SLAP_DBFLAG_ACL_ADD		0x20000U /* check attr ACLs on adds */
 	slap_mask_t	be_flags;
 #define SLAP_DBFLAGS(be)			((be)->be_flags)
 #define SLAP_NOLASTMOD(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_NOLASTMOD)
@@ -1807,6 +1826,8 @@
 #define SLAP_SLURP_SHADOW(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_SLURP_SHADOW)
 #define SLAP_SINGLE_SHADOW(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_SINGLE_SHADOW)
 #define SLAP_MULTIMASTER(be)			(!SLAP_SINGLE_SHADOW(be))
+#define SLAP_DBCLEAN(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_CLEAN)
+#define SLAP_DBACL_ADD(be)			(SLAP_DBFLAGS(be) & SLAP_DBFLAG_ACL_ADD)
 
 	slap_mask_t	be_restrictops;		/* restriction operations */
 #define SLAP_RESTRICT_OP_ADD		0x0001U
@@ -1854,6 +1875,9 @@
 #define SLAP_DISALLOW_TLS_2_ANON	0x0010U /* StartTLS -> Anonymous */
 #define SLAP_DISALLOW_TLS_AUTHC		0x0020U	/* TLS while authenticated */
 
+#define SLAP_DISALLOW_PROXY_AUTHZ_N_CRIT	0x0100U
+#define SLAP_DISALLOW_DONTUSECOPY_N_CRIT	0x0200U
+
 #define SLAP_DISALLOW_AUX_WO_CR		0x4000U
 
 	slap_mask_t	be_requires;	/* pre-operation requirements */
@@ -1886,7 +1910,6 @@
 	BerVarray	be_update_refs;	/* where to refer modifying clients to */
 	struct		be_pcl	*be_pending_csn_list;
 	ldap_pvt_thread_mutex_t					be_pcl_mutex;
-	ldap_pvt_thread_mutex_t					*be_pcl_mutexp;
 	struct syncinfo_s						*be_syncinfo; /* For syncrepl */
 
 	void    *be_pb;         /* Netscape plugin */
@@ -2055,6 +2078,9 @@
 #define REP_REF_MUSTBEFREED	0x0020U
 #define REP_REF_MASK		(REP_REF_MUSTBEFREED)
 
+#define REP_CTRLS_MUSTBEFREED	0x0040U
+#define REP_CTRLS_MASK		(REP_CTRLS_MUSTBEFREED)
+
 #define	REP_NO_ENTRYDN		0x1000U
 #define	REP_NO_SUBSCHEMA	0x2000U
 #define	REP_NO_OPERATIONALS	(REP_NO_ENTRYDN|REP_NO_SUBSCHEMA)
@@ -2395,6 +2421,9 @@
 	int sc_sessionTracking;
 #endif
 	int sc_valuesReturnFilter;
+#ifdef SLAP_CONTROL_X_WHATFAILED
+	int sc_whatFailed;
+#endif
 };
 
 /*
@@ -2575,6 +2604,7 @@
 	GroupAssertion *o_groups;
 	char o_do_not_cache;	/* don't cache groups from this op */
 	char o_is_auth_check;	/* authorization in progress */
+	char o_dont_replicate;
 	slap_access_t o_acl_priv;
 
 	char o_nocaching;
@@ -2664,6 +2694,11 @@
 #define get_sessionTracking(op)			((int)(op)->o_session_tracking)
 #endif
 
+#ifdef SLAP_CONTROL_X_WHATFAILED
+#define o_whatFailed o_ctrlflag[slap_cids.sc_whatFailed]
+#define get_whatFailed(op)				_SCM((op)->o_whatFailed)
+#endif
+
 #define o_sync			o_ctrlflag[slap_cids.sc_LDAPsync]
 
 	AuthorizationInformation o_authz;
@@ -2767,14 +2802,17 @@
 	LDAP_STAILQ_HEAD(c_o, Operation) c_ops;	/* list of operations being processed */
 	LDAP_STAILQ_HEAD(c_po, Operation) c_pending_ops;	/* list of pending operations */
 
-	ldap_pvt_thread_mutex_t	c_write_mutex;	/* only one pdu written at a time */
-	ldap_pvt_thread_cond_t	c_write_cv;		/* used to wait for sd write-ready*/
+	ldap_pvt_thread_mutex_t	c_write1_mutex;	/* only one pdu written at a time */
+	ldap_pvt_thread_cond_t	c_write1_cv;	/* only one pdu written at a time */
+	ldap_pvt_thread_mutex_t	c_write2_mutex;	/* used to wait for sd write-ready */
+	ldap_pvt_thread_cond_t	c_write2_cv;	/* used to wait for sd write-ready*/
 
 	BerElement	*c_currentber;	/* ber we're attempting to read */
+	int			c_writers;		/* number of writers waiting */
 
 	char		c_sasl_bind_in_progress;	/* multi-op bind in progress */
+	char		c_writewaiter;	/* true if blocked on write */
 
-	char		c_writewaiter;	/* true if writer is waiting */
 
 #define	CONN_IS_TLS	1
 #define	CONN_IS_UDP	2
@@ -2849,7 +2887,7 @@
 #define Statslog( level, fmt, connid, opid, arg1, arg2, arg3 )	\
 	do { \
 		if ( ldap_debug & (level) ) \
-			fprintf( stderr, (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
+			lutil_debug( ldap_debug, (level), (fmt), (connid), (opid), (arg1), (arg2), (arg3) );\
 	} while (0)
 #define StatslogTest( level ) (ldap_debug & (level))
 #endif /* !LDAP_SYSLOG */

Modified: openldap/vendor/openldap-release/servers/slapd/slapacl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapacl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapacl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapacl.c,v 1.24.2.9 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -97,6 +98,7 @@
 
 	connection_fake_init( &conn, &opbuf, &conn );
 	op = &opbuf.ob_op;
+	op->o_tmpmemctx = NULL;
 
 	conn.c_listener = &listener;
 	conn.c_listener_url = listener_url;
@@ -399,7 +401,8 @@
 		}
 	}
 
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slapadd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapadd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapadd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.36.2.7 2008/04/14 21:15:47 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapadd.c,v 1.36.2.11 2009/02/05 20:11:00 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
@@ -35,6 +35,8 @@
 #include <lber.h>
 #include <ldif.h>
 #include <lutil.h>
+#include <lutil_meter.h>
+#include <sys/stat.h>
 
 #include "slapcommon.h"
 
@@ -67,9 +69,14 @@
 	int rc = EXIT_SUCCESS;
 	int manage = 0;	
 
+	int enable_meter = 0;
+	lutil_meter_t meter;
+	struct stat stat_buf;
+
 	/* default "000" */
 	csnsid = 0;
 
+	if ( isatty (2) ) enable_meter = 1;
 	slap_tool_init( progname, SLAPADD, argc, argv );
 
 	memset( &opbuf, 0, sizeof(opbuf) );
@@ -118,6 +125,22 @@
 		}
 	}
 
+	if ( enable_meter 
+#ifdef LDAP_DEBUG
+		/* tools default to "none" */
+		&& slap_debug == LDAP_DEBUG_NONE
+#endif
+		&& !fstat ( fileno ( ldiffp->fp ), &stat_buf )
+		&& S_ISREG(stat_buf.st_mode) ) {
+		enable_meter = !lutil_meter_open(
+			&meter,
+			&lutil_meter_text_display,
+			&lutil_meter_linear_estimator,
+			stat_buf.st_size);
+	} else {
+		enable_meter = 0;
+	}
+
 	/* nextline is the line number of the end of the current entry */
 	for( lineno=1; ldif_read_record( ldiffp, &nextline, &buf, &lmax );
 		lineno=nextline+1 ) {
@@ -128,6 +151,11 @@
 
 		e = str2entry2( buf, checkvals );
 
+		if ( enable_meter )
+			lutil_meter_update( &meter,
+					 ftell( ldiffp->fp ),
+					 0);
+
 		/*
 		 * Initialize text buffer
 		 */
@@ -192,7 +220,7 @@
 			op->o_bd = be;
 
 			if ( (slapMode & SLAP_TOOL_NO_SCHEMA_CHECK) == 0) {
-				rc = entry_schema_check( op, e, NULL, manage, 1,
+				rc = entry_schema_check( op, e, NULL, manage, 1, NULL,
 					&text, textbuf, textlen );
 
 				if( rc != LDAP_SUCCESS ) {
@@ -345,6 +373,11 @@
 	bvtext.bv_val = textbuf;
 	bvtext.bv_val[0] = '\0';
 
+	if ( enable_meter ) {
+		lutil_meter_update( &meter, ftell( ldiffp->fp ), 1);
+		lutil_meter_close( &meter );
+	}
+
 	if ( rc == EXIT_SUCCESS && update_ctxcsn && !dryrun && sid != SLAP_SYNC_SID_MAX + 1 ) {
 		ctxcsn_id = be->be_dn2id_get( be, be->be_nsuffix );
 		if ( ctxcsn_id == NOID ) {
@@ -438,6 +471,9 @@
 	ch_free( buf );
 
 	if ( !dryrun ) {
+		if ( enable_meter ) {
+			fprintf( stderr, "Closing DB..." );
+		}
 		if( be->be_entry_close( be ) ) {
 			rc = EXIT_FAILURE;
 		}
@@ -445,9 +481,13 @@
 		if( be->be_sync ) {
 			be->be_sync( be );
 		}
+		if ( enable_meter ) {
+			fprintf( stderr, "\n" );
+		}
 	}
 
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slapauth.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapauth.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapauth.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapauth.c,v 1.10.2.5 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -166,7 +167,8 @@
 	if ( !BER_BVISNULL( &authzID ) ) {
 		op->o_tmpfree( authzID.bv_val, op->o_tmpmemctx );
 	}
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slapcat.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcat.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapcat.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcat.c,v 1.7.2.6 2008/04/14 18:45:07 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcat.c,v 1.7.2.8 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
@@ -134,6 +134,7 @@
 
 	be->be_entry_close( be );
 
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slapcommon.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcommon.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapcommon.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* slapcommon.c - common routine for the slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.73.2.7 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.c,v 1.73.2.10 2009/02/06 01:03:12 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * Portions Copyright 2003 IBM Corporation.
  * All rights reserved.
@@ -564,7 +564,7 @@
 	}
 
 	if ( use_glue ) {
-		rc = glue_sub_attach();
+		rc = glue_sub_attach( 0 );
 
 		if ( rc != 0 ) {
 			fprintf( stderr,
@@ -740,13 +740,16 @@
 	}
 }
 
-void slap_tool_destroy( void )
+int slap_tool_destroy( void )
 {
+	int rc = 0;
 	if ( !dryrun ) {
 		if ( need_shutdown ) {
-			slap_shutdown( be );
+			if ( slap_shutdown( be ))
+				rc = EXIT_FAILURE;
 		}
-		slap_destroy();
+		if ( slap_destroy())
+			rc = EXIT_FAILURE;
 	}
 #ifdef SLAPD_MODULES
 	if ( slapMode == SLAP_SERVER_MODE ) {
@@ -772,4 +775,5 @@
 	if ( ldiffp && ldiffp != &dummy ) {
 		ldif_close( ldiffp );
 	}
+	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slapcommon.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapcommon.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapcommon.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* slapcommon.h - common definitions for the slap tools */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.14.2.4 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapcommon.h,v 1.14.2.6 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -101,6 +101,6 @@
 	int tool,
 	int argc, char **argv ));
 
-void slap_tool_destroy LDAP_P((void));
+int slap_tool_destroy LDAP_P((void));
 
 #endif /* SLAPCOMMON_H_ */

Modified: openldap/vendor/openldap-release/servers/slapd/slapdn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapdn.c,v 1.8.2.4 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -99,7 +100,8 @@
 		}
 	}
 	
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for SLAPI
-# $OpenLDAP: pkg/ldap/servers/slapd/slapi/Makefile.in,v 1.18.2.3 2008/02/11 23:26:49 kurt Exp $
+# $OpenLDAP: pkg/ldap/servers/slapd/slapi/Makefile.in,v 1.18.2.4 2009/01/22 00:01:14 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## Portions Copyright IBM Corp. 1997,2002,2003
 ## All rights reserved.
 ##

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/plugin.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/plugin.c,v 1.43.2.6 2008/06/02 18:00:53 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/plugin.c,v 1.43.2.7 2009/01/22 00:01:14 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/printmsg.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/printmsg.c,v 1.15.2.3 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/printmsg.c,v 1.15.2.4 2009/01/22 00:01:14 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/proto-slapi.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/proto-slapi.h,v 1.47.2.4 2008/06/02 18:00:53 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/proto-slapi.h,v 1.47.2.5 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi.h,v 1.56.2.3 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi.h,v 1.56.2.4 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_dn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_dn.c,v 1.5.2.3 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_dn.c,v 1.5.2.4 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2005-2008 The OpenLDAP Foundation.
+ * Copyright 2005-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ext.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ext.c,v 1.16.2.3 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ext.c,v 1.16.2.4 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_ops.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ops.c,v 1.111.2.4 2008/03/21 01:01:07 hyc Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_ops.c,v 1.111.2.6 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *
@@ -224,8 +224,10 @@
 
 	/* should check status of thread calls */
 	ldap_pvt_thread_mutex_init( &conn->c_mutex );
-	ldap_pvt_thread_mutex_init( &conn->c_write_mutex );
-	ldap_pvt_thread_cond_init( &conn->c_write_cv );
+	ldap_pvt_thread_mutex_init( &conn->c_write1_mutex );
+	ldap_pvt_thread_mutex_init( &conn->c_write2_mutex );
+	ldap_pvt_thread_cond_init( &conn->c_write1_cv );
+	ldap_pvt_thread_cond_init( &conn->c_write2_cv );
 
 	ldap_pvt_thread_mutex_lock( &conn->c_mutex );
 

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_overlay.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* slapi_overlay.c - SLAPI overlay */
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_overlay.c,v 1.40.2.7 2008/06/02 18:00:53 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_overlay.c,v 1.40.2.8 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2001-2008 The OpenLDAP Foundation.
+ * Copyright 2001-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_pblock.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_pblock.c,v 1.63.2.7 2008/02/11 23:26:49 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_pblock.c,v 1.63.2.9 2009/01/22 00:01:15 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *
@@ -396,7 +396,7 @@
 pblock_set_default( Slapi_PBlock *pb, int param, void *value ) 
 {
 	slapi_pblock_class_t pbClass;
-	size_t i;
+	int i;
 
 	pbClass = pblock_get_param_class( param );
 	if ( pbClass == PBLOCK_CLASS_INVALID ) {

Modified: openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapi/slapi_utils.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.189.2.9 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapi/slapi_utils.c,v 1.189.2.13 2009/02/05 19:35:55 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2002-2008 The OpenLDAP Foundation.
+ * Copyright 2002-2009 The OpenLDAP Foundation.
  * Portions Copyright 1997,2002-2003 IBM Corporation.
  * All rights reserved.
  *
@@ -26,6 +26,7 @@
 #include <ac/stdarg.h>
 #include <ac/ctype.h>
 #include <ac/unistd.h>
+#include <lutil.h>
 
 #include <slap.h>
 #include <slapi.h>
@@ -52,7 +53,7 @@
 
 static int checkBVString(const struct berval *bv)
 {
-	int i;
+	ber_len_t i;
 
 	for ( i = 0; i < bv->bv_len; i++ ) {
 		if ( bv->bv_val[i] == '\0' )
@@ -1820,9 +1821,16 @@
 	struct berval	**vals, 
 	struct berval	*v ) 
 {
-	/*
-	 * FIXME: what's the point?
-	 */
+	int i;
+
+	if( ( vals == NULL ) || ( v == NULL ) )
+		return 1;
+
+	for ( i = 0; vals[i] != NULL; i++ ) {
+		if ( !lutil_passwd( vals[i], v, NULL, NULL ) )
+			return 0;
+	}
+
 	return 1;
 }
 
@@ -3109,7 +3117,7 @@
 
 	pb->pb_op->o_bd = select_backend( &e->e_nname, 0 );
 	if ( pb->pb_op->o_bd != NULL ) {
-		rc = entry_schema_check( pb->pb_op, e, NULL, 0, 0,
+		rc = entry_schema_check( pb->pb_op, e, NULL, 0, 0, NULL,
 			&text, textbuf, textlen );
 	}
 	pb->pb_op->o_bd = be_orig;
@@ -3231,7 +3239,7 @@
 		rc = snprintf( url, size, "ldap%s://%s/", ( secure ? "s" : "" ), ldaphost );
 	}
 
-	if ( rc > 0 && rc < size ) {
+	if ( rc > 0 && (size_t) rc < size ) {
 		rc = ldap_initialize( &ld, url );
 	} else {
 		ld = NULL;

Modified: openldap/vendor/openldap-release/servers/slapd/slapindex.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slapindex.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slapindex.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slapindex.c,v 1.3.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slapindex.c,v 1.3.2.5 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *
@@ -99,6 +99,7 @@
 
 	(void) be->be_entry_close( be );
 
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 	return( rc );
 }

Modified: openldap/vendor/openldap-release/servers/slapd/slappasswd.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slappasswd.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slappasswd.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/slappasswd.c,v 1.5.2.5 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/slappasswd.c,v 1.5.2.6 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1998-2003 Kurt D. Zeilenga.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/slaptest.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/slaptest.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/slaptest.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
+/* $OpenLDAP: pkg/ldap/servers/slapd/slaptest.c,v 1.7.2.6 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2008 The OpenLDAP Foundation.
+ * Copyright 2004-2009 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -108,7 +109,8 @@
 		fprintf( stderr, "config file testing succeeded\n");
 	}
 
-	slap_tool_destroy();
+	if ( slap_tool_destroy())
+		rc = EXIT_FAILURE;
 
 	return rc;
 }

Modified: openldap/vendor/openldap-release/servers/slapd/starttls.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/starttls.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/starttls.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/servers/slapd/starttls.c,v 1.41.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/starttls.c,v 1.41.2.4 2009/01/22 00:01:03 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/str2filter.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/str2filter.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/str2filter.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* str2filter.c - parse an RFC 4515 string filter */
-/* $OpenLDAP: pkg/ldap/servers/slapd/str2filter.c,v 1.43.2.3 2008/02/11 23:26:44 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/str2filter.c,v 1.43.2.4 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/syncrepl.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/syncrepl.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/syncrepl.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,10 +1,10 @@
 /* syncrepl.c -- Replication Engine which uses the LDAP Sync protocol */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.254.2.37 2008/07/10 00:52:39 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syncrepl.c,v 1.254.2.61 2009/02/10 16:43:11 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * Portions Copyright 2003 by IBM Corporation.
- * Portions Copyright 2003 by Howard Chu, Symas Corporation.
+ * Portions Copyright 2003-2008 by Howard Chu, Symas Corporation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -96,6 +96,7 @@
 	int			si_refreshDone;
 	int			si_syncdata;
 	int			si_logstate;
+	int			si_got;
 	ber_int_t	si_msgid;
 	Avlnode			*si_presentlist;
 	LDAP			*si_ld;
@@ -342,7 +343,7 @@
 {
 	BerElementBuffer berbuf;
 	BerElement *ber = (BerElement *)&berbuf;
-	LDAPControl c[2], *ctrls[3];
+	LDAPControl c[3], *ctrls[4];
 	int rc;
 	int rhint;
 	char *base;
@@ -407,7 +408,7 @@
 			abs(si->si_type), rhint );
 	}
 
-	if ( (rc = ber_flatten2( ber, &c[0].ldctl_value, 0 ) ) == LBER_ERROR ) {
+	if ( (rc = ber_flatten2( ber, &c[0].ldctl_value, 0 ) ) == -1 ) {
 		ber_free_buf( ber );
 		return rc;
 	}
@@ -416,14 +417,19 @@
 	c[0].ldctl_iscritical = si->si_type < 0;
 	ctrls[0] = &c[0];
 
+	c[1].ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
+	BER_BVZERO( &c[1].ldctl_value );
+	c[1].ldctl_iscritical = 1;
+	ctrls[1] = &c[1];
+
 	if ( !BER_BVISNULL( &si->si_bindconf.sb_authzId ) ) {
-		c[1].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
-		c[1].ldctl_value = si->si_bindconf.sb_authzId;
-		c[1].ldctl_iscritical = 1;
-		ctrls[1] = &c[1];
+		c[2].ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
+		c[2].ldctl_value = si->si_bindconf.sb_authzId;
+		c[2].ldctl_iscritical = 1;
+		ctrls[2] = &c[2];
+		ctrls[3] = NULL;
+	} else {
 		ctrls[2] = NULL;
-	} else {
-		ctrls[1] = NULL;
 	}
 
 	rc = ldap_search_ext( si->si_ld, base, scope, filter, attrs, attrsonly,
@@ -473,7 +479,7 @@
 			for ( i=0; i<num; i++ ) {
 				if ( ber_bvcmp( &a.a_nvals[i],
 					&si->si_cookieState->cs_vals[i] )) {
-					changed =1;
+					changed = 1;
 					break;
 				}
 			}
@@ -579,6 +585,11 @@
 
 	ldap_set_option( si->si_ld, LDAP_OPT_TIMELIMIT, &si->si_tlimit );
 
+	rc = LDAP_DEREF_NEVER;	/* actually could allow DEREF_FINDING */
+	ldap_set_option( si->si_ld, LDAP_OPT_DEREF, &rc );
+
+	ldap_set_option( si->si_ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF );
+
 	si->si_syncCookie.rid = si->si_rid;
 
 	/* whenever there are multiple data sources possible, advertise sid */
@@ -720,7 +731,6 @@
 	syncinfo_t *si )
 {
 	LDAPControl	**rctrls = NULL;
-	LDAPControl	*rctrlp;
 
 	BerElementBuffer berbuf;
 	BerElement	*ber = (BerElement *)&berbuf;
@@ -777,6 +787,8 @@
 	while ( ( rc = ldap_result( si->si_ld, si->si_msgid, LDAP_MSG_ONE,
 		tout_p, &msg ) ) > 0 )
 	{
+		LDAPControl	*rctrlp = NULL;
+
 		if ( slapd_shutdown ) {
 			rc = -2;
 			goto done;
@@ -785,18 +797,22 @@
 		case LDAP_RES_SEARCH_ENTRY:
 			ldap_get_entry_controls( si->si_ld, msg, &rctrls );
 			/* we can't work without the control */
-			rctrlp = NULL;
 			if ( rctrls ) {
 				LDAPControl **next;
 				/* NOTE: make sure we use the right one;
 				 * a better approach would be to run thru
 				 * the whole list and take care of all */
+				/* NOTE: since we issue the search request,
+				 * we should know what controls to expect,
+				 * and there should be none apart from the
+				 * sync-related control */
 				rctrlp = ldap_control_find( LDAP_CONTROL_SYNC_STATE, rctrls, &next );
 				if ( next && ldap_control_find( LDAP_CONTROL_SYNC_STATE, next, NULL ) )
 				{
 					Debug( LDAP_DEBUG_ANY, "do_syncrep2: %s "
 						"got search entry with multiple "
 						"Sync State control\n", si->si_ridtxt, 0, 0 );
+					ldap_controls_free( rctrls );
 					rc = -1;
 					goto done;
 				}
@@ -911,8 +927,32 @@
 				rc = err;
 				goto done;
 			}
+			if ( err ) {
+				Debug( LDAP_DEBUG_ANY,
+					"do_syncrep2: %s LDAP_RES_SEARCH_RESULT (%d) %s\n",
+					si->si_ridtxt, err, ldap_err2string( err ) );
+			}
 			if ( rctrls ) {
-				rctrlp = *rctrls;
+				LDAPControl **next;
+				/* NOTE: make sure we use the right one;
+				 * a better approach would be to run thru
+				 * the whole list and take care of all */
+				/* NOTE: since we issue the search request,
+				 * we should know what controls to expect,
+				 * and there should be none apart from the
+				 * sync-related control */
+				rctrlp = ldap_control_find( LDAP_CONTROL_SYNC_DONE, rctrls, &next );
+				if ( next && ldap_control_find( LDAP_CONTROL_SYNC_DONE, next, NULL ) )
+				{
+					Debug( LDAP_DEBUG_ANY, "do_syncrep2: %s "
+						"got search result with multiple "
+						"Sync State control\n", si->si_ridtxt, 0, 0 );
+					ldap_controls_free( rctrls );
+					rc = -1;
+					goto done;
+				}
+			}
+			if ( rctrlp ) {
 				ber_init2( ber, &rctrlp->ldctl_value, LBER_USE_DER );
 
 				ber_scanf( ber, "{" /*"}"*/);
@@ -1196,7 +1236,7 @@
 	OperationBuffer opbuf;
 	Operation *op;
 	int rc = LDAP_SUCCESS;
-	int dostop = 0, do_setup = 0;
+	int dostop = 0;
 	ber_socket_t s;
 	int i, defer = 1, fail = 0;
 	Backend *be;
@@ -1311,9 +1351,8 @@
 				if ( rc == LDAP_SUCCESS ) {
 					if ( si->si_conn ) {
 						connection_client_enable( si->si_conn );
-						goto success;
 					} else {
-						do_setup = 1;
+						si->si_conn = connection_client_setup( s, do_syncrepl, arg );
 					} 
 				} else if ( si->si_conn ) {
 					dostop = 1;
@@ -1345,6 +1384,7 @@
 	if ( rc == SYNC_PAUSED ) {
 		rtask->interval.tv_sec = 0;
 		ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
+		rtask->interval.tv_sec = si->si_interval;
 		rc = 0;
 	} else if ( rc == LDAP_SUCCESS ) {
 		if ( si->si_type == LDAP_SYNC_REFRESH_ONLY ) {
@@ -1366,7 +1406,10 @@
 
 		if ( !si->si_ctype
 			|| !si->si_retrynum || si->si_retrynum[i] == RETRYNUM_TAIL ) {
-			ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+			if ( si->si_re ) {
+				ldap_pvt_runqueue_remove( &slapd_rq, rtask );
+				si->si_re = NULL;
+			}
 			fail = RETRYNUM_TAIL;
 		} else if ( RETRYNUM_VALID( si->si_retrynum[i] ) ) {
 			if ( si->si_retrynum[i] > 0 )
@@ -1379,11 +1422,6 @@
 	}
 
 	ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
-
-	if ( do_setup )
-		si->si_conn = connection_client_setup( s, do_syncrepl, arg );
-
-success:
 	ldap_pvt_thread_mutex_unlock( &si->si_mutex );
 
 	if ( rc ) {
@@ -1404,22 +1442,9 @@
 
 	/* Do final delete cleanup */
 	if ( !si->si_ctype ) {
-		cookie_state *cs = NULL;
-		syncinfo_t **sip;
-
-		cs = be->be_syncinfo->si_cookieState;
-		for ( sip = &be->be_syncinfo; *sip != si; sip = &(*sip)->si_next );
-		*sip = si->si_next;
-		syncinfo_free( si, 0 );
-		if ( !be->be_syncinfo ) {
-			SLAP_DBFLAGS( be ) &= ~(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SYNC_SHADOW);
-			if ( cs ) {
-				ch_free( cs->cs_sids );
-				ber_bvarray_free( cs->cs_vals );
-				ldap_pvt_thread_mutex_destroy( &cs->cs_mutex );
-				ch_free( cs );
-			}
-		}
+		cookie_state *cs = si->si_cookieState;
+		syncinfo_free( si, ( !be->be_syncinfo ||
+			be->be_syncinfo->si_cookieState != cs ));
 	}
 	return NULL;
 }
@@ -1928,10 +1953,14 @@
 	Entry *new_entry;
 	struct berval dn;
 	struct berval ndn;
+	struct berval nnewSup;
 	int renamed;	/* Was an existing entry renamed? */
 	int delOldRDN;	/* Was old RDN deleted? */
 	Modifications **modlist;	/* the modlist we received */
 	Modifications *mods;	/* the modlist we compared */
+	Attribute *oldNattr;	/* old naming attr */
+	AttributeDescription *oldDesc;	/* for renames */
+	AttributeDescription *newDesc;	/* for renames */
 } dninfo;
 
 /* return 1 if inserted, 0 otherwise */
@@ -2054,6 +2083,7 @@
 	op->o_time = slap_get_time();
 	op->ors_tlimit = SLAP_NO_LIMIT;
 	op->ors_slimit = 1;
+	op->ors_limit = NULL;
 
 	op->ors_attrs = slap_anlist_all_attributes;
 	op->ors_attrsonly = 0;
@@ -2065,12 +2095,10 @@
 	dni.new_entry = entry;
 	dni.modlist = modlist;
 
-	if ( limits_check( op, &rs_search ) == 0 ) {
-		rc = be->be_search( op, &rs_search );
-		Debug( LDAP_DEBUG_SYNC,
-				"syncrepl_entry: %s be_search (%d)\n", 
-				si->si_ridtxt, rc, 0 );
-	}
+	rc = be->be_search( op, &rs_search );
+	Debug( LDAP_DEBUG_SYNC,
+			"syncrepl_entry: %s be_search (%d)\n", 
+			si->si_ridtxt, rc, 0 );
 
 	if ( !BER_BVISNULL( &op->ors_filterstr ) ) {
 		slap_sl_free( op->ors_filterstr.bv_val, op->o_tmpmemctx );
@@ -2198,18 +2226,18 @@
 		op->o_req_dn = dni.dn;
 		op->o_req_ndn = dni.ndn;
 		if ( dni.renamed ) {
-			struct berval noldp, newp, nnewp;
+			struct berval noldp, newp;
+			Modifications *mod, **modtail, **ml, *m2;
+			int i, got_replace = 0, just_rename = 0;
 
 			op->o_tag = LDAP_REQ_MODRDN;
 			dnRdn( &entry->e_name, &op->orr_newrdn );
 			dnRdn( &entry->e_nname, &op->orr_nnewrdn );
 
-			dnParent( &dni.ndn, &noldp );
-			dnParent( &entry->e_nname, &nnewp );
-			if ( !dn_match( &noldp, &nnewp ) ) {
+			if ( !BER_BVISNULL( &dni.nnewSup )) {
 				dnParent( &entry->e_name, &newp );
 				op->orr_newSup = &newp;
-				op->orr_nnewSup = &nnewp;
+				op->orr_nnewSup = &dni.nnewSup;
 			} else {
 				op->orr_newSup = NULL;
 				op->orr_nnewSup = NULL;
@@ -2220,6 +2248,107 @@
 				goto done;
 			}
 
+			/* Drop the RDN-related mods from this op, because their
+			 * equivalents were just setup by slap_modrdn2mods.
+			 *
+			 * If delOldRDN is TRUE then we should see a delete modop
+			 * for oldDesc. We might see a replace instead.
+			 *  delete with no values: therefore newDesc != oldDesc.
+			 *   if oldNattr had only one value, then Drop this op.
+			 *  delete with 1 value: can only be the oldRDN value. Drop op.
+			 *  delete with N values: Drop oldRDN value, keep remainder.
+			 *  replace with 1 value: if oldNattr had only one value and
+			 *     newDesc == oldDesc, Drop this op.
+			 * Any other cases must be left intact.
+			 *
+			 * We should also see an add modop for newDesc. (But not if
+			 * we got a replace modop due to delOldRDN.) If it has
+			 * multiple values, we'll have to drop the new RDN value.
+			 */
+			modtail = &op->orr_modlist;
+			if ( dni.delOldRDN ) {
+				for ( ml = &dni.mods; *ml; ml = &(*ml)->sml_next ) {
+					if ( (*ml)->sml_desc == dni.oldDesc ) {
+						mod = *ml;
+						if ( mod->sml_op == LDAP_MOD_REPLACE &&
+							dni.oldDesc != dni.newDesc ) {
+							/* This Replace is due to other Mods.
+							 * Just let it ride.
+							 */
+							continue;
+						}
+						if ( mod->sml_numvals <= 1 &&
+							dni.oldNattr->a_numvals == 1 &&
+							( mod->sml_op == LDAP_MOD_DELETE ||
+							  mod->sml_op == LDAP_MOD_REPLACE )) {
+							if ( mod->sml_op == LDAP_MOD_REPLACE )
+								got_replace = 1;
+							/* Drop this op */
+							*ml = mod->sml_next;
+							mod->sml_next = NULL;
+							slap_mods_free( mod, 1 );
+							break;
+						}
+						if ( mod->sml_op != LDAP_MOD_DELETE || mod->sml_numvals == 0 )
+							continue;
+						for ( m2 = op->orr_modlist; m2; m2=m2->sml_next ) {
+							if ( m2->sml_desc == dni.oldDesc &&
+								m2->sml_op == LDAP_MOD_DELETE ) break;
+						}
+						for ( i=0; i<mod->sml_numvals; i++ ) {
+							if ( bvmatch( &mod->sml_values[i], &m2->sml_values[0] )) {
+								mod->sml_numvals--;
+								ch_free( mod->sml_values[i].bv_val );
+								mod->sml_values[i] = mod->sml_values[mod->sml_numvals];
+								BER_BVZERO( &mod->sml_values[mod->sml_numvals] );
+								if ( mod->sml_nvalues ) {
+									ch_free( mod->sml_nvalues[i].bv_val );
+									mod->sml_nvalues[i] = mod->sml_nvalues[mod->sml_numvals];
+									BER_BVZERO( &mod->sml_nvalues[mod->sml_numvals] );
+								}
+								break;
+							}
+						}
+						break;
+					}
+				}
+			}
+			if ( !got_replace ) {
+				for ( ml = &dni.mods; *ml; ml = &(*ml)->sml_next ) {
+					if ( (*ml)->sml_desc == dni.newDesc ) {
+						mod = *ml;
+						if ( mod->sml_op != LDAP_MOD_ADD )
+							continue;
+						if ( mod->sml_numvals == 1 ) {
+							/* Drop this op */
+							*ml = mod->sml_next;
+							mod->sml_next = NULL;
+							slap_mods_free( mod, 1 );
+							break;
+						}
+						for ( m2 = op->orr_modlist; m2; m2=m2->sml_next ) {
+							if ( m2->sml_desc == dni.oldDesc &&
+								m2->sml_op == SLAP_MOD_SOFTADD ) break;
+						}
+						for ( i=0; i<mod->sml_numvals; i++ ) {
+							if ( bvmatch( &mod->sml_values[i], &m2->sml_values[0] )) {
+								mod->sml_numvals--;
+								ch_free( mod->sml_values[i].bv_val );
+								mod->sml_values[i] = mod->sml_values[mod->sml_numvals];
+								BER_BVZERO( &mod->sml_values[mod->sml_numvals] );
+								if ( mod->sml_nvalues ) {
+									ch_free( mod->sml_nvalues[i].bv_val );
+									mod->sml_nvalues[i] = mod->sml_nvalues[mod->sml_numvals];
+									BER_BVZERO( &mod->sml_nvalues[mod->sml_numvals] );
+								}
+								break;
+							}
+						}
+						break;
+					}
+				}
+			}
+					
 			/* RDNs must be NUL-terminated for back-ldap */
 			noldp = op->orr_newrdn;
 			ber_dupbv_x( &op->orr_newrdn, &noldp, op->o_tmpmemctx );
@@ -2236,18 +2365,12 @@
 					&nullattr
 				};
 				AttributeDescription *opattr;
-				Modifications *mod, **modtail, **ml;
 				int i;
 
-				for ( mod = op->orr_modlist;
-					mod->sml_next;
-					mod = mod->sml_next )
-					;
-				modtail = &mod->sml_next;
-
-				/* pull mod off incoming modlist, append to orr_modlist */
+				modtail = &m2;
+				/* pull mod off incoming modlist */
 				for ( i = 0; (opattr = *opattrs[i]) != NULL; i++ ) {
-					for ( ml = modlist; *ml; ml = &(*ml)->sml_next )
+					for ( ml = &dni.mods; *ml; ml = &(*ml)->sml_next )
 					{
 						if ( (*ml)->sml_desc == opattr ) {
 							mod = *ml;
@@ -2259,6 +2382,21 @@
 						}
 					}
 				}
+				/* If there are still Modifications left, put the opattrs
+				 * back, and let be_modify run. Otherwise, append the opattrs
+				 * to the orr_modlist.
+				 */
+				if ( dni.mods ) {
+					mod = dni.mods;
+					/* don't set a CSN for the rename op */
+					if ( syncCSN )
+						slap_graduate_commit_csn( op );
+				} else {
+					mod = op->orr_modlist;
+					just_rename = 1;
+				}
+				for ( ; mod->sml_next; mod=mod->sml_next );
+				mod->sml_next = m2;
 			}
 			op->o_bd = si->si_wbe;
 			rc = op->o_bd->be_modrdn( op, &rs_modify );
@@ -2270,7 +2408,12 @@
 					"syncrepl_entry: %s be_modrdn (%d)\n", 
 					si->si_ridtxt, rc, 0 );
 			op->o_bd = be;
-			goto done;
+			/* Renamed entries may still have other mods so just fallthru */
+			op->o_req_dn = entry->e_name;
+			op->o_req_ndn = entry->e_nname;
+			/* Use CSN on the modify */
+			if ( syncCSN && !just_rename )
+				slap_queue_csn( op, syncCSN );
 		}
 		if ( dni.mods ) {
 			op->o_tag = LDAP_REQ_MODIFY;
@@ -2290,7 +2433,7 @@
 					si->si_ridtxt, rs_modify.sr_err, 0 );
 			}
 			op->o_bd = be;
-		} else {
+		} else if ( !dni.renamed ) {
 			Debug( LDAP_DEBUG_SYNC,
 					"syncrepl_entry: %s entry unchanged, ignored (%s)\n", 
 					si->si_ridtxt, op->o_req_dn.bv_val, 0 );
@@ -2424,40 +2567,43 @@
 		si->si_refreshDelete ^= NP_DELETE_ONE;
 	} else {
 		Filter *cf, *of;
+		Filter mmf[2];
+		AttributeAssertion mmaa;
 
 		memset( &an[0], 0, 2 * sizeof( AttributeName ) );
 		an[0].an_name = slap_schema.si_ad_entryUUID->ad_cname;
 		an[0].an_desc = slap_schema.si_ad_entryUUID;
 		op->ors_attrs = an;
 		op->ors_slimit = SLAP_NO_LIMIT;
+		op->ors_tlimit = SLAP_NO_LIMIT;
+		op->ors_limit = NULL;
 		op->ors_attrsonly = 0;
 		op->ors_filter = str2filter_x( op, si->si_filterstr.bv_val );
 		/* In multimaster, updates can continue to arrive while
 		 * we're searching. Limit the search result to entries
-		 * older than all of our cookie CSNs.
+		 * older than our newest cookie CSN.
 		 */
 		if ( SLAP_MULTIMASTER( op->o_bd )) {
 			Filter *f;
 			int i;
-			cf = op->o_tmpalloc( (sc->numcsns+1) * sizeof(Filter) +
-				sc->numcsns * sizeof(AttributeAssertion), op->o_tmpmemctx );
-			f = cf;
+
+			f = mmf;
 			f->f_choice = LDAP_FILTER_AND;
-			f->f_next = NULL;
+			f->f_next = op->ors_filter;
 			f->f_and = f+1;
 			of = f->f_and;
+			f = of;
+			f->f_choice = LDAP_FILTER_LE;
+			f->f_ava = &mmaa;
+			f->f_av_desc = slap_schema.si_ad_entryCSN;
+			f->f_next = NULL;
+			BER_BVZERO( &f->f_av_value );
 			for ( i=0; i<sc->numcsns; i++ ) {
-				f = of;
-				f->f_choice = LDAP_FILTER_LE;
-				f->f_ava = (AttributeAssertion *)(f+1);
-				f->f_av_desc = slap_schema.si_ad_entryCSN;
-				f->f_av_value = sc->ctxcsn[i];
-				f->f_next = (Filter *)(f->f_ava+1);
-				of = f->f_next;
+				if ( ber_bvcmp( &sc->ctxcsn[i], &f->f_av_value ) > 0 )
+					f->f_av_value = sc->ctxcsn[i];
 			}
-			f->f_next = op->ors_filter;
 			of = op->ors_filter;
-			op->ors_filter = cf;
+			op->ors_filter = mmf;
 			filter2bv_x( op, op->ors_filter, &op->ors_filterstr );
 		} else {
 			cf = NULL;
@@ -2465,14 +2611,15 @@
 		}
 		op->o_nocaching = 1;
 
-		if ( limits_check( op, &rs_search ) == 0 ) {
-			rc = be->be_search( op, &rs_search );
-		}
+
+		rc = be->be_search( op, &rs_search );
 		if ( SLAP_MULTIMASTER( op->o_bd )) {
-			op->o_tmpfree( cf, op->o_tmpmemctx );
 			op->ors_filter = of;
 		}
-		if ( op->ors_filter ) filter_free_x( op, op->ors_filter );
+		if ( op->ors_filter ) filter_free_x( op, op->ors_filter, 1 );
+		if ( op->ors_filterstr.bv_val != si->si_filterstr.bv_val ) {
+			op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+		}
 
 	}
 
@@ -2730,7 +2877,8 @@
 	Modifications mod;
 	struct berval first = BER_BVNULL;
 
-	int rc, i, j, len;
+	int rc, i, j;
+	ber_len_t len;
 
 	slap_callback cb = { NULL };
 	SlapReply	rs_modify = {REP_RESULT};
@@ -2762,8 +2910,13 @@
 			if ( memcmp( syncCookie->ctxcsn[i].bv_val,
 				si->si_cookieState->cs_vals[j].bv_val, len ) > 0 ) {
 				mod.sml_values[j] = syncCookie->ctxcsn[i];
-				if ( BER_BVISNULL( &first ))
+				if ( BER_BVISNULL( &first ) ) {
 					first = syncCookie->ctxcsn[i];
+
+				} else if ( memcmp( syncCookie->ctxcsn[i].bv_val, first.bv_val, first.bv_len ) > 0 )
+				{
+					first = syncCookie->ctxcsn[i];
+				}
 			}
 			break;
 		}
@@ -2773,8 +2926,12 @@
 				( mod.sml_numvals+2 )*sizeof(struct berval), op->o_tmpmemctx );
 			mod.sml_values[mod.sml_numvals++] = syncCookie->ctxcsn[i];
 			BER_BVZERO( &mod.sml_values[mod.sml_numvals] );
-			if ( BER_BVISNULL( &first ))
+			if ( BER_BVISNULL( &first ) ) {
 				first = syncCookie->ctxcsn[i];
+			} else if ( memcmp( syncCookie->ctxcsn[i].bv_val, first.bv_val, first.bv_len ) > 0 )
+			{
+				first = syncCookie->ctxcsn[i];
+			}
 		}
 	}
 	/* Should never happen, ITS#5065 */
@@ -2796,13 +2953,13 @@
 	op->o_req_ndn = op->o_bd->be_nsuffix[0];
 
 	/* update contextCSN */
-	op->o_msgid = SLAP_SYNC_UPDATE_MSGID;
+	op->o_dont_replicate = 1;
 
 	op->orm_modlist = &mod;
 	op->orm_no_opattrs = 1;
 	rc = op->o_bd->be_modify( op, &rs_modify );
 	op->orm_no_opattrs = 0;
-	op->o_msgid = 0;
+	op->o_dont_replicate = 0;
 
 	if ( rs_modify.sr_err == LDAP_SUCCESS ) {
 		slap_sync_cookie_free( &si->si_syncCookie, 0 );
@@ -2887,8 +3044,13 @@
 		 * Modify would fail if provider has replaced entry with a new,
 		 * and the new explicitly includes a superior of a class that was
 		 * only included implicitly in the old entry.  Ref ITS#5517.
+		 *
+		 * Also use replace op if attr has no equality matching rule.
+		 * (ITS#5781)
 		 */
-		if ( nn && no < o && old->a_desc == slap_schema.si_ad_objectClass )
+		if ( nn && no < o &&
+			( old->a_desc == slap_schema.si_ad_objectClass ||
+			 !old->a_desc->ad_type->sat_equality ))
 			no = o;
 
 		i = j;
@@ -3000,30 +3162,85 @@
 			if ( dni->new_entry ) {
 				Modifications **modtail, **ml;
 				Attribute *old, *new;
-				int is_ctx;
+				struct berval old_rdn, new_rdn;
+				struct berval old_p, new_p;
+				int is_ctx, new_sup = 0;
 
+				/* If old entry is not a glue entry, make sure new entry
+				 * is actually newer than old entry
+				 */
+				if ( !is_entry_glue( rs->sr_entry )) {
+					old = attr_find( rs->sr_entry->e_attrs,
+						slap_schema.si_ad_objectClass );
+					old = attr_find( rs->sr_entry->e_attrs,
+						slap_schema.si_ad_entryCSN );
+					new = attr_find( dni->new_entry->e_attrs,
+						slap_schema.si_ad_entryCSN );
+					if ( new && old ) {
+						int rc;
+						ber_len_t len = old->a_vals[0].bv_len;
+						if ( len > new->a_vals[0].bv_len )
+							len = new->a_vals[0].bv_len;
+						rc = memcmp( old->a_vals[0].bv_val,
+							new->a_vals[0].bv_val, len );
+						if ( rc > 0 ) {
+							Debug( LDAP_DEBUG_SYNC,
+								"dn_callback : new entry is older than ours "
+								"%s ours %s, new %s\n",
+								rs->sr_entry->e_name.bv_val,
+								old->a_vals[0].bv_val,
+								new->a_vals[0].bv_val );
+							return LDAP_SUCCESS;
+						} else if ( rc == 0 ) {
+							Debug( LDAP_DEBUG_SYNC,
+								"dn_callback : entries have identical CSN "
+								"%s %s\n",
+								rs->sr_entry->e_name.bv_val,
+								old->a_vals[0].bv_val, 0 );
+							return LDAP_SUCCESS;
+						}
+					}
+				}
+
 				is_ctx = dn_match( &rs->sr_entry->e_nname,
 					&op->o_bd->be_nsuffix[0] );
 
 				/* Did the DN change?
+				 * case changes in the parent are ignored,
+				 * we only want to know if the RDN was
+				 * actually changed.
 				 */
-				if ( !dn_match( &rs->sr_entry->e_name,
-						&dni->new_entry->e_name ) )
+				dnRdn( &rs->sr_entry->e_name, &old_rdn );
+				dnRdn( &dni->new_entry->e_name, &new_rdn );
+				dnParent( &rs->sr_entry->e_nname, &old_p );
+				dnParent( &dni->new_entry->e_nname, &new_p );
+
+				new_sup = !dn_match( &old_p, &new_p );
+				if ( !dn_match( &old_rdn, &new_rdn ) || new_sup )
 				{
 					struct berval oldRDN, oldVal;
 					AttributeDescription *ad = NULL;
+					int oldpos, newpos;
 					Attribute *a;
 
 					dni->renamed = 1;
+					if ( new_sup )
+						dni->nnewSup = new_p;
+
 					/* See if the oldRDN was deleted */
 					dnRdn( &rs->sr_entry->e_nname, &oldRDN );
 					oldVal.bv_val = strchr(oldRDN.bv_val, '=') + 1;
 					oldVal.bv_len = oldRDN.bv_len - ( oldVal.bv_val -
 						oldRDN.bv_val );
-					oldRDN.bv_len -= oldVal.bv_len + 2;
+					oldRDN.bv_len -= oldVal.bv_len + 1;
 					slap_bv2ad( &oldRDN, &ad, &rs->sr_text );
-					a = attr_find( dni->new_entry->e_attrs, ad );
-					if ( !a || attr_valfind( a,
+					dni->oldDesc = ad;
+					for ( oldpos=0, a=rs->sr_entry->e_attrs;
+						a && a->a_desc != ad; oldpos++, a=a->a_next );
+					dni->oldNattr = a;
+					for ( newpos=0, a=dni->new_entry->e_attrs;
+						a && a->a_desc != ad; newpos++, a=a->a_next );
+					if ( !a || oldpos != newpos || attr_valfind( a,
 						SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH |
 						SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 						SLAP_MR_VALUE_OF_SYNTAX,
@@ -3031,42 +3248,23 @@
 					{
 						dni->delOldRDN = 1;
 					}
-					/* OK, this was just a modDN, we're done */
-					return LDAP_SUCCESS;
+					/* Get the newRDN's desc */
+					dnRdn( &dni->new_entry->e_nname, &oldRDN );
+					oldVal.bv_val = strchr(oldRDN.bv_val, '=');
+					oldRDN.bv_len = oldVal.bv_val - oldRDN.bv_val;
+					ad = NULL;
+					slap_bv2ad( &oldRDN, &ad, &rs->sr_text );
+					dni->newDesc = ad;
+
+					/* A ModDN has happened, but in Refresh mode other
+					 * changes may have occurred before we picked it up.
+					 * So fallthru to regular Modify processing.
+					 */
 				}
 
 				modtail = &dni->mods;
 				ml = dni->modlist;
 
-				/* Make sure new entry is actually newer than old entry */
-				old = attr_find( rs->sr_entry->e_attrs,
-					slap_schema.si_ad_entryCSN );
-				new = attr_find( dni->new_entry->e_attrs,
-					slap_schema.si_ad_entryCSN );
-				if ( new && old ) {
-					int rc, len = old->a_vals[0].bv_len;
-					if ( len > new->a_vals[0].bv_len )
-						len = new->a_vals[0].bv_len;
-					rc = memcmp( old->a_vals[0].bv_val,
-						new->a_vals[0].bv_val, len );
-					if ( rc > 0 ) {
-						Debug( LDAP_DEBUG_SYNC,
-							"dn_callback : new entry is older than ours "
-							"%s ours %s, new %s\n",
-							rs->sr_entry->e_name.bv_val,
-							old->a_vals[0].bv_val,
-							new->a_vals[0].bv_val );
-						return LDAP_SUCCESS;
-					} else if ( rc == 0 ) {
-						Debug( LDAP_DEBUG_SYNC,
-							"dn_callback : entries have identical CSN "
-							"%s %s\n",
-							rs->sr_entry->e_name.bv_val,
-							old->a_vals[0].bv_val, 0 );
-						return LDAP_SUCCESS;
-					}
-				}
-
 				/* We assume that attributes are saved in the same order
 				 * in the remote and local databases. So if we walk through
 				 * the attributeDescriptions one by one they should match in
@@ -3126,8 +3324,8 @@
 					 * stays co-located with the other mod opattrs. But only
 					 * if we know there are other valid mods.
 					 */
-					if ( old->a_desc == slap_schema.si_ad_modifiersName &&
-						dni->mods )
+					if ( dni->mods && ( old->a_desc == slap_schema.si_ad_modifiersName ||
+						old->a_desc == slap_schema.si_ad_modifyTimestamp ))
 						attr_cmp( op, NULL, new, &modtail, &ml );
 					else
 						attr_cmp( op, old, new, &modtail, &ml );
@@ -3174,12 +3372,12 @@
 			}
 
 			if ( LogTest( LDAP_DEBUG_SYNC ) ) {
-				char buf[sizeof("rid=999 not")];
+				char buf[sizeof("rid=999 non")];
 
 				snprintf( buf, sizeof(buf), "%s %s", si->si_ridtxt,
-					present_uuid ? "got" : "not" );
+					present_uuid ? "" : "non" );
 
-				Debug( LDAP_DEBUG_SYNC, "nonpresent_callback: %s UUID %s, dn %s\n",
+				Debug( LDAP_DEBUG_SYNC, "nonpresent_callback: %spresent UUID %s, dn %s\n",
 					buf, a ? a->a_vals[0].bv_val : "<missing>", rs->sr_entry->e_name.bv_val );
 			}
 
@@ -3474,12 +3672,30 @@
 #define MANAGEDSAITSTR		"manageDSAit"
 
 /* mandatory */
-#define GOT_ID			0x0001
-#define GOT_PROVIDER	0x0002
-#define	GOT_BASE		0x0004
+enum {
+	GOT_RID			= 0x00000001U,
+	GOT_PROVIDER		= 0x00000002U,
+	GOT_SCHEMACHECKING	= 0x00000004U,
+	GOT_FILTER		= 0x00000008U,
+	GOT_SEARCHBASE		= 0x00000010U,
+	GOT_SCOPE		= 0x00000020U,
+	GOT_ATTRSONLY		= 0x00000040U,
+	GOT_ATTRS		= 0x00000080U,
+	GOT_TYPE		= 0x00000100U,
+	GOT_INTERVAL		= 0x00000200U,
+	GOT_RETRY		= 0x00000400U,
+	GOT_SLIMIT		= 0x00000800U,
+	GOT_TLIMIT		= 0x00001000U,
+	GOT_SYNCDATA		= 0x00002000U,
+	GOT_LOGBASE		= 0x00004000U,
+	GOT_LOGFILTER		= 0x00008000U,
+	GOT_EXATTRS		= 0x00010000U,
+	GOT_MANAGEDSAIT		= 0x00020000U,
+	GOT_BINDCONF		= 0x00040000U,
 
 /* check */
-#define GOT_ALL			(GOT_ID|GOT_PROVIDER|GOT_BASE)
+	GOT_REQUIRED		= (GOT_RID|GOT_PROVIDER|GOT_SEARCHBASE)
+};
 
 static struct {
 	struct berval key;
@@ -3504,11 +3720,100 @@
 };
 
 static int
+parse_syncrepl_retry(
+	ConfigArgs	*c,
+	char		*arg,
+	syncinfo_t	*si )
+{
+	char **retry_list;
+	int j, k, n;
+	int use_default = 0;
+
+	char *val = arg + STRLENOF( RETRYSTR "=" );
+	if ( strcasecmp( val, "undefined" ) == 0 ) {
+		val = "3600 +";
+		use_default = 1;
+	}
+
+	retry_list = (char **) ch_calloc( 1, sizeof( char * ) );
+	retry_list[0] = NULL;
+
+	slap_str2clist( &retry_list, val, " ,\t" );
+
+	for ( k = 0; retry_list && retry_list[k]; k++ ) ;
+	n = k / 2;
+	if ( k % 2 ) {
+		snprintf( c->cr_msg, sizeof( c->cr_msg ),
+			"Error: incomplete syncrepl retry list" );
+		Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+		for ( k = 0; retry_list && retry_list[k]; k++ ) {
+			ch_free( retry_list[k] );
+		}
+		ch_free( retry_list );
+		return 1;
+	}
+	si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ) );
+	si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ) );
+	si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ) );
+	for ( j = 0; j < n; j++ ) {
+		unsigned long	t;
+		if ( lutil_atoul( &t, retry_list[j*2] ) != 0 ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"Error: invalid retry interval \"%s\" (#%d)",
+				retry_list[j*2], j );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+			/* do some cleanup */
+			return 1;
+		}
+		si->si_retryinterval[j] = (time_t)t;
+		if ( *retry_list[j*2+1] == '+' ) {
+			si->si_retrynum_init[j] = RETRYNUM_FOREVER;
+			si->si_retrynum[j] = RETRYNUM_FOREVER;
+			j++;
+			break;
+		} else {
+			if ( lutil_atoi( &si->si_retrynum_init[j], retry_list[j*2+1] ) != 0
+					|| si->si_retrynum_init[j] <= 0 )
+			{
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					"Error: invalid initial retry number \"%s\" (#%d)",
+					retry_list[j*2+1], j );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+				/* do some cleanup */
+				return 1;
+			}
+			if ( lutil_atoi( &si->si_retrynum[j], retry_list[j*2+1] ) != 0
+					|| si->si_retrynum[j] <= 0 )
+			{
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					"Error: invalid retry number \"%s\" (#%d)",
+					retry_list[j*2+1], j );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
+				/* do some cleanup */
+				return 1;
+			}
+		}
+	}
+	si->si_retrynum_init[j] = RETRYNUM_TAIL;
+	si->si_retrynum[j] = RETRYNUM_TAIL;
+	si->si_retryinterval[j] = 0;
+	
+	for ( k = 0; retry_list && retry_list[k]; k++ ) {
+		ch_free( retry_list[k] );
+	}
+	ch_free( retry_list );
+	if ( !use_default ) {
+		si->si_got |= GOT_RETRY;
+	}
+
+	return 0;
+}
+
+static int
 parse_syncrepl_line(
 	ConfigArgs	*c,
 	syncinfo_t	*si )
 {
-	int	gots = 0;
 	int	i;
 	char	*val;
 
@@ -3535,13 +3840,13 @@
 			}
 			si->si_rid = tmp;
 			sprintf( si->si_ridtxt, IDSTR "=%03d", si->si_rid );
-			gots |= GOT_ID;
+			si->si_got |= GOT_RID;
 		} else if ( !strncasecmp( c->argv[ i ], PROVIDERSTR "=",
 					STRLENOF( PROVIDERSTR "=" ) ) )
 		{
 			val = c->argv[ i ] + STRLENOF( PROVIDERSTR "=" );
 			ber_str2bv( val, 0, 1, &si->si_bindconf.sb_uri );
-			gots |= GOT_PROVIDER;
+			si->si_got |= GOT_PROVIDER;
 		} else if ( !strncasecmp( c->argv[ i ], SCHEMASTR "=",
 					STRLENOF( SCHEMASTR "=" ) ) )
 		{
@@ -3553,6 +3858,7 @@
 			} else {
 				si->si_schemachecking = 1;
 			}
+			si->si_got |= GOT_SCHEMACHECKING;
 		} else if ( !strncasecmp( c->argv[ i ], FILTERSTR "=",
 					STRLENOF( FILTERSTR "=" ) ) )
 		{
@@ -3560,6 +3866,7 @@
 			if ( si->si_filterstr.bv_val )
 				ch_free( si->si_filterstr.bv_val );
 			ber_str2bv( val, 0, 1, &si->si_filterstr );
+			si->si_got |= GOT_FILTER;
 		} else if ( !strncasecmp( c->argv[ i ], LOGFILTERSTR "=",
 					STRLENOF( LOGFILTERSTR "=" ) ) )
 		{
@@ -3567,6 +3874,7 @@
 			if ( si->si_logfilterstr.bv_val )
 				ch_free( si->si_logfilterstr.bv_val );
 			ber_str2bv( val, 0, 1, &si->si_logfilterstr );
+			si->si_got |= GOT_LOGFILTER;
 		} else if ( !strncasecmp( c->argv[ i ], SEARCHBASESTR "=",
 					STRLENOF( SEARCHBASESTR "=" ) ) )
 		{
@@ -3595,7 +3903,7 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return -1;
 			}
-			gots |= GOT_BASE;
+			si->si_got |= GOT_SEARCHBASE;
 		} else if ( !strncasecmp( c->argv[ i ], LOGBASESTR "=",
 					STRLENOF( LOGBASESTR "=" ) ) )
 		{
@@ -3615,6 +3923,7 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return -1;
 			}
+			si->si_got |= GOT_LOGBASE;
 		} else if ( !strncasecmp( c->argv[ i ], SCOPESTR "=",
 					STRLENOF( SCOPESTR "=" ) ) )
 		{
@@ -3633,10 +3942,12 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return -1;
 			}
+			si->si_got |= GOT_SCOPE;
 		} else if ( !strncasecmp( c->argv[ i ], ATTRSONLYSTR,
 					STRLENOF( ATTRSONLYSTR ) ) )
 		{
 			si->si_attrsonly = 1;
+			si->si_got |= GOT_ATTRSONLY;
 		} else if ( !strncasecmp( c->argv[ i ], ATTRSSTR "=",
 					STRLENOF( ATTRSSTR "=" ) ) )
 		{
@@ -3673,6 +3984,7 @@
 					return -1;
 				}
 			}
+			si->si_got |= GOT_ATTRS;
 		} else if ( !strncasecmp( c->argv[ i ], EXATTRSSTR "=",
 					STRLENOF( EXATTRSSTR "=" ) ) )
 		{
@@ -3693,6 +4005,7 @@
 					return -1;
 				}
 			}
+			si->si_got |= GOT_EXATTRS;
 		} else if ( !strncasecmp( c->argv[ i ], TYPESTR "=",
 					STRLENOF( TYPESTR "=" ) ) )
 		{
@@ -3713,6 +4026,7 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return -1;
 			}
+			si->si_got |= GOT_TYPE;
 		} else if ( !strncasecmp( c->argv[ i ], INTERVALSTR "=",
 					STRLENOF( INTERVALSTR "=" ) ) )
 		{
@@ -3779,80 +4093,13 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return -1;
 			}
+			si->si_got |= GOT_INTERVAL;
 		} else if ( !strncasecmp( c->argv[ i ], RETRYSTR "=",
 					STRLENOF( RETRYSTR "=" ) ) )
 		{
-			char **retry_list;
-			int j, k, n;
-
-			val = c->argv[ i ] + STRLENOF( RETRYSTR "=" );
-			retry_list = (char **) ch_calloc( 1, sizeof( char * ) );
-			retry_list[0] = NULL;
-
-			slap_str2clist( &retry_list, val, " ,\t" );
-
-			for ( k = 0; retry_list && retry_list[k]; k++ ) ;
-			n = k / 2;
-			if ( k % 2 ) {
-				snprintf( c->cr_msg, sizeof( c->cr_msg ),
-					"Error: incomplete syncrepl retry list" );
-				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
-				for ( k = 0; retry_list && retry_list[k]; k++ ) {
-					ch_free( retry_list[k] );
-				}
-				ch_free( retry_list );
+			if ( parse_syncrepl_retry( c, c->argv[ i ], si ) ) {
 				return 1;
 			}
-			si->si_retryinterval = (time_t *) ch_calloc( n + 1, sizeof( time_t ) );
-			si->si_retrynum = (int *) ch_calloc( n + 1, sizeof( int ) );
-			si->si_retrynum_init = (int *) ch_calloc( n + 1, sizeof( int ) );
-			for ( j = 0; j < n; j++ ) {
-				unsigned long	t;
-				if ( lutil_atoul( &t, retry_list[j*2] ) != 0 ) {
-					snprintf( c->cr_msg, sizeof( c->cr_msg ),
-						"Error: invalid retry interval \"%s\" (#%d)",
-						retry_list[j*2], j );
-					Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
-					/* do some cleanup */
-					return 1;
-				}
-				si->si_retryinterval[j] = (time_t)t;
-				if ( *retry_list[j*2+1] == '+' ) {
-					si->si_retrynum_init[j] = RETRYNUM_FOREVER;
-					si->si_retrynum[j] = RETRYNUM_FOREVER;
-					j++;
-					break;
-				} else {
-					if ( lutil_atoi( &si->si_retrynum_init[j], retry_list[j*2+1] ) != 0
-							|| si->si_retrynum_init[j] <= 0 )
-					{
-						snprintf( c->cr_msg, sizeof( c->cr_msg ),
-							"Error: invalid initial retry number \"%s\" (#%d)",
-							retry_list[j*2+1], j );
-						Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
-						/* do some cleanup */
-						return 1;
-					}
-					if ( lutil_atoi( &si->si_retrynum[j], retry_list[j*2+1] ) != 0
-							|| si->si_retrynum[j] <= 0 )
-					{
-						snprintf( c->cr_msg, sizeof( c->cr_msg ),
-							"Error: invalid retry number \"%s\" (#%d)",
-							retry_list[j*2+1], j );
-						Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
-						/* do some cleanup */
-						return 1;
-					}
-				}
-			}
-			si->si_retrynum_init[j] = RETRYNUM_TAIL;
-			si->si_retrynum[j] = RETRYNUM_TAIL;
-			si->si_retryinterval[j] = 0;
-			
-			for ( k = 0; retry_list && retry_list[k]; k++ ) {
-				ch_free( retry_list[k] );
-			}
-			ch_free( retry_list );
 		} else if ( !strncasecmp( c->argv[ i ], MANAGEDSAITSTR "=",
 					STRLENOF( MANAGEDSAITSTR "=" ) ) )
 		{
@@ -3866,6 +4113,7 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return 1;
 			}
+			si->si_got |= GOT_MANAGEDSAIT;
 		} else if ( !strncasecmp( c->argv[ i ], SLIMITSTR "=",
 					STRLENOF( SLIMITSTR "=") ) )
 		{
@@ -3880,6 +4128,7 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return 1;
 			}
+			si->si_got |= GOT_SLIMIT;
 		} else if ( !strncasecmp( c->argv[ i ], TLIMITSTR "=",
 					STRLENOF( TLIMITSTR "=" ) ) )
 		{
@@ -3894,11 +4143,13 @@
 				Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 				return 1;
 			}
+			si->si_got |= GOT_TLIMIT;
 		} else if ( !strncasecmp( c->argv[ i ], SYNCDATASTR "=",
 					STRLENOF( SYNCDATASTR "=" ) ) )
 		{
 			val = c->argv[ i ] + STRLENOF( SYNCDATASTR "=" );
 			si->si_syncdata = verb_to_mask( val, datamodes );
+			si->si_got |= GOT_SYNCDATA;
 		} else if ( bindconf_parse( c->argv[i], &si->si_bindconf ) ) {
 			snprintf( c->cr_msg, sizeof( c->cr_msg ),
 				"Error: parse_syncrepl_line: "
@@ -3906,18 +4157,29 @@
 			Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 			return -1;
 		}
+		si->si_got |= GOT_BINDCONF;
 	}
 
-	if ( gots != GOT_ALL ) {
+	if ( ( si->si_got & GOT_REQUIRED ) != GOT_REQUIRED ) {
 		snprintf( c->cr_msg, sizeof( c->cr_msg ),
 			"Error: Malformed \"syncrepl\" line in slapd config file, missing%s%s%s",
-			gots & GOT_ID ? "" : " "IDSTR,
-			gots & GOT_PROVIDER ? "" : " "PROVIDERSTR,
-			gots & GOT_BASE ? "" : " "SEARCHBASESTR );
+			si->si_got & GOT_RID ? "" : " "IDSTR,
+			si->si_got & GOT_PROVIDER ? "" : " "PROVIDERSTR,
+			si->si_got & GOT_SEARCHBASE ? "" : " "SEARCHBASESTR );
 		Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg, 0 );
 		return -1;
 	}
 
+	if ( !( si->si_got & GOT_RETRY ) ) {
+		Debug( LDAP_DEBUG_ANY, "syncrepl %s " SEARCHBASESTR "=\"%s\": no retry defined, using default\n", 
+			si->si_ridtxt, c->be->be_suffix ? c->be->be_suffix[ 0 ].bv_val : "(null)", 0 );
+		if ( si->si_retryinterval == NULL ) {
+			if ( parse_syncrepl_retry( c, "retry=undefined", si ) ) {
+				return 1;
+			}
+		}
+	}
+
 	return 0;
 }
 
@@ -4044,9 +4306,6 @@
 			"Config: ** successfully added syncrepl \"%s\"\n",
 			BER_BVISNULL( &si->si_bindconf.sb_uri ) ?
 			"(null)" : si->si_bindconf.sb_uri.bv_val, 0, 0 );
-		if ( !si->si_schemachecking ) {
-			SLAP_DBFLAGS(c->be) |= SLAP_DBFLAG_NO_SCHEMA_CHECK;
-		}
 		if ( c->be->be_syncinfo ) {
 			si->si_cookieState = c->be->be_syncinfo->si_cookieState;
 		} else {
@@ -4064,10 +4323,10 @@
 {
 	struct berval bc, uri;
 	char buf[BUFSIZ*2], *ptr;
+	ber_len_t len;
 	int i;
+#	define WHATSLEFT	((ber_len_t) (&buf[sizeof( buf )] - ptr))
 
-#define WHATSLEFT	( sizeof( buf ) - ( ptr - buf ) )
-
 	BER_BVZERO( bv );
 
 	/* temporarily inhibit bindconf from printing URI */
@@ -4080,9 +4339,10 @@
 
 	ptr = buf;
 	assert( si->si_rid >= 0 && si->si_rid <= SLAP_SYNC_SID_MAX );
-	ptr += snprintf( ptr, WHATSLEFT, IDSTR "=%03d " PROVIDERSTR "=%s",
+	len = snprintf( ptr, WHATSLEFT, IDSTR "=%03d " PROVIDERSTR "=%s",
 		si->si_rid, si->si_bindconf.sb_uri.bv_val );
-	if ( ptr - buf >= sizeof( buf ) ) return;
+	if ( len >= sizeof( buf ) ) return;
+	ptr += len;
 	if ( !BER_BVISNULL( &bc ) ) {
 		if ( WHATSLEFT <= bc.bv_len ) {
 			free( bc.bv_val );
@@ -4140,8 +4400,8 @@
 		if ( WHATSLEFT <= STRLENOF( " " ATTRSONLYSTR "=\"" "\"" ) ) return;
 		ptr = lutil_strcopy( ptr, " " ATTRSSTR "=\"" );
 		old = ptr;
-		/* FIXME: add check for overflow */
 		ptr = anlist_unparse( si->si_anlist, ptr, WHATSLEFT );
+		if ( ptr == NULL ) return;
 		if ( si->si_allattrs ) {
 			if ( WHATSLEFT <= STRLENOF( ",*\"" ) ) return;
 			if ( old != ptr ) *ptr++ = ',';
@@ -4157,8 +4417,8 @@
 	if ( si->si_exanlist && !BER_BVISNULL(&si->si_exanlist[0].an_name) ) {
 		if ( WHATSLEFT <= STRLENOF( " " EXATTRSSTR "=" ) ) return;
 		ptr = lutil_strcopy( ptr, " " EXATTRSSTR "=" );
-		/* FIXME: add check for overflow */
 		ptr = anlist_unparse( si->si_exanlist, ptr, WHATSLEFT );
+		if ( ptr == NULL ) return;
 	}
 	if ( WHATSLEFT <= STRLENOF( " " SCHEMASTR "=" ) + STRLENOF( "off" ) ) return;
 	ptr = lutil_strcopy( ptr, " " SCHEMASTR "=" );
@@ -4179,36 +4439,46 @@
 		dd /= 60;
 		hh = dd % 24;
 		dd /= 24;
-		ptr = lutil_strcopy( ptr, " " INTERVALSTR "=" );
-		ptr += snprintf( ptr, WHATSLEFT, "%02d:%02d:%02d:%02d", dd, hh, mm, ss );
-		if ( ptr - buf >= sizeof( buf ) ) return;
-	} else if ( si->si_retryinterval ) {
-		int space=0;
+		len = snprintf( ptr, WHATSLEFT, " %s=%02d:%02d:%02d:%02d",
+			INTERVALSTR, dd, hh, mm, ss );
+		if ( len >= WHATSLEFT ) return;
+		ptr += len;
+	}
+
+	if ( si->si_got & GOT_RETRY ) {
+		const char *space = "";
 		if ( WHATSLEFT <= STRLENOF( " " RETRYSTR "=\"" "\"" ) ) return;
 		ptr = lutil_strcopy( ptr, " " RETRYSTR "=\"" );
 		for (i=0; si->si_retryinterval[i]; i++) {
-			if ( space ) *ptr++ = ' ';
-			space = 1;
-			ptr += snprintf( ptr, WHATSLEFT, "%ld ", (long) si->si_retryinterval[i] );
+			len = snprintf( ptr, WHATSLEFT, "%s%ld ", space,
+				(long) si->si_retryinterval[i] );
+			space = " ";
+			if ( WHATSLEFT - 1 <= len ) return;
+			ptr += len;
 			if ( si->si_retrynum_init[i] == RETRYNUM_FOREVER )
 				*ptr++ = '+';
-			else
-				ptr += snprintf( ptr, WHATSLEFT, "%d", si->si_retrynum_init[i] );
+			else {
+				len = snprintf( ptr, WHATSLEFT, "%d", si->si_retrynum_init[i] );
+				if ( WHATSLEFT <= len ) return;
+				ptr += len;
+			}
 		}
 		if ( WHATSLEFT <= STRLENOF( "\"" ) ) return;
 		*ptr++ = '"';
+	} else {
+		ptr = lutil_strcopy( ptr, " " RETRYSTR "=undefined" );
 	}
 
 	if ( si->si_slimit ) {
-		if ( WHATSLEFT <= STRLENOF( " " SLIMITSTR "=" ) ) return;
-		ptr = lutil_strcopy( ptr, " " SLIMITSTR "=" );
-		ptr += snprintf( ptr, WHATSLEFT, "%d", si->si_slimit );
+		len = snprintf( ptr, WHATSLEFT, " " SLIMITSTR "=%d", si->si_slimit );
+		if ( WHATSLEFT <= len ) return;
+		ptr += len;
 	}
 
 	if ( si->si_tlimit ) {
-		if ( WHATSLEFT <= STRLENOF( " " TLIMITSTR "=" ) ) return;
-		ptr = lutil_strcopy( ptr, " " TLIMITSTR "=" );
-		ptr += snprintf( ptr, WHATSLEFT, "%d", si->si_tlimit );
+		len = snprintf( ptr, WHATSLEFT, " " TLIMITSTR "=%d", si->si_tlimit );
+		if ( WHATSLEFT <= len ) return;
+		ptr += len;
 	}
 
 	if ( si->si_syncdata ) {
@@ -4240,6 +4510,7 @@
 		return 1;
 	} else if ( c->op == LDAP_MOD_DELETE ) {
 		cookie_state *cs = NULL;
+		int isrunning = 0;
 		if ( c->be->be_syncinfo ) {
 			syncinfo_t *si, **sip;
 			int i;
@@ -4248,19 +4519,21 @@
 			for ( sip = &c->be->be_syncinfo, i=0; *sip; i++ ) {
 				si = *sip;
 				if ( c->valx == -1 || i == c->valx ) {
-					int isrunning = 0;
 					*sip = si->si_next;
 					/* If the task is currently active, we have to leave
 					 * it running. It will exit on its own. This will only
 					 * happen when running on the cn=config DB.
 					 */
 					if ( si->si_re ) {
-						ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
-						isrunning = ldap_pvt_runqueue_isrunning( &slapd_rq, si->si_re );
-						ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+						if ( ldap_pvt_thread_mutex_trylock( &si->si_mutex )) {
+							isrunning = 1;
+						} else {
+							ldap_pvt_thread_mutex_unlock( &si->si_mutex );
+						}
 					}
 					if ( si->si_re && isrunning ) {
 						si->si_ctype = 0;
+						si->si_next = NULL;
 					} else {
 						syncinfo_free( si, 0 );
 					}
@@ -4272,8 +4545,9 @@
 			}
 		}
 		if ( !c->be->be_syncinfo ) {
-			SLAP_DBFLAGS( c->be ) &= ~(SLAP_DBFLAG_SHADOW|SLAP_DBFLAG_SYNC_SHADOW);
-			if ( cs ) {
+			SLAP_DBFLAGS( c->be ) &= ~SLAP_DBFLAG_SHADOW_MASK;
+			if ( cs && !isrunning ) {
+				ch_free( cs->cs_sids );
 				ber_bvarray_free( cs->cs_vals );
 				ldap_pvt_thread_mutex_destroy( &cs->cs_mutex );
 				ch_free( cs );

Modified: openldap/vendor/openldap-release/servers/slapd/syntax.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/syntax.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/syntax.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* syntax.c - routines to manage syntax definitions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/syntax.c,v 1.43.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/syntax.c,v 1.43.2.6 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,9 +30,12 @@
 };
 
 static Avlnode	*syn_index = NULL;
-static LDAP_SLIST_HEAD(SyntaxList, Syntax) syn_list
-	= LDAP_SLIST_HEAD_INITIALIZER(&syn_list);
+static LDAP_STAILQ_HEAD(SyntaxList, Syntax) syn_list
+	= LDAP_STAILQ_HEAD_INITIALIZER(syn_list);
 
+/* Last hardcoded attribute registered */
+Syntax *syn_sys_tail;
+
 static int
 syn_index_cmp(
 	const void *v_sir1,
@@ -68,7 +71,7 @@
 {
 	Syntax		*synp;
 
-	LDAP_SLIST_FOREACH(synp, &syn_list, ssyn_next) {
+	LDAP_STAILQ_FOREACH(synp, &syn_list, ssyn_next) {
 		if ((*len = dscompare( synp->ssyn_syn.syn_desc, syndesc, '{' /*'}'*/ ))) {
 			return synp;
 		}
@@ -111,9 +114,9 @@
 	Syntax	*s;
 
 	avl_free( syn_index, ldap_memfree );
-	while( !LDAP_SLIST_EMPTY( &syn_list ) ) {
-		s = LDAP_SLIST_FIRST( &syn_list );
-		LDAP_SLIST_REMOVE_HEAD( &syn_list, ssyn_next );
+	while( !LDAP_STAILQ_EMPTY( &syn_list ) ) {
+		s = LDAP_STAILQ_FIRST( &syn_list );
+		LDAP_STAILQ_REMOVE_HEAD( &syn_list, ssyn_next );
 		if ( s->ssyn_sups ) {
 			SLAP_FREE( s->ssyn_sups );
 		}
@@ -123,14 +126,13 @@
 
 static int
 syn_insert(
-    Syntax		*ssyn,
-    const char		**err
-)
+	Syntax		*ssyn,
+	Syntax		*prev,
+	const char	**err )
 {
 	struct sindexrec	*sir;
 
-	LDAP_SLIST_NEXT( ssyn, ssyn_next ) = NULL;
-	LDAP_SLIST_INSERT_HEAD( &syn_list, ssyn, ssyn_next );
+	LDAP_STAILQ_NEXT( ssyn, ssyn_next ) = NULL;
  
 	if ( ssyn->ssyn_oid ) {
 		sir = (struct sindexrec *)
@@ -150,19 +152,36 @@
 		/* FIX: temporal consistency check */
 		syn_find(sir->sir_name);
 	}
+
+	if ( ssyn->ssyn_flags & SLAP_AT_HARDCODE ) {
+		prev = syn_sys_tail;
+		syn_sys_tail = ssyn;
+	}
+
+	if ( prev ) {
+		LDAP_STAILQ_INSERT_AFTER( &syn_list, prev, ssyn, ssyn_next );
+	} else {
+		LDAP_STAILQ_INSERT_TAIL( &syn_list, ssyn, ssyn_next );
+	}
 	return 0;
 }
 
 int
 syn_add(
-    LDAPSyntax		*syn,
-    slap_syntax_defs_rec *def,
-    const char		**err
-)
+	LDAPSyntax		*syn,
+	int			user,
+	slap_syntax_defs_rec	*def,
+	Syntax			**ssynp,
+	Syntax			*prev,
+	const char		**err )
 {
 	Syntax		*ssyn;
 	int		code = 0;
 
+	if ( ssynp != NULL ) {
+		*ssynp = NULL;
+	}
+
 	ssyn = (Syntax *) SLAP_CALLOC( 1, sizeof(Syntax) );
 	if ( ssyn == NULL ) {
 		Debug( LDAP_DEBUG_ANY, "SLAP_CALLOC Error\n", 0, 0, 0 );
@@ -171,7 +190,7 @@
 
 	AC_MEMCPY( &ssyn->ssyn_syn, syn, sizeof(LDAPSyntax) );
 
-	LDAP_SLIST_NEXT(ssyn,ssyn_next) = NULL;
+	LDAP_STAILQ_NEXT(ssyn,ssyn_next) = NULL;
 
 	/*
 	 * note: ssyn_bvoid uses the same memory of ssyn_syn.syn_oid;
@@ -190,6 +209,47 @@
 	ssyn->ssyn_str2ber = def->sd_str2ber;
 #endif
 
+	if ( def->sd_validate == NULL && def->sd_pretty == NULL && syn->syn_extensions != NULL ) {
+		LDAPSchemaExtensionItem **lsei;
+		Syntax *subst = NULL;
+
+		for ( lsei = syn->syn_extensions; *lsei != NULL; lsei++) {
+			if ( strcmp( (*lsei)->lsei_name, "X-SUBST" ) != 0 ) {
+				continue;
+			}
+
+			assert( (*lsei)->lsei_values != NULL );
+			if ( (*lsei)->lsei_values[0] == '\0'
+				|| (*lsei)->lsei_values[1] != '\0' )
+			{
+				Debug( LDAP_DEBUG_ANY, "syn_add(%s): exactly one substitute syntax must be present\n",
+					ssyn->ssyn_syn.syn_oid, 0, 0 );
+				return SLAP_SCHERR_SYN_SUBST_NOT_SPECIFIED;
+			}
+
+			subst = syn_find( (*lsei)->lsei_values[0] );
+			if ( subst == NULL ) {
+				Debug( LDAP_DEBUG_ANY, "syn_add(%s): substitute syntax %s not found\n",
+					ssyn->ssyn_syn.syn_oid, (*lsei)->lsei_values[0], 0 );
+				return SLAP_SCHERR_SYN_SUBST_NOT_FOUND;
+			}
+			break;
+		}
+
+		if ( subst != NULL ) {
+			ssyn->ssyn_flags = subst->ssyn_flags;
+			ssyn->ssyn_validate = subst->ssyn_validate;
+			ssyn->ssyn_pretty = subst->ssyn_pretty;
+
+			ssyn->ssyn_sups = NULL;
+
+#ifdef SLAPD_BINARY_CONVERSION
+			ssyn->ssyn_ber2str = subst->ssyn_ber2str;
+			ssyn->ssyn_str2ber = subst->ssyn_str2ber;
+#endif
+		}
+	}
+
 	if ( def->sd_sups != NULL ) {
 		int	cnt;
 
@@ -213,9 +273,11 @@
 		}
 	}
 
+	if ( !user )
+		ssyn->ssyn_flags |= SLAP_SYNTAX_HARDCODE;
+
 	if ( code == 0 ) {
-		code = syn_insert( ssyn, err );
-
+		code = syn_insert( ssyn, prev, err );
 	}
 
 	if ( code != 0 && ssyn != NULL ) {
@@ -223,8 +285,13 @@
 			SLAP_FREE( ssyn->ssyn_sups );
 		}
 		SLAP_FREE( ssyn );
+		ssyn = NULL;
 	}
 
+	if (ssynp ) {
+		*ssynp = ssyn;
+	}
+
 	return code;
 }
 
@@ -244,7 +311,7 @@
 		return( -1 );
 	}
 
-	code = syn_add( syn, def, &err );
+	code = syn_add( syn, 0, def, NULL, NULL, &err );
 
 	if ( code ) {
 		Debug( LDAP_DEBUG_ANY, "Error in register_syntax: %s %s in %s\n",
@@ -267,7 +334,7 @@
 	struct berval	val;
 	struct berval	nval;
 
-	LDAP_SLIST_FOREACH(syn, &syn_list, ssyn_next ) {
+	LDAP_STAILQ_FOREACH(syn, &syn_list, ssyn_next ) {
 		if ( ! syn->ssyn_validate ) {
 			/* skip syntaxes without validators */
 			continue;
@@ -297,3 +364,92 @@
 	return 0;
 }
 
+void
+syn_delete( Syntax *syn )
+{
+	LDAP_STAILQ_REMOVE(&syn_list, syn, Syntax, ssyn_next);
+}
+
+int
+syn_start( Syntax **syn )
+{
+	assert( syn != NULL );
+
+	*syn = LDAP_STAILQ_FIRST(&syn_list);
+
+	return (*syn != NULL);
+}
+
+int
+syn_next( Syntax **syn )
+{
+	assert( syn != NULL );
+
+#if 0	/* pedantic check: don't use this */
+	{
+		Syntax *tmp = NULL;
+
+		LDAP_STAILQ_FOREACH(tmp,&syn_list,ssyn_next) {
+			if ( tmp == *syn ) {
+				break;
+			}
+		}
+
+		assert( tmp != NULL );
+	}
+#endif
+
+	*syn = LDAP_STAILQ_NEXT(*syn,ssyn_next);
+
+	return (*syn != NULL);
+}
+
+void
+syn_unparse( BerVarray *res, Syntax *start, Syntax *end, int sys )
+{
+	Syntax *syn;
+	int i, num;
+	struct berval bv, *bva = NULL, idx;
+	char ibuf[32];
+
+	if ( !start )
+		start = LDAP_STAILQ_FIRST( &syn_list );
+
+	/* count the result size */
+	i = 0;
+	for ( syn = start; syn; syn = LDAP_STAILQ_NEXT( syn, ssyn_next ) ) {
+		if ( sys && !( syn->ssyn_flags & SLAP_SYNTAX_HARDCODE ) ) break;
+		i++;
+		if ( syn == end ) break;
+	}
+	if ( !i ) return;
+
+	num = i;
+	bva = ch_malloc( (num+1) * sizeof(struct berval) );
+	BER_BVZERO( bva );
+	idx.bv_val = ibuf;
+	if ( sys ) {
+		idx.bv_len = 0;
+		ibuf[0] = '\0';
+	}
+	i = 0;
+	for ( syn = start; syn; syn = LDAP_STAILQ_NEXT( syn, ssyn_next ) ) {
+		if ( sys && !( syn->ssyn_flags & SLAP_SYNTAX_HARDCODE ) ) break;
+		if ( ldap_syntax2bv( &syn->ssyn_syn, &bv ) == NULL ) {
+			ber_bvarray_free( bva );
+		}
+		if ( !sys ) {
+			idx.bv_len = sprintf(idx.bv_val, "{%d}", i);
+		}
+		bva[i].bv_len = idx.bv_len + bv.bv_len;
+		bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
+		strcpy( bva[i].bv_val, ibuf );
+		strcpy( bva[i].bv_val + idx.bv_len, bv.bv_val );
+		i++;
+		bva[i].bv_val = NULL;
+		ldap_memfree( bv.bv_val );
+		if ( syn == end ) break;
+	}
+	*res = bva;
+}
+

Modified: openldap/vendor/openldap-release/servers/slapd/txn.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/txn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/txn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* txn.c - LDAP Transactions */
-/* $OpenLDAP: pkg/ldap/servers/slapd/txn.c,v 1.6.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/txn.c,v 1.6.2.4 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/unbind.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/unbind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/unbind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* unbind.c - decode an ldap unbind operation and pass it to a backend db */
-/* $OpenLDAP: pkg/ldap/servers/slapd/unbind.c,v 1.26.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/unbind.c,v 1.26.2.4 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/servers/slapd/user.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/user.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/user.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* user.c - set user id, group id and group access list */
-/* $OpenLDAP: pkg/ldap/servers/slapd/user.c,v 1.25.2.3 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/user.c,v 1.25.2.4 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * Portions Copyright 1999 PM Lashley.
  * All rights reserved.
  *

Modified: openldap/vendor/openldap-release/servers/slapd/value.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/value.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/value.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* value.c - routines for dealing with values */
-/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.96.2.6 2008/02/11 23:26:45 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/servers/slapd/value.c,v 1.96.2.8 2009/01/22 00:01:04 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -267,12 +267,12 @@
 {
 	char *ptr, ibuf[64];	/* many digits */
 	struct berval ibv, tmp, vtmp;
-	int i;
+	unsigned i;
 
 	ibv.bv_val = ibuf;
 
 	for (i=0; i<a->a_numvals; i++) {
-		ibv.bv_len = sprintf(ibv.bv_val, "{%d}", i);
+		ibv.bv_len = sprintf(ibv.bv_val, "{%u}", i);
 		vtmp = a->a_vals[i];
 		if ( vtmp.bv_val[0] == '{' ) {
 			ptr = ber_bvchr(&vtmp, '}');
@@ -750,7 +750,7 @@
 			k = strtol( vals[i].bv_val + 1, &next, 0 );
 			if ( next == vals[i].bv_val + 1 ||
 				next[ 0 ] != '}' ||
-				next - vals[i].bv_val > vals[i].bv_len )
+				(ber_len_t) (next - vals[i].bv_val) > vals[i].bv_len )
 			{
 				ch_free( nnew );
 				ch_free( new );

Modified: openldap/vendor/openldap-release/servers/slapd/zn_malloc.c
===================================================================
--- openldap/vendor/openldap-release/servers/slapd/zn_malloc.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/servers/slapd/zn_malloc.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 /* zn_malloc.c - zone-based malloc routines */
-/* $OpenLDAP: pkg/ldap/servers/slapd/zn_malloc.c,v 1.11.2.3 2008/02/11 23:26:45 kurt Exp $*/
+/* $OpenLDAP: pkg/ldap/servers/slapd/zn_malloc.c,v 1.11.2.4 2009/01/22 00:01:04 kurt Exp $*/
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2003-2008 The OpenLDAP Foundation.
+ * Copyright 2003-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/tests/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # Makefile.in for tests
-# $OpenLDAP: pkg/ldap/tests/Makefile.in,v 1.60.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/Makefile.in,v 1.60.2.5 2009/01/22 00:01:15 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/ditcontentrules.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/ditcontentrules.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/ditcontentrules.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-# $OpenLDAP: pkg/ldap/tests/data/ditcontentrules.conf,v 1.6.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/ditcontentrules.conf,v 1.6.2.4 2009/01/22 00:01:15 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/dn.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/dn.out	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/dn.out	2009-02-17 16:18:54 UTC (rev 1195)
@@ -78,15 +78,15 @@
 cn: Name and Optional UID
 uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 uniqueMember: #'1'B
-uniqueMember: #'10'B
+uniqueMember: #'0010'B
 uniqueMember: dc=example,dc=com#'1000'B
-uniqueMember: dc=example,dc=com#'0'B
+uniqueMember: dc=example,dc=com#''B
 description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
   only DN portion
 description: #'1'B // empty "" DN
 description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
-description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+description: dc=example,dc=com#''B // with DN portion + bitstring with no bits
 
 dn: ou=Related Syntaxes,dc=example,dc=com
 objectClass: organizationalUnit
@@ -183,20 +183,21 @@
 
 # Searching database for nameAndOptionalUID="dc=example,dc=com"...
 # Searching database for nameAndOptionalUID="dc=example,dc=com#'001000'B"...
+# Searching database for nameAndOptionalUID="dc=example,dc=com#'1000'B"...
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames
 cn: Name and Optional UID
 uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 uniqueMember: #'1'B
-uniqueMember: #'10'B
+uniqueMember: #'0010'B
 uniqueMember: dc=example,dc=com#'1000'B
-uniqueMember: dc=example,dc=com#'0'B
+uniqueMember: dc=example,dc=com#''B
 description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
   only DN portion
 description: #'1'B // empty "" DN
 description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
-description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+description: dc=example,dc=com#''B // with DN portion + bitstring with no bits
 
 # Searching database for uniqueMember~="dc=example,dc=com" (approx)...
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
@@ -204,29 +205,29 @@
 cn: Name and Optional UID
 uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 uniqueMember: #'1'B
-uniqueMember: #'10'B
+uniqueMember: #'0010'B
 uniqueMember: dc=example,dc=com#'1000'B
-uniqueMember: dc=example,dc=com#'0'B
+uniqueMember: dc=example,dc=com#''B
 description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
   only DN portion
 description: #'1'B // empty "" DN
 description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
-description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+description: dc=example,dc=com#''B // with DN portion + bitstring with no bits
 
-# Searching database for uniqueMember~="dc=example,dc=com#'001000'B" (approx)...
+# Searching database for uniqueMember~="dc=example,dc=com#'1000'B" (approx)...
 dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames
 cn: Name and Optional UID
 uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 uniqueMember: #'1'B
-uniqueMember: #'10'B
+uniqueMember: #'0010'B
 uniqueMember: dc=example,dc=com#'1000'B
-uniqueMember: dc=example,dc=com#'0'B
+uniqueMember: dc=example,dc=com#''B
 description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com //
   only DN portion
 description: #'1'B // empty "" DN
 description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
-description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+description: dc=example,dc=com#''B // with DN portion + bitstring with no bits
 

Modified: openldap/vendor/openldap-release/tests/data/dynlist.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/dynlist.out	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/dynlist.out	2009-02-17 16:18:54 UTC (rev 1195)
@@ -71,6 +71,83 @@
 # Testing list compare with manageDSAit...
 FALSE
 
+# Testing list search of all (mapped) attrs...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+objectClass: groupOfURLs
+cn: Dynamic List
+memberURL: ldap:///ou=People,dc=example,dc=com?cn,mail?sub?(objectClass=person
+ )
+sn: Barbara Jensen
+sn: Babs Jensen
+sn: Bjorn Jensen
+sn: Biiff Jensen
+sn: Dorothy Stevens
+sn: Dot Stevens
+sn: James A Jones 1
+sn: James Jones
+sn: Jim Jones
+sn: James A Jones 2
+sn: Jane Doe
+sn: Jane Alverson
+sn: Jennifer Smith
+sn: Jen Smith
+sn: John Doe
+sn: Jonathon Doe
+sn: Mark Elliot
+sn: Mark A Elliot
+sn: Ursula Hampster
+mail: bjensen at mailgw.example.com
+mail: bjorn at mailgw.example.com
+mail: dots at mail.alumni.example.com
+mail: jaj at mail.alumni.example.com
+mail: jjones at mailgw.example.com
+mail: jdoe at woof.net
+mail: jen at mail.alumni.example.com
+mail: johnd at mailgw.example.com
+mail: melliot at mail.alumni.example.com
+mail: uham at mail.alumni.example.com
+
+# Testing list search of a (mapped) listed attr...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+sn: Barbara Jensen
+sn: Babs Jensen
+sn: Bjorn Jensen
+sn: Biiff Jensen
+sn: Dorothy Stevens
+sn: Dot Stevens
+sn: James A Jones 1
+sn: James Jones
+sn: Jim Jones
+sn: James A Jones 2
+sn: Jane Doe
+sn: Jane Alverson
+sn: Jennifer Smith
+sn: Jen Smith
+sn: John Doe
+sn: Jonathon Doe
+sn: Mark Elliot
+sn: Mark A Elliot
+sn: Ursula Hampster
+
+# Testing list search of a (n unmapped) listed attr...
+dn: cn=Dynamic List,ou=Dynamic Lists,dc=example,dc=com
+mail: bjensen at mailgw.example.com
+mail: bjorn at mailgw.example.com
+mail: dots at mail.alumni.example.com
+mail: jaj at mail.alumni.example.com
+mail: jjones at mailgw.example.com
+mail: jdoe at woof.net
+mail: jen at mail.alumni.example.com
+mail: johnd at mailgw.example.com
+mail: melliot at mail.alumni.example.com
+mail: uham at mail.alumni.example.com
+
+# Testing list compare (mapped attrs) ...
+TRUE
+
+# Testing list compare (mapped attrs; should return FALSE)...
+FALSE
+
 # Testing list search of all attrs...
 dn: cn=Dynamic List of Members,ou=Dynamic Lists,dc=example,dc=com
 objectClass: groupOfURLs

Modified: openldap/vendor/openldap-release/tests/data/memberof.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/memberof.out	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/memberof.out	2009-02-17 16:18:54 UTC (rev 1195)
@@ -148,3 +148,44 @@
 sn: Rabbit
 memberOf: cn=Cartoonia,ou=Groups,dc=example,dc=com
 
+# Re-search the entire database...
+dn: dc=example,dc=com
+objectClass: organization
+objectClass: dcObject
+o: Example, Inc.
+dc: example
+
+dn: cn=group1,ou=Groups,dc=example,dc=com
+objectClass: groupA
+cn: group1
+
+dn: cn=group2,ou=Groups,dc=example,dc=com
+objectClass: groupB
+cn: group2
+memberB: cn=person1,ou=People,dc=example,dc=com
+memberB: cn=person2,ou=People,dc=example,dc=com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: People
+
+dn: cn=person1,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person1
+sn: person1
+memberOfB: cn=group2,ou=Groups,dc=example,dc=com
+
+dn: cn=person2,ou=People,dc=example,dc=com
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person2
+sn: person2
+memberOfB: cn=group2,ou=Groups,dc=example,dc=com
+

Modified: openldap/vendor/openldap-release/tests/data/meta.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/meta.out	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/meta.out	2009-02-17 16:18:54 UTC (rev 1195)
@@ -404,6 +404,7 @@
 dn: ou=Meta,o=Example,c=US
 objectClass: organizationalUnit
 ou: Meta
+seeAlso: dc=OpenLDAP,dc=org
 
 dn: ou=People,o=Example,c=US
 objectClass: organizationalUnit
@@ -447,6 +448,7 @@
 dn: ou=Meta,o=Example,c=US
 objectClass: organizationalUnit
 ou: Meta
+seeAlso: dc=OpenLDAP,dc=org
 
 # refldap://localhost:9016/cn=Somewhere,ou=Meta,dc=example,dc=com??sub
 
@@ -875,6 +877,7 @@
 dn: ou=Meta,o=Example,c=US
 objectClass: organizationalUnit
 ou: Meta
+seeAlso: dc=OpenLDAP,dc=org
 description: added to "ou=Meta,o=Example,c=US"
 
 dn: ou=People,o=Example,c=US
@@ -1338,6 +1341,7 @@
 dn: ou=Meta,o=Example,c=US
 objectClass: organizationalUnit
 ou: Meta
+seeAlso: dc=OpenLDAP,dc=org
 description: added to "ou=Meta,o=Example,c=US"
 
 dn: ou=People,o=Example,c=US

Modified: openldap/vendor/openldap-release/tests/data/metaconcurrency.out
===================================================================
--- openldap/vendor/openldap-release/tests/data/metaconcurrency.out	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/metaconcurrency.out	2009-02-17 16:18:54 UTC (rev 1195)
@@ -403,6 +403,7 @@
 dn: ou=Meta,o=Example,c=US
 objectClass: organizationalUnit
 ou: Meta
+seeAlso: dc=OpenLDAP,dc=org
 
 dn: ou=People,o=Example,c=US
 objectClass: organizationalUnit

Added: openldap/vendor/openldap-release/tests/data/ndb.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/ndb.conf	                        (rev 0)
+++ openldap/vendor/openldap-release/tests/data/ndb.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,23 @@
+# back-ndb boilerplate config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/ndb.conf,v 1.1.2.2 2009/01/22 00:01:15 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+dbuser	root
+dbhost	localhost
+dbconnect	127.0.0.1
+dbsocket	/tmp/mysql.sock
+attrset extensibleObject uidNumber,gidNumber
+attrblob description
+index cn
+#index sn

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4184/its4184
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4184/its4184	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4184/its4184	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4184/its4184,v 1.4.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4184/its4184,v 1.4.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4326/its4326
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4326/its4326	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4326/its4326	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4326/its4326,v 1.2.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4326/its4326,v 1.2.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4326/slapd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4326/slapd.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4326/slapd.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # proxy slapd config -- for regression of back-ldap server unavailable issue
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4326/slapd.conf,v 1.2.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4326/slapd.conf,v 1.2.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4336/its4336
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4336/its4336	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4336/its4336	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4336/its4336,v 1.2.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4336/its4336,v 1.2.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4336/slapd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4336/slapd.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4336/slapd.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4336/slapd.conf,v 1.2.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4336/slapd.conf,v 1.2.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4337/its4337
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4337/its4337	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4337/its4337	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4337/its4337,v 1.1.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4337/its4337,v 1.1.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4337/slapd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4337/slapd.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4337/slapd.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4337/slapd.conf,v 1.1.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4337/slapd.conf,v 1.1.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4448/its4448
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4448/its4448	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4448/its4448	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4448/its4448,v 1.1.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4448/its4448,v 1.1.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/regressions/its4448/slapd-meta.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/regressions/its4448/slapd-meta.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/regressions/its4448/slapd-meta.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/regressions/its4448/slapd-meta.conf,v 1.1.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/regressions/its4448/slapd-meta.conf,v 1.1.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/retcode.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/retcode.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/retcode.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slapo-retcode standard track response codes configuration example
-# $OpenLDAP: pkg/ldap/tests/data/retcode.conf,v 1.5.2.3 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/retcode.conf,v 1.5.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-2db.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-2db.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-2db.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-2db.conf,v 1.1.2.1 2008/02/11 17:47:04 hallvard Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-2db.conf,v 1.1.2.3 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -38,6 +38,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 database	@BACKEND@
 suffix		"dc=example,dc=com"
@@ -48,5 +50,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-aci.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-aci.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-aci.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-aci.conf,v 1.4.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-aci.conf,v 1.4.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -50,6 +50,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 access to dn.subtree="dc=example,dc=com"
 	by dynacl/aci write

Modified: openldap/vendor/openldap-release/tests/data/slapd-acl.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-acl.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-acl.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.71.2.5 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.71.2.9 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -50,9 +50,12 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
-
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
+add_content_acl	on
 #access		to attrs=objectclass dn.subtree="dc=example,dc=com"
 access		to attrs=objectclass
+		by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
 		by * =rsc stop
 
 #access		to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"

Modified: openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-cache-master.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for proxy cache testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-cache-master.conf,v 1.14.2.4 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-cache-master.conf,v 1.14.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -40,5 +40,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-chain1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-chain1.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-chain1.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-chain1.conf,v 1.9.2.4 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-chain1.conf,v 1.9.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -58,5 +58,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-chain2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-chain2.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-chain2.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-chain2.conf,v 1.9.2.4 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-chain2.conf,v 1.9.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -47,6 +47,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 #
 # uses the chain overlay as database specific;

Modified: openldap/vendor/openldap-release/tests/data/slapd-component.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-component.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-component.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-component.conf,v 1.13.2.4 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-component.conf,v 1.13.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -43,5 +43,7 @@
 rootpw		secret
 #bdb#index		objectClass eq
 #hdb#index		objectClass eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-config-undo.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-config-undo.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-config-undo.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -14,6 +14,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor
 

Modified: openldap/vendor/openldap-release/tests/data/slapd-dds.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dds.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-dds.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-dds.conf,v 1.2.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dds.conf,v 1.2.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2005-2008 The OpenLDAP Foundation.
+## Copyright 2005-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,9 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryExpireTimestamp	eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
+add_content_acl	on
 
 overlay		dds
 dds-max-ttl	1d
@@ -64,19 +67,21 @@
         by users write
 
 access to dn.onelevel="ou=Groups,dc=example,dc=com"
-                attrs=entry
-        by dnattr=creatorsName write
+                attrs=entryTtl
+        by dnattr=member manage
         by * read
 
 access to dn.onelevel="ou=Groups,dc=example,dc=com"
-                attrs=member
         by dnattr=creatorsName write
-        by users selfwrite
+        by * break
+
+access to dn.onelevel="ou=Groups,dc=example,dc=com"
+                attrs=entry
         by * read
 
 access to dn.onelevel="ou=Groups,dc=example,dc=com"
-                attrs=entryTtl
-        by dnattr=member manage
+                attrs=member
+        by users selfwrite
         by * read
 
 access to *

Modified: openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-deltasync-master.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing of Delta SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-deltasync-master.conf,v 1.3.2.4 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-deltasync-master.conf,v 1.3.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,8 @@
 #bdb#index		entryUUID,entryCSN	eq
 #hdb#index		objectClass	eq
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 overlay syncprov
 syncprov-reloadhint true
@@ -60,6 +62,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 
 access to *

Modified: openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-deltasync-slave.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of Delta SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-deltasync-slave.conf,v 1.2.2.4 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-deltasync-slave.conf,v 1.2.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -51,6 +51,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_3
+#ndb#include @DATADIR@/ndb.conf
 
 # Don't change syncrepl spec yet
 syncrepl	rid=1

Modified: openldap/vendor/openldap-release/tests/data/slapd-dn.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dn.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-dn.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with refint overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-dn.conf,v 1.10.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dn.conf,v 1.10.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -42,5 +42,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-dnssrv.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # DNS SRV slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-dnssrv.conf,v 1.19.2.3 2008/02/12 01:07:39 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dnssrv.conf,v 1.19.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-dynlist.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP: pkg/ldap/tests/data/slapd-dynlist.conf,v 1.3.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -46,6 +47,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 # we'll reconfigure the attrset dynamically
 overlay			dynlist

Modified: openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-emptydn.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with refint overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-emptydn.conf,v 1.8.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-emptydn.conf,v 1.8.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -47,6 +47,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 access		to attrs=userPassword
 		by dn.exact="cn=Manager,c=US" write
@@ -70,6 +72,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 access		to attrs=userPassword
 		by self =wx

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-ldap.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-ldap.conf,v 1.6.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-ldap.conf,v 1.6.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl1.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for backglue testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl1.conf,v 1.9.2.4 2008/02/12 01:10:27 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl1.conf,v 1.9.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,8 @@
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
 #hdb#index		entryUUID,entryCSN	pres
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay		syncprov
 
@@ -60,6 +62,8 @@
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
 #hdb#index		entryUUID,entryCSN	pres
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 syncrepl	rid=1
 		provider=@URI2@
@@ -88,6 +92,8 @@
 #hdb#index		objectclass	eq
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
+#ndb#dbname db_3
+#ndb#include @DATADIR@/ndb.conf
 
 #overlay		syncprov
 

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue-syncrepl2.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for backglue testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl2.conf,v 1.9.2.4 2008/02/12 01:10:27 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue-syncrepl2.conf,v 1.9.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,8 @@
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
 #hdb#index		entryUUID,entryCSN	pres
+#ndb#dbname db_4
+#ndb#include @DATADIR@/ndb.conf
 
 
 syncrepl	rid=2
@@ -74,6 +76,8 @@
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
 #hdb#index		entryUUID,entryCSN	pres
+#ndb#dbname db_5
+#ndb#include @DATADIR@/ndb.conf
 
 
 overlay		syncprov
@@ -90,6 +94,8 @@
 #hdb#index		objectclass	eq
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
+#ndb#dbname db_6
+#ndb#include @DATADIR@/ndb.conf
 
 
 #overlay		syncprov

Modified: openldap/vendor/openldap-release/tests/data/slapd-glue.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-glue.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-glue.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for backglue testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-glue.conf,v 1.21.2.4 2008/02/12 01:10:27 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-glue.conf,v 1.21.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,8 @@
 #hdb#index		objectclass	eq
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 database	@BACKEND@
 suffix		"ou=Groups,dc=example,dc=com"
@@ -53,6 +55,8 @@
 #hdb#index		objectclass	eq
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 database	@BACKEND@
 suffix		"dc=example,dc=com"
@@ -65,5 +69,7 @@
 #hdb#index		objectclass	eq
 #hdb#index		uid	pres,eq,sub
 #hdb#index		cn,sn	pres,eq,sub,subany
+#ndb#dbname db_3
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-idassert.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-idassert.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-idassert.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-idassert.conf,v 1.16.2.5 2008/04/15 00:05:16 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-idassert.conf,v 1.16.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -66,6 +66,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
 		attrs=authzTo
@@ -82,6 +84,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 database	ldap
 suffix		"o=Example,c=US"

Modified: openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-ldapglue.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ldapglue.conf,v 1.12.2.5 2008/04/15 00:05:16 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ldapglue.conf,v 1.12.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -75,5 +75,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-ldapgluegroups.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ldapgluegroups.conf,v 1.8.2.5 2008/02/12 01:10:27 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ldapgluegroups.conf,v 1.8.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -57,5 +57,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_6
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-ldapgluepeople.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ldapgluepeople.conf,v 1.10.2.5 2008/02/12 01:10:27 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ldapgluepeople.conf,v 1.10.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -58,5 +58,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_5
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-limits.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-limits.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-limits.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-limits.conf,v 1.13.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-limits.conf,v 1.13.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,8 @@
 #bdb#index		uid eq
 #hdb#index		objectClass eq
 #hdb#index		uid eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 # Need extra limits for pagedResults on backends that support it...
 #bdb#limits	dn.exact="cn=Unlimited User,ou=Paged Results Users,dc=example,dc=com" size=4 size.pr=unlimited

Modified: openldap/vendor/openldap-release/tests/data/slapd-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-master.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-master.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-master.conf,v 1.47.2.4 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-master.conf,v 1.47.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -40,5 +40,7 @@
 rootpw		secret
 #bdb#index		objectClass eq
 #hdb#index		objectClass eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-meta-target1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-meta-target1.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-meta-target1.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-meta-target1.conf,v 1.1.2.2 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta-target1.conf,v 1.1.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -45,6 +45,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 # ITS#5154: force mixed success/failure of binds using same connection
 access to dn="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,dc=example,dc=com"

Modified: openldap/vendor/openldap-release/tests/data/slapd-meta-target2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-meta-target2.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-meta-target2.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-meta-target2.conf,v 1.1.2.2 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta-target2.conf,v 1.1.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -46,7 +46,11 @@
 directory	@TESTDIR@/db.2.a
 rootdn		"cn=Manager,ou=Meta,dc=example,dc=com"
 rootpw		secret
-#bdb#index		objectClass eq
-#hdb#index		objectClass eq
+#bdb#index		objectClass	eq
+#bdb#index		cn,sn,uid	pres,eq,sub
+#hdb#index		objectClass	eq
+#hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-meta.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-meta.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-meta.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-meta.conf,v 1.12.2.6 2008/07/13 21:52:10 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-meta.conf,v 1.12.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-nis-master.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing (needs updating)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-nis-master.conf,v 1.20.2.4 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-nis-master.conf,v 1.20.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-passwd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-passwd.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-passwd.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-passwd.conf,v 1.21.2.3 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-passwd.conf,v 1.21.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-ppolicy.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.11.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ppolicy.conf,v 1.11.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -40,6 +40,8 @@
 rootpw		secret
 #bdb#index		objectClass eq
 #hdb#index		objectClass eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay		ppolicy
 ppolicy_default	"cn=Standard Policy,ou=Policies,dc=example,dc=com"

Modified: openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-proxycache.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # proxy cache slapd config 
-# $OpenLDAP: pkg/ldap/tests/data/slapd-proxycache.conf,v 1.24.2.6 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-proxycache.conf,v 1.24.2.8 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -60,5 +60,7 @@
 #bdb#index		cn,sn,uid,mail	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid,mail	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-pw.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-pw.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-pw.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.34.2.5 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.34.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -40,6 +40,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #
 # normal installations should protect root dse,

Modified: openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-ref-slave.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for default referral testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-ref-slave.conf,v 1.40.2.4 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-ref-slave.conf,v 1.40.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -45,5 +45,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-referrals.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-referrals.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-referrals.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # referral slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-referrals.conf,v 1.15.2.4 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-referrals.conf,v 1.15.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -37,5 +37,7 @@
 rootpw		secret
 #bdb#index		objectClass eq
 #hdb#index		objectClass eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-refint.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-refint.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-refint.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with refint overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-refint.conf,v 1.9.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-refint.conf,v 1.9.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay		refint
 refint_attributes	manager secretary member

Modified: openldap/vendor/openldap-release/tests/data/slapd-relay.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-relay.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-relay.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-relay.conf,v 1.13.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-relay.conf,v 1.13.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,8 @@
 rootpw		secret
 #bdb#index		objectClass eq
 #hdb#index		objectClass eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 database	@RELAY@
 suffix		"o=Example,c=US"

Modified: openldap/vendor/openldap-release/tests/data/slapd-repl-slave-remote.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-repl-slave-remote.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-repl-slave-remote.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-repl-slave-remote.conf,v 1.2.2.5 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-repl-slave-remote.conf,v 1.2.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -63,6 +63,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID	pres,eq
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 # Need to strip hasSubordinates from internal searches otherwise
 # syncrepl will try to delete it, since syncprov is not sending

Modified: openldap/vendor/openldap-release/tests/data/slapd-retcode.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-retcode.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-retcode.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-retcode.conf,v 1.4.2.4 2008/02/12 01:13:56 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-retcode.conf,v 1.4.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay		retcode
 retcode-parent	"ou=RetCodes,dc=example,dc=com"

Modified: openldap/vendor/openldap-release/tests/data/slapd-schema.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-schema.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-schema.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-schema.conf,v 1.35.2.5 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-schema.conf,v 1.35.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -49,11 +49,7 @@
 directory	@TESTDIR@/db.1.a
 #bdb#index		objectClass eq
 #hdb#index		objectClass eq
+#ndb#dbname db_1_a
+#ndb#include @DATADIR@/ndb.conf
 
-#database	@BACKEND@
-#suffix		"dc=example,dc=com"
-#directory	@TESTDIR@/db.1.b
-##bdb#index		objectClass eq
-##hdb#index		objectClass eq
-
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-sql-syncrepl-master.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-sql-syncrepl-master.conf,v 1.6.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-sql-syncrepl-master.conf,v 1.6.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-sql.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-sql.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-sql.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-sql.conf,v 1.15.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-sql.conf,v 1.15.2.4 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-master.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-master.conf,v 1.17.2.4 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-master.conf,v 1.17.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay	syncprov
 #syncprov-sessionlog 100

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-multiproxy.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of SYNC replication with intermediate proxy
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-multiproxy.conf,v 1.2.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-multiproxy.conf,v 1.2.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -46,6 +46,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay	syncprov
 syncprov-sessionlog 100

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist-ldap.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of SYNC replication with intermediate proxy
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist-ldap.conf,v 1.5.2.5 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist-ldap.conf,v 1.5.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist1.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist1.conf,v 1.23.2.4 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist1.conf,v 1.23.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -49,8 +49,12 @@
 rootpw		secret
 #bdb#index		objectClass	eq
 #bdb#index		cn,sn,uid	pres,eq,sub
+#bdb#index		entryUUID,entryCSN	eq
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_4
+#ndb#include @DATADIR@/ndb.conf
 
 # Don't change syncrepl spec yet
 syncrepl	rid=1

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist2.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist2.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,5 +1,5 @@
 # slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist2.conf,v 1.15.2.2 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist2.conf,v 1.15.2.3 2008/09/03 20:58:06 quanah Exp $
 
 include		@SCHEMADIR@/core.schema
 include		@SCHEMADIR@/cosine.schema
@@ -30,6 +30,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_5
+#ndb#include @DATADIR@/ndb.conf
 
 # Don't change syncrepl spec yet
 syncrepl	rid=1

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-persist3.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist3.conf,v 1.18.2.4 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-persist3.conf,v 1.18.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -42,6 +42,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_6
+#ndb#include @DATADIR@/ndb.conf
 
 # Don't change syncrepl spec yet
 syncrepl	rid=1

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh1.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh1.conf,v 1.28.2.4 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh1.conf,v 1.28.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 # Don't change syncrepl spec yet
 syncrepl	rid=1

Modified: openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-syncrepl-slave-refresh2.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # slave slapd config -- for testing of SYNC replication
-# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh2.conf,v 1.20.2.4 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-syncrepl-slave-refresh2.conf,v 1.20.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -42,6 +42,8 @@
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		entryUUID,entryCSN	eq
+#ndb#dbname db_3
+#ndb#include @DATADIR@/ndb.conf
 
 # Don't change syncrepl spec yet
 syncrepl	rid=1

Modified: openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-translucent-local.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with translucent overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-local.conf,v 1.9.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-local.conf,v 1.9.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -48,13 +48,15 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 overlay		translucent
 translucent_no_glue
 
 uri		@URI1@
 # "lastmod off" is not strictly required because the instance of back-ldap
-# added by the translucent overlay sets it off for the underling database;
+# added by the translucent overlay sets it off for the underlying database;
 # however, the local database needs to have "lastmod off" so it's here as
 # a reminder.
 lastmod	off

Modified: openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-translucent-remote.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with translucent overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-remote.conf,v 1.6.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-translucent-remote.conf,v 1.6.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -13,7 +13,6 @@
 ## top-level directory of the distribution or, alternatively, at
 ## <http://www.OpenLDAP.org/license.html>.
 
-ucdata-path	./ucdata
 include		@SCHEMADIR@/core.schema
 include		@SCHEMADIR@/cosine.schema
 include		@SCHEMADIR@/inetorgperson.schema
@@ -44,3 +43,5 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf

Modified: openldap/vendor/openldap-release/tests/data/slapd-unique.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-unique.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-unique.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with unique overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-unique.conf,v 1.11.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-unique.conf,v 1.11.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay			unique
 

Added: openldap/vendor/openldap-release/tests/data/slapd-valregex.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-valregex.conf	                        (rev 0)
+++ openldap/vendor/openldap-release/tests/data/slapd-valregex.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,73 @@
+# master slapd config -- for testing
+# $OpenLDAP: pkg/ldap/tests/data/slapd-valregex.conf,v 1.1.2.2 2009/01/22 00:01:16 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
+
+# global ACLs
+#
+# normal installations should protect root dse, cn=monitor, cn=subschema
+#
+
+access		to dn.exact="" attrs=objectClass
+		by users read
+access		to *
+		by * read
+
+#mod#modulepath	../servers/slapd/back- at BACKEND@/
+#mod#moduleload	back_ at BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database	@BACKEND@
+
+suffix		"dc=example,dc=com"
+directory	@TESTDIR@/db.1.a
+rootdn		"cn=Manager,dc=example,dc=com"
+rootpw		secret
+#bdb#index		objectClass	eq
+#bdb#index		cn,sn,uid	pres,eq,sub
+#hdb#index		objectClass	eq
+#hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
+
+access to attrs=userPassword
+	by anonymous auth  
+	by * none stop
+
+access to attrs=sn val.regex="^(.*)$"
+	by dn.exact,expand="cn=${v1},ou=Alumni Association,ou=People,dc=example,dc=com" write
+	by * read stop
+
+access to attrs=sn val.regex="."
+	by * read stop
+
+access to attrs=sn
+        by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" write
+	by * read stop
+
+# fall into global ACLs
+
+#monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd-valsort.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-valsort.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-valsort.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with unique overlay)
-# $OpenLDAP: pkg/ldap/tests/data/slapd-valsort.conf,v 1.3.2.5 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-valsort.conf,v 1.3.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -41,6 +41,8 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 overlay			valsort
 valsort-attr		sn ou=users,o=valsort alpha-ascend

Modified: openldap/vendor/openldap-release/tests/data/slapd-whoami.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd-whoami.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd-whoami.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # master slapd config -- for testing
-# $OpenLDAP: pkg/ldap/tests/data/slapd-whoami.conf,v 1.10.2.5 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd-whoami.conf,v 1.10.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -60,5 +60,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd.conf,v 1.39.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd.conf,v 1.39.2.7 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -43,7 +43,11 @@
 rootpw		secret
 #bdb#index		objectClass	eq
 #bdb#index		cn,sn,uid	pres,eq,sub
+#bdb#checkpoint		1024 5
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#hdb#checkpoint		1024 5
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/slapd2.conf
===================================================================
--- openldap/vendor/openldap-release/tests/data/slapd2.conf	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/slapd2.conf	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # stand-alone slapd config -- for testing (with indexing)
-# $OpenLDAP: pkg/ldap/tests/data/slapd2.conf,v 1.11.2.4 2008/02/12 01:17:14 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/data/slapd2.conf,v 1.11.2.6 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -40,5 +40,7 @@
 #bdb#index		cn,sn,uid	pres,eq,sub
 #hdb#index		objectClass	eq
 #hdb#index		cn,sn,uid	pres,eq,sub
+#ndb#dbname db_2
+#ndb#include @DATADIR@/ndb.conf
 
 #monitor#database	monitor

Modified: openldap/vendor/openldap-release/tests/data/test-dn.ldif
===================================================================
--- openldap/vendor/openldap-release/tests/data/test-dn.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/test-dn.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -226,12 +226,12 @@
 uniqueMember: #'1'B
 uniqueMember: #'0010'B
 uniqueMember: dc=example,dc=com#'1000'B
-uniqueMember: dc=example,dc=com#'0'B
+uniqueMember: dc=example,dc=com#''B
 description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com // only DN portion
 description: #'1'B // empty "" DN
 description: #'0010'B // empty "" DN with leading '0's
 description: dc=example,dc=com#'1000'B // with DN portion
-description: dc=example,dc=com#'0'B // with DN portion and just one '0'
+description: dc=example,dc=com#''B // with DN portion + bitstring with no bits
 
 dn: cn=Should Fail 1,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
 objectClass: groupOfUniqueNames

Modified: openldap/vendor/openldap-release/tests/data/test-meta.ldif
===================================================================
--- openldap/vendor/openldap-release/tests/data/test-meta.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/test-meta.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,6 +1,7 @@
 dn: ou=Meta,dc=example,dc=com
 objectClass: organizationalUnit
 ou: Meta
+seeAlso: dc=OpenLDAP,dc=org
 
 dn: cn=John Belushi,ou=Meta,dc=example,dc=com
 objectClass: inetOrgPerson

Modified: openldap/vendor/openldap-release/tests/data/test-ordered-nocp.ldif
===================================================================
--- openldap/vendor/openldap-release/tests/data/test-ordered-nocp.ldif	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/test-ordered-nocp.ldif	2009-02-17 16:18:54 UTC (rev 1195)
@@ -390,3 +390,13 @@
 pager: +1 313 555 2844
 facsimiletelephonenumber: +1 313 555 9700
 telephonenumber: +1 313 555 5331
+
+dn: dc=testdomain1,dc=example,dc=com
+objectclass: domain
+dc: testdomain1
+description: Example, Inc. modify+modrdn test domain
+
+dn: dc=testdomain2,dc=example,dc=com
+objectclass: domain
+dc: testdomain2
+description: Example, Inc. modify then modrdn test domain 

Modified: openldap/vendor/openldap-release/tests/data/test.schema
===================================================================
--- openldap/vendor/openldap-release/tests/data/test.schema	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/data/test.schema	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 # OpenLDAP Test schema
-# $OpenLDAP: pkg/ldap/tests/data/test.schema,v 1.9.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/data/test.schema,v 1.9.2.5 2009/01/22 00:01:16 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/Makefile.in
===================================================================
--- openldap/vendor/openldap-release/tests/progs/Makefile.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/Makefile.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 ## Makefile.in for test programs
-# $OpenLDAP: pkg/ldap/tests/progs/Makefile.in,v 1.22.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/progs/Makefile.in,v 1.22.2.4 2009/01/22 00:01:17 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/progs/slapd-addel.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-addel.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-addel.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-addel.c,v 1.41.2.6 2008/04/14 21:43:13 quanah Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-addel.c,v 1.41.2.8 2009/01/22 00:01:17 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -427,7 +427,7 @@
 	}
 
 done:;
-	fprintf( stderr, " PID=%ld - Add/Delete done (%d).\n", (long) pid, rc );
+	fprintf( stderr, "  PID=%ld - Add/Delete done (%d).\n", (long) pid, rc );
 
 	ldap_unbind_ext( ld, NULL, NULL );
 }

Modified: openldap/vendor/openldap-release/tests/progs/slapd-bind.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-bind.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-bind.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.18.2.7 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-bind.c,v 1.18.2.10 2009/02/10 17:13:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -249,13 +249,17 @@
 	uri = tester_uri( uri, host, port );
 
 	for ( i = 0; i < outerloops; i++ ) {
+		int rc;
+
 		if ( base != NULL ) {
-			do_base( uri, dn, &pass, base, filter, pwattr, loops,
+			rc = do_base( uri, dn, &pass, base, filter, pwattr, loops,
 				force, chaserefs, noinit, delay, -1, NULL );
 		} else {
-			do_bind( uri, dn, &pass, loops,
+			rc = do_bind( uri, dn, &pass, loops,
 				force, chaserefs, noinit, NULL, -1, NULL );
 		}
+		if ( rc == LDAP_SERVER_DOWN )
+			break;
 	}
 
 	exit( EXIT_SUCCESS );
@@ -339,12 +343,12 @@
 
 		rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, pass, NULL, NULL, NULL );
 		if ( rc ) {
-			unsigned first = tester_ignore_err( rc );
+			int first = tester_ignore_err( rc );
 
 			/* if ignore.. */
 			if ( first ) {
 				/* only log if first occurrence */
-				if ( force < 2 || first == 1 ) {
+				if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) {
 					tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
 				}
 				rc = LDAP_SUCCESS;
@@ -394,7 +398,7 @@
 	}
 
 	if ( maxloop > 1 ) {
-		fprintf( stderr, " PID=%ld - Bind done (%d).\n", (long) pid, rc );
+		fprintf( stderr, "  PID=%ld - Bind done (%d).\n", (long) pid, rc );
 	}
 
 	if ( ldp && noinit ) {
@@ -570,7 +574,7 @@
 	end = GetTickCount();
 	end -= beg;
 
-	fprintf( stderr, " PID=%ld - Bind done %d in %d.%03d seconds.\n",
+	fprintf( stderr, "  PID=%ld - Bind done %d in %d.%03d seconds.\n",
 		(long) pid, i, end / 1000, end % 1000 );
 #else
 	gettimeofday( &end, NULL );
@@ -581,7 +585,7 @@
 	}
 	end.tv_sec -= beg.tv_sec;
 
-	fprintf( stderr, " PID=%ld - Bind done %d in %ld.%06ld seconds.\n",
+	fprintf( stderr, "  PID=%ld - Bind done %d in %ld.%06ld seconds.\n",
 		(long) pid, i, (long) end.tv_sec, (long) end.tv_usec );
 #endif
 

Modified: openldap/vendor/openldap-release/tests/progs/slapd-common.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-common.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-common.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-common.c,v 1.4.2.6 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-common.c,v 1.4.2.8 2009/02/10 17:13:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -40,8 +40,8 @@
 
 #define	TESTER_SERVER_LAST	(LDAP_OTHER + 1)
 #define TESTER_CLIENT_LAST	(- LDAP_REFERRAL_LIMIT_EXCEEDED + 1)
-static unsigned ignore_server[ TESTER_SERVER_LAST ];
-static unsigned ignore_client[ TESTER_CLIENT_LAST ];
+static int ignore_server[ TESTER_SERVER_LAST ];
+static int ignore_client[ TESTER_CLIENT_LAST ];
 
 static struct {
 	char	*name;
@@ -126,8 +126,7 @@
 static int
 tester_ignore_str2err( const char *err )
 {
-	int		i;
-	unsigned	ignore = 1;
+	int		i, ignore = 1;
 
 	if ( strcmp( err, "ALL" ) == 0 ) {
 		for ( i = 0; ignore_str2err[ i ].name != NULL; i++ ) {
@@ -147,6 +146,10 @@
 	if ( err[ 0 ] == '!' ) {
 		ignore = 0;
 		err++;
+
+	} else if ( err[ 0 ] == '*' ) {
+		ignore = -1;
+		err++;
 	}
 
 	for ( i = 0; ignore_str2err[ i ].name != NULL; i++ ) {
@@ -183,24 +186,30 @@
 	return 0;
 }
 
-unsigned
+int
 tester_ignore_err( int err )
 {
-	unsigned	rc = 1;
+	int rc = 1;
 
 	if ( err > 0 ) {
 		if ( err < TESTER_SERVER_LAST ) {
 			rc = ignore_server[ err ];
-			if ( rc ) {
+			if ( rc > 0 ) {
 				ignore_server[ err ]++;
+
+			} else if ( rc < 0 ) {
+				ignore_server[ err ]--;
 			}
 		}
 
 	} else if ( err < 0 ) {
 		if ( -err < TESTER_CLIENT_LAST ) {
 			rc = ignore_client[ -err ];
-			if ( rc ) {
+			if ( rc > 0 ) {
 				ignore_client[ -err ]++;
+
+			} else if ( rc < 0 ) {
+				ignore_server[ err ]--;
 			}
 		}
 	}

Modified: openldap/vendor/openldap-release/tests/progs/slapd-common.h
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-common.h	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-common.h	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-common.h,v 1.2.2.5 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-common.h,v 1.2.2.7 2009/02/10 17:13:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37,7 +37,7 @@
 extern void tester_perror( const char *fname, const char *msg );
 extern void tester_ldap_error( LDAP *ld, const char *fname, const char *msg );
 extern int tester_ignore_str2errlist( const char *err );
-extern unsigned tester_ignore_err( int err );
+extern int tester_ignore_err( int err );
 
 extern pid_t		pid;
 

Modified: openldap/vendor/openldap-release/tests/progs/slapd-modify.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-modify.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-modify.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modify.c,v 1.19.2.5 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modify.c,v 1.19.2.7 2009/01/22 00:01:17 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -310,7 +310,7 @@
 	}
 
 done:;
-	fprintf( stderr, " PID=%ld - Modify done (%d).\n", (long) pid, rc );
+	fprintf( stderr, "  PID=%ld - Modify done (%d).\n", (long) pid, rc );
 
 	ldap_unbind_ext( ld, NULL, NULL );
 }

Modified: openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-modrdn.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.22.2.5 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-modrdn.c,v 1.22.2.7 2009/01/22 00:01:17 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -298,7 +298,7 @@
 	}
 
 done:;
-	fprintf( stderr, " PID=%ld - Modrdn done (%d).\n", (long) pid, rc );
+	fprintf( stderr, "  PID=%ld - Modrdn done (%d).\n", (long) pid, rc );
 
 	ldap_unbind_ext( ld, NULL, NULL );
 }

Modified: openldap/vendor/openldap-release/tests/progs/slapd-read.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-read.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-read.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-read.c,v 1.37.2.6 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-read.c,v 1.37.2.9 2009/02/10 17:13:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -319,7 +319,7 @@
 		break;
 	}
 
-	fprintf( stderr, " PID=%ld - Search done (%d).\n", (long) pid, rc );
+	fprintf( stderr, "  PID=%ld - Search done (%d).\n", (long) pid, rc );
 
 	if ( ld != NULL ) {
 		ldap_unbind_ext( ld, NULL, NULL );
@@ -389,7 +389,7 @@
 		}
 
 		if ( rc ) {
-			unsigned	first = tester_ignore_err( rc );
+			int		first = tester_ignore_err( rc );
 			char		buf[ BUFSIZ ];
 
 			snprintf( buf, sizeof( buf ), "ldap_search_ext_s(%s)", entry );
@@ -397,7 +397,7 @@
 			/* if ignore.. */
 			if ( first ) {
 				/* only log if first occurrence */
-				if ( force < 2 || first == 1 ) {
+				if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) {
 					tester_ldap_error( ld, buf, NULL );
 				}
 				continue;
@@ -419,7 +419,7 @@
 		*ldp = ld;
 
 	} else {
-		fprintf( stderr, " PID=%ld - Read done (%d).\n", (long) pid, rc );
+		fprintf( stderr, "  PID=%ld - Read done (%d).\n", (long) pid, rc );
 
 		if ( ld != NULL ) {
 			ldap_unbind_ext( ld, NULL, NULL );

Modified: openldap/vendor/openldap-release/tests/progs/slapd-search.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-search.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-search.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.41.2.7 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-search.c,v 1.41.2.10 2009/02/10 17:13:05 quanah Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -363,7 +363,7 @@
 		break;
 	}
 
-	fprintf( stderr, " PID=%ld - Search done (%d).\n", (long) pid, rc );
+	fprintf( stderr, "  PID=%ld - Search done (%d).\n", (long) pid, rc );
 
 	if ( ld != NULL ) {
 		ldap_unbind_ext( ld, NULL, NULL );
@@ -443,11 +443,11 @@
 		}
 
 		if ( rc ) {
-			unsigned first = tester_ignore_err( rc );
+			int first = tester_ignore_err( rc );
 			/* if ignore.. */
 			if ( first ) {
 				/* only log if first occurrence */
-				if ( force < 2 || first == 1 ) {
+				if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) {
 					tester_ldap_error( ld, "ldap_search_ext_s", NULL );
 				}
 				continue;
@@ -472,7 +472,7 @@
 		*ldp = ld;
 
 	} else {
-		fprintf( stderr, " PID=%ld - Search done (%d).\n", (long) pid, rc );
+		fprintf( stderr, "  PID=%ld - Search done (%d).\n", (long) pid, rc );
 
 		if ( ld != NULL ) {
 			ldap_unbind_ext( ld, NULL, NULL );

Modified: openldap/vendor/openldap-release/tests/progs/slapd-tester.c
===================================================================
--- openldap/vendor/openldap-release/tests/progs/slapd-tester.c	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/progs/slapd-tester.c	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
-/* $OpenLDAP: pkg/ldap/tests/progs/slapd-tester.c,v 1.46.2.8 2008/02/11 23:26:50 kurt Exp $ */
+/* $OpenLDAP: pkg/ldap/tests/progs/slapd-tester.c,v 1.46.2.9 2009/01/22 00:01:18 kurt Exp $ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1999-2008 The OpenLDAP Foundation.
+ * Copyright 1999-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/run.in
===================================================================
--- openldap/vendor/openldap-release/tests/run.in	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/run.in	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #!/bin/sh
-# $OpenLDAP: pkg/ldap/tests/run.in,v 1.47.2.6 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/run.in,v 1.47.2.13 2009/01/30 18:48:14 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -13,7 +13,7 @@
 ## top-level directory of the distribution or, alternatively, at
 ## <http://www.OpenLDAP.org/license.html>.
 
-USAGE="$0 [-b <backend>] [-c] [-k] [-p] [-u] [-w] <script>"
+USAGE="$0 [-b <backend>] [-c] [-k] [-l #] [-p] [-s {ro|rp}] [-u] [-w] <script>"
 
 # configure generated
 SRCDIR="@srcdir@"
@@ -80,7 +80,10 @@
 WAIT=0
 KILLSERVERS=yes
 PRESERVE=${PRESERVE-no}
+SYNCMODE=${SYNCMODE-rp}
 USERDATA=no
+LOOP=1
+COUNTER=1
 
 while test $# -gt 0 ; do
 	case "$1" in
@@ -95,11 +98,33 @@
 		-k | -kill)
 			KILLSERVERS=no
 			shift ;;
+		-l | -loop)
+			NUM="`echo $2 | sed 's/[0-9]//g'`"
+			if [ -z "$NUM" ]; then
+				LOOP=$2
+			else
+				echo "Loop variable not an int: $2"
+				echo "$USAGE"; exit 1
+			fi
+			shift ;
+			shift ;;
 
 		-p | -preserve)
 			PRESERVE=yes
 			shift ;;
 
+		-s | -syncmode)
+			case "$2" in
+				ro | rp)
+					SYNCMODE="$2"
+					;;
+				*)
+					echo "unknown sync mode $2"
+					echo "$USAGE"; exit 1
+					;;
+			esac
+			shift; shift ;;
+
 		-u | -userdata)
 			USERDATA=yes
 			shift ;;
@@ -137,7 +162,7 @@
 if test "x$BACKENDTYPE" = "x" ; then
 	BACKENDTYPE="unknown"
 fi
-export BACKEND BACKENDTYPE WAIT KILLSERVERS PRESERVE USERDATA
+export BACKEND BACKENDTYPE WAIT KILLSERVERS PRESERVE SYNCMODE USERDATA
 
 if test $# = 0 ; then
 	echo "$USAGE"; exit 1
@@ -177,6 +202,16 @@
 		/bin/rm -rf ${TESTDIR}/db.*
 	fi
 fi
+if test $BACKEND = ndb ; then
+	mysql --user root <<EOF
+	drop database if exists db_1;
+	drop database if exists db_2;
+	drop database if exists db_3;
+	drop database if exists db_4;
+	drop database if exists db_5;
+	drop database if exists db_6;
+EOF
+fi
 mkdir -p ${TESTDIR}
 
 if test $USERDATA = yes ; then
@@ -191,14 +226,28 @@
 LDAPNOINIT=true; export LDAPNOINIT
 
 echo "Running ${SCRIPT}..."
-$SCRIPT $*
-RC=$?
+while [ $COUNTER -le $LOOP ]; do
+	if [ $LOOP -gt 1 ]; then
+		echo "Running $COUNTER of $LOOP iterations"
+	fi
+	$SCRIPT $*
+	RC=$?
 
-if test $CLEAN = yes ; then
-	echo "Cleaning up test run directory from this run."
-	/bin/rm -rf ${TESTDIR}
-	echo "Cleaning up symlinks."
-	/bin/rm -f ${DATADIR} ${SCHEMADIR}
-fi
+	if test $CLEAN = yes ; then
+		echo "Cleaning up test run directory from this run."
+		/bin/rm -rf ${TESTDIR}
+		echo "Cleaning up symlinks."
+		/bin/rm -f ${DATADIR} ${SCHEMADIR}
+	fi
 
+	if [ $RC -ne 0 ]; then
+		exit $RC
+	else
+		COUNTER=`expr $COUNTER + 1`
+		if [ $COUNTER -le $LOOP ]; then
+			echo "Cleaning up test run directory from this run."
+			/bin/rm -rf ${TESTDIR}
+		fi
+	fi
+done
 exit $RC

Modified: openldap/vendor/openldap-release/tests/scripts/acfilter.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/acfilter.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/acfilter.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/acfilter.sh,v 1.11.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/acfilter.sh,v 1.11.2.5 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -13,6 +13,10 @@
 ## top-level directory of the distribution or, alternatively, at
 ## <http://www.OpenLDAP.org/license.html>.
 #
-# Strip comments
+# Strip comments, sort attributes. Requires GNU awk
 #
+if [ "$BACKEND" != ndb ]; then
 grep -v '^#'
+else
+grep -v '^#'| awk 'BEGIN{FS="\n";RS=""} {j=0; for (i=1; i<=NF; i++){ if ($i ~ /^ /){ x[j] = x[j] "\n" $i; } else { j++; x[j] = $i } } print x[1]; delete x[1]; j=asort(x); for (i=1; i<=j; i++){ print x[i]; } delete x; print "" }'
+fi

Modified: openldap/vendor/openldap-release/tests/scripts/all
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/all	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/all	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.26.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/all,v 1.26.2.5 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -32,6 +32,16 @@
 	else
 		/bin/rm -rf $TESTDIR
 	fi
+	if test $BACKEND = ndb ; then
+		mysql --user root <<EOF
+		drop database if exists db_1;
+		drop database if exists db_2;
+		drop database if exists db_3;
+		drop database if exists db_4;
+		drop database if exists db_5;
+		drop database if exists db_6;
+EOF
+	fi
 
 	echo ">>>>> Starting ${TB}`basename $CMD`${TN} ..."
 	$CMD

Modified: openldap/vendor/openldap-release/tests/scripts/conf.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/conf.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/conf.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/conf.sh,v 1.49.2.8 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/conf.sh,v 1.49.2.9 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/defines.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/defines.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/defines.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.141.2.12 2008/04/14 21:51:34 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/defines.sh,v 1.141.2.15 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -131,6 +131,7 @@
 PASSWDCONF=$DATADIR/slapd-passwd.conf
 UNDOCONF=$DATADIR/slapd-config-undo.conf
 NAKEDCONF=$DATADIR/slapd-config-naked.conf
+VALREGEXCONF=$DATADIR/slapd-valregex.conf
 
 DYNAMICCONF=$DATADIR/slapd-dynamic.ldif
 
@@ -163,6 +164,8 @@
 LDIFFILTER=$SRCDIR/scripts/acfilter.sh
 CONFFILTER=$SRCDIR/scripts/conf.sh
 
+MONITORDATA=$SRCDIR/scripts/monitor_data.sh
+
 SLAPADD="$TESTWD/../servers/slapd/slapd -Ta -d 0 $LDAP_VERBOSE"
 SLAPCAT="$TESTWD/../servers/slapd/slapd -Tc -d 0 $LDAP_VERBOSE"
 SLAPINDEX="$TESTWD/../servers/slapd/slapd -Ti -d 0 $LDAP_VERBOSE"

Modified: openldap/vendor/openldap-release/tests/scripts/its-all
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/its-all	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/its-all	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/its-all,v 1.4.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/its-all,v 1.4.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Added: openldap/vendor/openldap-release/tests/scripts/monitor_data.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/monitor_data.sh	                        (rev 0)
+++ openldap/vendor/openldap-release/tests/scripts/monitor_data.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,48 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/monitor_data.sh,v 1.2.2.2 2009/01/22 00:01:18 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+MONITORDB="$1"
+SRCDIR="$2"
+DSTDIR="$3"
+
+echo "MONITORDB $MONITORDB"
+echo "SRCDIR $SRCDIR"
+echo "DSTDIR $DSTDIR"
+echo "pwd `pwd`"
+
+# copy test data
+cp "$SRCDIR"/do_* "$DSTDIR"
+if test $MONITORDB != no ; then
+
+	# add back-monitor testing data
+	cat >> "$DSTDIR/do_search.0" << EOF
+cn=Monitor
+(objectClass=*)
+cn=Monitor
+(objectClass=*)
+cn=Monitor
+(objectClass=*)
+cn=Monitor
+(objectClass=*)
+EOF
+
+	cat >> "$DSTDIR/do_read.0" << EOF
+cn=Backend 1,cn=Backends,cn=Monitor
+cn=Entries,cn=Statistics,cn=Monitor
+cn=Database 1,cn=Databases,cn=Monitor
+EOF
+
+fi
+


Property changes on: openldap/vendor/openldap-release/tests/scripts/monitor_data.sh
___________________________________________________________________
Name: svn:executable
   + *

Modified: openldap/vendor/openldap-release/tests/scripts/passwd-search
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/passwd-search	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/passwd-search	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/passwd-search,v 1.12.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/passwd-search,v 1.12.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/relay
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/relay	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/relay	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/relay,v 1.13.2.5 2008/02/11 23:52:49 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/relay,v 1.13.2.6 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-all
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-all	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/sql-all	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-all,v 1.5.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-all,v 1.5.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test000-read
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test000-read	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test000-read	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test000-read,v 1.11.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test000-read,v 1.11.2.5 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test001-concurrency	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test001-concurrency,v 1.4.2.4 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test001-concurrency,v 1.4.2.6 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -26,8 +26,8 @@
 	exit 0
 fi
 
-if test "x$LOOPS" = "x" ; then
-	LOOPS=5
+if test "x$TESTLOOPS" = "x" ; then
+	TESTLOOPS=5
 fi
 
 if test "x$CHILDREN" = "x" ; then
@@ -102,7 +102,7 @@
 echo "Using tester for concurrent server access..."
 $SLAPDTESTER -P "$PROGDIR" -d "$SQLDATADIR" \
 	-h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \
-	-l $LOOPS $CHILDREN -FF
+	-l $TESTLOOPS $CHILDREN -FF
 RC=$?
 
 if test $RC != 0 ; then

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test900-write
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test900-write	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test900-write	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test900-write,v 1.12.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test900-write,v 1.12.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/sql-test901-syncrepl	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/sql-test901-syncrepl,v 1.4.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/sql-test901-syncrepl,v 1.4.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/start-server	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server,v 1.5.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server,v 1.5.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server-nolog
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server-nolog	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/start-server-nolog	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server-nolog,v 1.5.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server-nolog,v 1.5.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server2
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server2	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/start-server2	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server2,v 1.5.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server2,v 1.5.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/start-server2-nolog
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/start-server2-nolog	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/start-server2-nolog	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/start-server2-nolog,v 1.5.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/start-server2-nolog,v 1.5.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/startup_nis_ldap_server.sh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/startup_nis_ldap_server.sh,v 1.14.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/startup_nis_ldap_server.sh,v 1.14.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test000-rootdse
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test000-rootdse	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test000-rootdse	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test000-rootdse,v 1.29.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test000-rootdse,v 1.29.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test001-slapadd
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test001-slapadd	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test001-slapadd	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test001-slapadd,v 1.44.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test001-slapadd,v 1.44.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test002-populate
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test002-populate	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test002-populate	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test002-populate,v 1.41.2.3 2008/02/11 23:26:50 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test002-populate,v 1.41.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test003-search
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test003-search	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test003-search	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test003-search,v 1.61.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test003-search,v 1.61.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test004-modify
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test004-modify	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test004-modify	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test004-modify,v 1.60.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test004-modify,v 1.60.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test005-modrdn
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test005-modrdn	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test005-modrdn	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test005-modrdn,v 1.49.2.6 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test005-modrdn,v 1.49.2.7 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test006-acls
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test006-acls	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test006-acls	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test006-acls,v 1.59.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test006-acls,v 1.59.2.7 2009/01/30 19:02:54 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -284,7 +284,7 @@
 # fail when we add some DN other than our own, and should succeed when
 # we add our own DN.
 # bjensen
-$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj > \
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
 	$TESTOUT 2>&1 << EOMODS1
 version: 1
 dn: cn=ITD Staff, ou=Groups, dc=example, dc=com

Modified: openldap/vendor/openldap-release/tests/scripts/test008-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test008-concurrency	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test008-concurrency	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test008-concurrency,v 1.40.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test008-concurrency,v 1.40.2.6 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -16,6 +16,10 @@
 echo "running defines.sh"
 . $SRCDIR/scripts/defines.sh
 
+if test x$TESTLOOPS = x ; then
+	TESTLOOPS=50
+fi
+
 mkdir -p $TESTDIR $DBDIR1
 
 echo "Running slapadd to build slapd database..."
@@ -50,9 +54,13 @@
 	sleep 5
 done
 
+# fix test data to include back-monitor, if available
+# NOTE: copies do_* files from $DATADIR to $TESTDIR
+$MONITORDATA "$MONITORDB" "$DATADIR" "$TESTDIR"
+
 echo "Using tester for concurrent server access..."
-time $SLAPDTESTER -P "$PROGDIR" -d "$DATADIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l 50
-#$SLAPDTESTER -P "$PROGDIR" -d "$DATADIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l 50
+time $SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l $TESTLOOPS
+#$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD -l $TESTLOOPS
 RC=$?
 
 if test $RC != 0 ; then

Modified: openldap/vendor/openldap-release/tests/scripts/test009-referral
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test009-referral	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test009-referral	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test009-referral,v 1.38.2.4 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test009-referral,v 1.38.2.5 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test010-passwd
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test010-passwd	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test010-passwd	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test010-passwd,v 1.26.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test010-passwd,v 1.26.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test011-glue-slapadd	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test011-glue-slapadd,v 1.11.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test011-glue-slapadd,v 1.11.2.4 2009/01/22 00:01:18 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test012-glue-populate
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test012-glue-populate	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test012-glue-populate	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test012-glue-populate,v 1.9.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test012-glue-populate,v 1.9.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test013-language
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test013-language	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test013-language	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test013-language,v 1.16.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test013-language,v 1.16.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test014-whoami
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test014-whoami	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test014-whoami	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.23.2.4 2008/02/11 23:44:27 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.23.2.5 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test015-xsearch
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test015-xsearch	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test015-xsearch	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test015-xsearch,v 1.23.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test015-xsearch,v 1.23.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test016-subref
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test016-subref	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test016-subref	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test016-subref,v 1.12.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test016-subref,v 1.12.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test017-syncreplication-refresh	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.33.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test017-syncreplication-refresh,v 1.33.2.6 2009/01/28 19:22:51 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -193,6 +193,16 @@
 dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
 changetype: delete
 
+dn: dc=testdomain1,dc=example,dc=com
+changetype: modrdn
+newrdn: dc=itsdomain1
+deleteoldrdn: 1
+
+dn: dc=itsdomain1,dc=example,dc=com
+changetype: modify
+replace: description
+description: Example, Inc. ITS test domain
+
 EOMODS
 
 RC=$?
@@ -205,6 +215,46 @@
 echo "Waiting 15 seconds for syncrepl to receive changes..."
 sleep 15
 
+echo "Performing modrdn alone on the producer..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+	$TESTOUT 2>&1 << EOMODS
+dn: dc=testdomain2,dc=example,dc=com
+changetype: modrdn
+newrdn: dc=itsdomain2
+deleteoldrdn: 1
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Performing modify alone on the producer..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+	$TESTOUT 2>&1 << EOMODS
+dn: dc=itsdomain2,dc=example,dc=com
+changetype: modify
+replace: description
+description: Example, Inc. itsdomain2 test domain
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
 echo "Try updating the consumer slapd..."
 $LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT2 -w $PASSWD > \
 	$TESTOUT 2>&1 << EOMODS

Modified: openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test018-syncreplication-persist	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.38.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test018-syncreplication-persist,v 1.38.2.8 2009/01/28 19:22:51 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -148,6 +148,9 @@
 	sleep 5
 done
 
+echo "Waiting 15 seconds for consumer to reconnect..."
+sleep 15
+
 if test $RC != 0 ; then
 	echo "ldapsearch failed ($RC)!"
 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
@@ -231,6 +234,21 @@
 dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
 changetype: delete
 
+dn: dc=testdomain1,dc=example,dc=com
+changetype: modrdn
+newrdn: dc=itsdomain1
+deleteoldrdn: 1
+
+dn: dc=itsdomain1,dc=example,dc=com
+changetype: modify
+replace: description
+description: Example, Inc. ITS test domain
+
+dn: dc=testdomain2,dc=example,dc=com
+changetype: modrdn
+newrdn: dc=itsdomain2
+deleteoldrdn: 1
+
 EOMODS
 
 RC=$?
@@ -276,8 +294,20 @@
 uid: rosco
 cn: Rosco P. Coltrane
 
+dn: dc=itsdomain2,dc=example,dc=com
+changetype: modify
+replace: description
+description: Example, Inc. itsdomain2 test domain
+
 EOMODS
 
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
 echo "Restarting consumer..."
 echo "RESTART" >> $LOG4
 $SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING >> $LOG4 2>&1 &

Modified: openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test019-syncreplication-cascade	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.19.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test019-syncreplication-cascade,v 1.19.2.7 2009/01/27 23:53:16 hyc Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -317,6 +317,21 @@
 dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
 changetype: delete
 
+dn: dc=testdomain1,dc=example,dc=com
+changetype: modrdn
+newrdn: dc=itsdomain1
+deleteoldrdn: 1
+
+dn: dc=itsdomain1,dc=example,dc=com
+changetype: modify
+replace: description
+description: Example, Inc. ITS test domain
+
+dn: dc=testdomain2,dc=example,dc=com
+changetype: modrdn
+newrdn: dc=itsdomain2
+deleteoldrdn: 1
+
 EOMODS
 
 RC=$?
@@ -329,9 +344,29 @@
 echo "Waiting 25 seconds for syncrepl to receive changes..."
 sleep 25
 
+echo "Performing modify alone on provider..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+        $TESTOUT 2>&1 << EOMODS
+dn: dc=itsdomain2,dc=example,dc=com
+changetype: modify
+replace: description
+description: Example, Inc. itsdomain2 test domain
+
+EOMODS
+
+RC=$?   
+if test $RC != 0 ; then
+        echo "ldapmodify failed ($RC)!"
+        test $KILLSERVERS != no && kill -HUP $KILLPIDS
+        exit $RC
+fi      
+
+echo "Waiting 25 seconds for syncrepl to receive changes..."
+sleep 25
+
 echo "Using ldapsearch to read all the entries from the master..."
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
-	'objectclass=*' > $MASTEROUT 2>&1
+	'(objectClass=*)' '*' entryCSN > $MASTEROUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
@@ -342,7 +377,7 @@
 
 echo "Using ldapsearch to read all the entries from the R1 slave..."
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \
-	'objectclass=*' > $SERVER2OUT 2>&1
+	'(objectClass=*)' '*' entryCSN > $SERVER2OUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
@@ -353,7 +388,7 @@
 
 echo "Using ldapsearch to read all the entries from the R2 slave..."
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT3 \
-	'objectclass=*' > $SERVER3OUT 2>&1
+	'(objectClass=*)' '*' entryCSN > $SERVER3OUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
@@ -364,7 +399,7 @@
 
 echo "Using ldapsearch to read all the entries from the P1 slave..."
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \
-	'objectclass=*' > $SERVER4OUT 2>&1
+	'(objectClass=*)' '*' entryCSN > $SERVER4OUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
@@ -375,7 +410,7 @@
 
 echo "Using ldapsearch to read all the entries from the P2 slave..."
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT5 \
-	'objectclass=*' > $SERVER5OUT 2>&1
+	'(objectClass=*)' '*' entryCSN > $SERVER5OUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
@@ -386,7 +421,7 @@
 
 echo "Using ldapsearch to read all the entries from the P3 slave..."
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT6 \
-	'objectclass=*' > $SERVER6OUT 2>&1
+	'(objectClass=*)' '*' entryCSN > $SERVER6OUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then

Modified: openldap/vendor/openldap-release/tests/scripts/test020-proxycache
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test020-proxycache	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test020-proxycache	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test020-proxycache,v 1.26.2.9 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test020-proxycache,v 1.26.2.10 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test021-certificate
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test021-certificate	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test021-certificate	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test021-certificate,v 1.19.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test021-certificate,v 1.19.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test022-ppolicy
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test022-ppolicy	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test022-ppolicy	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.17.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test022-ppolicy,v 1.17.2.7 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -142,7 +142,7 @@
 dn: uid=nd, ou=People, dc=example, dc=com
 changetype: modify
 delete: userpassword
-userpassword: testpassword
+userpassword: $PASS
 -
 replace: userpassword
 userpassword: 20urgle12-1
@@ -220,7 +220,7 @@
 dn: uid=nd, ou=People, dc=example, dc=com
 changetype: modify
 replace: userPassword
-userPassword: testpassword
+userPassword: $PASS
 -
 replace: pwdReset
 pwdReset: TRUE
@@ -288,8 +288,11 @@
 
 sleep 2
 
+OLDPASS=$PASS
+PASS=successexpect
+
 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
-	-w $PASS -s failexpect -a $PASS \
+	-w $OLDPASS -s $PASS -a $OLDPASS \
 	-D "$USER" >> $TESTOUT 2>&1
 RC=$?
 if test $RC != 0 ; then
@@ -299,10 +302,10 @@
 fi
 
 echo "Testing length requirement..."
-
+# check control in response (ITS#5711)
 $LDAPPASSWD -h $LOCALHOST -p $PORT1 \
-	-w failexpect -a failexpect -s spw \
-	-D "$USER" > ${TESTOUT}.2 2>&1
+	-w $PASS -a $PASS -s 2shr \
+	-D "$USER" -e ppolicy > ${TESTOUT}.2 2>&1
 RC=$?
 cat ${TESTOUT}.2 >> $TESTOUT
 if test $RC = 0 ; then
@@ -316,15 +319,21 @@
 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
 	exit 1
 fi
+COUNT=`grep "Password is too short for policy" ${TESTOUT}.2 | wc -l`
+if test $COUNT != 1 ; then
+	echo "Control not returned in response"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
 
 echo "Testing hashed length requirement..."
 
-$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w failexpect > \
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 -D "$USER" -w $PASS > \
 	${TESTOUT}.2 2>&1 << EOMODS
 dn: $USER
 changetype: modify
 delete: userPassword
-userPassword: failexpect
+userPassword: $PASS
 -
 add: userPassword
 userPassword: {MD5}xxxxxx

Modified: openldap/vendor/openldap-release/tests/scripts/test023-refint
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test023-refint	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test023-refint	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test023-refint,v 1.10.2.5 2008/04/14 19:58:09 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test023-refint,v 1.10.2.6 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test024-unique
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test024-unique	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test024-unique	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test024-unique,v 1.8.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test024-unique,v 1.8.2.6 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test025-limits
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test025-limits	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test025-limits	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test025-limits,v 1.19.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test025-limits,v 1.19.2.6 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test026-dn
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test026-dn	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test026-dn	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,8 @@
 #! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test026-dn,v 1.13.2.6 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -117,6 +118,19 @@
 	exit $RC
 fi
 
+DN="dc=example,dc=com#'1000'B"
+echo "Searching database for nameAndOptionalUID=\"$DN\"..."
+echo "# Searching database for nameAndOptionalUID=\"$DN\"..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+	"(uniqueMember=$DN)" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
 DN="dc=example,dc=com"
 echo "Searching database for uniqueMember~=\"$DN\" (approx)..."
 echo "# Searching database for uniqueMember~=\"$DN\" (approx)..." >> $SEARCHOUT
@@ -130,7 +144,7 @@
 	exit $RC
 fi
 
-DN="dc=example,dc=com#'001000'B"
+DN="dc=example,dc=com#'1000'B"
 echo "Searching database for uniqueMember~=\"$DN\" (approx)..."
 echo "# Searching database for uniqueMember~=\"$DN\" (approx)..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \

Modified: openldap/vendor/openldap-release/tests/scripts/test027-emptydn
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test027-emptydn	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test027-emptydn	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test028-idassert
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test028-idassert	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test028-idassert	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test028-idassert,v 1.12.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test028-idassert,v 1.12.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test029-ldapglue
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test029-ldapglue	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test029-ldapglue	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test029-ldapglue,v 1.8.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test029-ldapglue,v 1.8.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test030-relay
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test030-relay	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test030-relay	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test030-relay,v 1.21.2.4 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test030-relay,v 1.21.2.5 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test031-component-filter
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test031-component-filter	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test031-component-filter	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.17.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.17.2.4 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test032-chain
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test032-chain	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test032-chain	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test032-chain,v 1.11.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test032-chain,v 1.11.2.5 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -128,7 +128,7 @@
 		exit 1
 	fi
 
-	echo "Reading the referral entry "ou=Other,$BASEDN" as anonymous on port $P..."
+	echo "Reading the referral entry \"ou=Other,$BASEDN\" as anonymous on port $P..."
 	$LDAPSEARCH -h $LOCALHOST -p $P -b "ou=Other,$BASEDN" -S "" \
 		 > $SEARCHOUT 2>&1
 
@@ -304,6 +304,31 @@
 	exit $RC
 fi
 
+# ITS#57??
+$LDAPADD -h $LOCALHOST -p $PORT1 \
+	-D "$MANAGERDN" -w secret \
+	>> $TESTOUT 2>&1 \
+	<< EOMODS
+dn: ou=Can't Contact,dc=example,dc=com
+changetype: add
+objectclass: referral
+objectclass: extensibleobject
+ou: Can't Contact
+# invalid URI to test broken connectivity handling (search only)
+ref: ${URI3}ou=Can't%20Contact,dc=example,dc=com
+EOMODS
+
+echo "Reading the referral entry \"ou=Can't Contact,$BASEDN\" as anonymous on port $PORT1..."
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASEDN" -S "" "(cn=Can't Contact)" \
+	 > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 echo ">>>>> Test succeeded"

Modified: openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test033-glue-syncrepl	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,8 @@
 #! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test033-glue-syncrepl,v 1.17.2.5 2009/01/22 00:01:19 kurt Exp $ */
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -12,10 +13,10 @@
 ## top-level directory of the distribution or, alternatively, at
 ## <http://www.OpenLDAP.org/license.html>.
 
-if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
-	echo "Test does not support $BACKEND"
+case $BACKEND in bdb | hdb | ldif) : ;; *)
+	echo "Test does not support $BACKEND backend, test skipped"
 	exit 0
-fi
+esac
 
 echo "running defines.sh"
 . $SRCDIR/scripts/defines.sh
@@ -36,7 +37,7 @@
 	exit $RC
 fi
 
-rm -f $DBDIR1A/* $DBDIR1B/*
+rm -rf $DBDIR1A/* $DBDIR1B/*
 cp -pr $DBDIR1C $DBDIR2C
 
 echo "Starting slapd 1 on TCP/IP port $PORT1..."

Modified: openldap/vendor/openldap-release/tests/scripts/test034-translucent
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test034-translucent	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test034-translucent	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test034-translucent,v 1.8.2.6 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test034-translucent,v 1.8.2.7 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test035-meta
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test035-meta	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test035-meta	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test035-meta,v 1.14.2.5 2008/07/09 23:51:35 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test035-meta,v 1.14.2.6 2009/01/22 00:01:19 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test036-meta-concurrency	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test036-meta-concurrency,v 1.17.2.6 2008/07/09 23:51:35 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test036-meta-concurrency,v 1.17.2.9 2009/02/10 17:13:05 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -189,10 +189,14 @@
 	echo "" >> $f
 done
 
+# fix test data to include back-monitor, if available
+# NOTE: copies do_* files from $TESTDIR/$DATADIR to $TESTDIR
+$MONITORDATA "$MONITORDB" "$TESTDIR/$DATADIR" "$TESTDIR"
+
 echo "Using tester for concurrent server access..."
-$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR/$DATADIR" -h $LOCALHOST -p $PORT3 \
-	-D "cn=Manager,$METABASEDN" -w $PASSWD -l $TESTLOOPS -r 20 -FF \
-	-i '!REFERRAL'
+$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT3 \
+	-D "cn=Manager,$METABASEDN" -w $PASSWD -l $TESTLOOPS -r 20 \
+	-i '!REFERRAL' -i '*INVALID_CREDENTIALS'
 RC=$?
 
 if test $RC != 0 ; then

Modified: openldap/vendor/openldap-release/tests/scripts/test037-manage
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test037-manage	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test037-manage	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test037-manage,v 1.12.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test037-manage,v 1.12.2.7 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -17,7 +17,7 @@
 . $SRCDIR/scripts/defines.sh
 
 if test $BACKEND = "ldif" ; then 
-	echo "LDIF backend does not support manageDIT control, test skipped"
+	echo "LDIF backend does not support relax control, test skipped"
 	exit 0
 fi 
 

Modified: openldap/vendor/openldap-release/tests/scripts/test038-retcode
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test038-retcode	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test038-retcode	2009-02-17 16:18:54 UTC (rev 1195)
@@ -2,7 +2,7 @@
 # $Header$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test039-glue-ldap-concurrency	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test039-glue-ldap-concurrency,v 1.10.2.4 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test039-glue-ldap-concurrency,v 1.10.2.7 2009/02/10 17:13:05 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -177,11 +177,15 @@
 	echo "" >> $f
 done
 
+# fix test data to include back-monitor, if available
+# NOTE: copies do_* files from $TESTDIR/$DATADIR to $TESTDIR
+$MONITORDATA "$MONITORDB" "$TESTDIR/$DATADIR" "$TESTDIR"
+
 echo "Using tester for concurrent server access..."
-$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR/$DATADIR" -h $LOCALHOST -p $PORT3 \
+$SLAPDTESTER -P "$PROGDIR" -d "$TESTDIR" -h $LOCALHOST -p $PORT3 \
 	-D "cn=Manager,$METABASEDN" -w $PASSWD \
-	-l $TESTLOOPS -L $TESTOLOOPS -r 20 -FF \
-	-i '!REFERRAL'
+	-l $TESTLOOPS -L $TESTOLOOPS -r 20 \
+	-i '!REFERRAL' -i '*INVALID_CREDENTIALS'
 RC=$?
 
 if test $RC != 0 ; then

Modified: openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test040-subtree-rename	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test040-subtree-rename,v 1.4.2.3 2008/02/11 23:26:51 kurt Exp $ */
+# $OpenLDAP: pkg/ldap/tests/scripts/test040-subtree-rename,v 1.4.2.5 2009/01/22 00:01:20 kurt Exp $ */
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -17,7 +17,7 @@
 . $SRCDIR/scripts/defines.sh
 
 case $BACKEND in
-hdb)
+hdb | ldif)
 	;;
 *)
 	echo "subtree rename not supported by back-$BACKEND"

Modified: openldap/vendor/openldap-release/tests/scripts/test041-aci
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test041-aci	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test041-aci	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test041-aci,v 1.9.2.4 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test041-aci,v 1.9.2.5 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test042-valsort
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test042-valsort	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test042-valsort	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test042-valsort,v 1.4.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test042-valsort,v 1.4.2.6 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2004-2008 The OpenLDAP Foundation.
+## Copyright 2004-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test043-delta-syncrepl	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.4.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test043-delta-syncrepl,v 1.4.2.4 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test044-dynlist
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test044-dynlist	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test044-dynlist	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,7 +1,7 @@
 #! /bin/sh
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -254,7 +254,118 @@
 olcDLattrSet: {0}
 -
 add: olcDLattrSet
+olcDLattrSet: groupOfURLs memberURL sn:cn mail
+-
+EOMODS
+
+echo "==========================================================" >> $LOG1
+
+echo "Testing attribute mapping"
+
+echo "Testing list search of all (mapped) attrs..."
+echo "# Testing list search of all (mapped) attrs..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+	'(cn=Dynamic List)' '*' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing list search of a (mapped) listed attr..."
+echo "# Testing list search of a (mapped) listed attr..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+	'(cn=Dynamic List)' sn \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing list search of a (n unmapped) listed attr..."
+echo "# Testing list search of a (n unmapped) listed attr..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$LISTDN" -h $LOCALHOST -p $PORT1 \
+	'(cn=Dynamic List)' mail \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing list compare (mapped attrs) ..."
+echo "# Testing list compare (mapped attrs) ..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+	"cn=Dynamic List,$LISTDN" "sn:Bjorn Jensen" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+	echo "ldapcompare returned FALSE ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+6)
+	echo "ldapcompare returned TRUE ($RC)"
+	;;
+0)
+	echo "ldapcompare returned success ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
+	;;
+*)
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Testing list compare (mapped attrs; should return FALSE)..."
+echo "# Testing list compare (mapped attrs; should return FALSE)..." >> $SEARCHOUT
+$LDAPCOMPARE -h $LOCALHOST -p $PORT1 \
+	"cn=Dynamic List,$LISTDN" "sn:FALSE" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+5)
+	echo "ldapcompare returned FALSE ($RC)"
+	;;
+6)
+	echo "ldapcompare returned TRUE ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+0)
+	echo "ldapcompare returned success ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
+	;;
+*)
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+echo "" >> $SEARCHOUT
+
+echo "Reconfiguring slapd..."
+$LDAPMODIFY -x -D cn=config -h $LOCALHOST -p $PORT1 -y $CONFIGPWF > \
+	$TESTOUT 2>&1 << EOMODS
+version: 1
+dn: olcOverlay={0}dynlist,olcDatabase={2}$BACKEND,cn=config
+changetype: modify
+delete: olcDLattrSet
+olcDLattrSet: {0}
+-
+add: olcDLattrSet
 olcDLattrSet: groupOfURLs memberURL member
+-
 EOMODS
 
 echo "==========================================================" >> $LOG1

Modified: openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test045-syncreplication-proxied	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test045-syncreplication-proxied,v 1.14.2.6 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test045-syncreplication-proxied,v 1.14.2.7 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test046-dds
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test046-dds	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test046-dds	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test046-dds,v 1.4.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test046-dds,v 1.4.2.5 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 2005-2008 The OpenLDAP Foundation.
+## Copyright 2005-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -16,6 +16,11 @@
 echo "running defines.sh"
 . $SRCDIR/scripts/defines.sh
 
+if test $BACKEND = "ldif" ; then
+        echo "LDIF backend does not support acls, test skipped"
+        exit 0
+fi
+
 if test $DDS = ddsno; then 
 	echo "Dynamic Directory Services overlay not available, test skipped"
 	exit 0

Modified: openldap/vendor/openldap-release/tests/scripts/test047-ldap
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test047-ldap	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test047-ldap	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test047-ldap,v 1.1.2.5 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test047-ldap,v 1.1.2.6 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test048-syncrepl-multiproxy	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test048-syncrepl-multiproxy,v 1.1.2.7 2008/07/08 19:04:25 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test048-syncrepl-multiproxy,v 1.1.2.9 2009/01/30 19:02:54 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -119,7 +119,7 @@
 fi
 
 echo "Starting R1 slave slapd on TCP/IP port $PORT3..."
-. $CONFFILTER $BACKEND $MONITORDB < $RSLAVECONF | sed -e 's;\.2\.;.3.;' > $CONF3
+. $CONFFILTER $BACKEND $MONITORDB < $RSLAVECONF | sed -e 's;\.2\.\([^/]*\)$;.3.\1;' > $CONF3
 $SLAPD -f $CONF3 -h $URI3 -d $LVL $TIMING > $LOG3 2>&1 &
 R1SLAVEPID=$!
 if test $WAIT != 0 ; then

Modified: openldap/vendor/openldap-release/tests/scripts/test049-sync-config
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test049-sync-config	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test049-sync-config	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test049-sync-config,v 1.4.2.4 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test049-sync-config,v 1.4.2.9 2009/02/10 12:29:01 hyc Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -22,7 +22,7 @@
 fi 
 
 PRODIR=$TESTDIR/pro
-CONDIR=$TESTDIR/con
+CONDIR=$TESTDIR/con1
 DBPRO=$PRODIR/db
 DBCON=$CONDIR/db
 CFPRO=$PRODIR/slapd.d
@@ -32,6 +32,22 @@
 
 $SLAPPASSWD -g -n >$CONFIGPWF
 
+if test x"$SYNCMODE" = x ; then
+	SYNCMODE=rp
+fi
+case "$SYNCMODE" in
+	ro)
+		SYNCTYPE="type=refreshOnly interval=00:00:00:10"
+		;;
+	rp)
+		SYNCTYPE="type=refreshAndPersist"
+		;;
+	*)
+		echo "unknown sync mode $SYNCMODE"
+		exit 1;
+		;;
+esac
+
 #
 # Test replication of dynamic config:
 # - start producer
@@ -97,8 +113,8 @@
 changetype: modify
 add: olcSyncRepl
 olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
-  credentials=$CONFIGPW searchbase="cn=config" type=refreshOnly
-  interval=00:00:00:10
+  credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+  retry="5 5 300 5" timeout=3
 -
 add: olcUpdateRef
 olcUpdateRef: $URI1
@@ -154,8 +170,8 @@
 changetype: modify
 add: olcSyncRepl
 olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
-  credentials=$CONFIGPW searchbase="cn=config" type=refreshOnly
-  interval=00:00:00:10
+  credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+  retry="5 5 300 5" timeout=3
 -
 add: olcUpdateRef
 olcUpdateRef: $URI1
@@ -230,8 +246,8 @@
 olcRootDN: $MANAGERDN
 olcRootPW: $PASSWD
 olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
-  credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
-  interval=00:00:00:10
+  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
+  retry="5 5 300 5" timeout=3
 olcUpdateRef: $URI1
 
 dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
@@ -247,6 +263,24 @@
 	exit $RC
 fi
 
+case $BACKEND in
+bdb | hdb)
+	$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcDbIndex
+olcDbIndex: objectClass,entryUUID,entryCSN eq
+olcDbIndex: cn,uid pres,eq,sub
+EOF
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapadd modify for database config ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+	;;
+esac
+
 echo "Using ldapadd to populate producer..."
 $LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
 	>> $TESTOUT 2>&1
@@ -281,6 +315,18 @@
 	exit $RC
 fi
 
+echo "Replacing olcSyncrepl on producer..."
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >> $TESTOUT 2>&1
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+replace: olcSyncRepl
+olcSyncRepl: rid=002 provider=$URI1 binddn="cn=config" bindmethod=simple
+  credentials=$CONFIGPW searchbase="cn=config" type=refreshAndPersist
+  retry="3 5 300 5" timeout=3
+EOF
+echo "Waiting 10 seconds for syncrepl to receive changes..."
+sleep 10
+
 echo "Using ldapsearch to read config from the producer..."
 $LDAPSEARCH -b cn=config -D cn=config -H $URI1 -y $CONFIGPWF  \
 	'objectclass=*' > $MASTEROUT 2>&1

Modified: openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test050-syncrepl-multimaster	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test050-syncrepl-multimaster,v 1.3.2.8 2008/05/05 21:42:54 quanah Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test050-syncrepl-multimaster,v 1.3.2.13 2009/02/02 22:42:42 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -22,7 +22,7 @@
 fi 
 
 PRODIR=$TESTDIR/pro
-CONDIR=$TESTDIR/con
+CONDIR=$TESTDIR/con1
 CONDIR2=$TESTDIR/con2
 DBPRO=$PRODIR/db
 DBCON=$CONDIR/db
@@ -35,10 +35,26 @@
 
 $SLAPPASSWD -g -n >$CONFIGPWF
 
+if test x"$SYNCMODE" = x ; then
+	SYNCMODE=rp
+fi
+case "$SYNCMODE" in
+	ro)
+		SYNCTYPE="type=refreshOnly interval=00:00:00:10"
+		;;
+	rp)
+		SYNCTYPE="type=refreshAndPersist"
+		;;
+	*)
+		echo "unknown sync mode $SYNCMODE"
+		exit 1;
+		;;
+esac
+
 #
 # Test replication of dynamic config:
 # - start producer
-# - start consumer
+# - start consumer1
 # - start consumer2
 # - configure over ldap
 # - populate over ldap
@@ -175,7 +191,7 @@
 	exit $RC
 fi
 
-echo "Starting consumer slapd on TCP/IP port $PORT2..."
+echo "Starting consumer1 slapd on TCP/IP port $PORT2..."
 cd $CONDIR
 $SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING > $LOG2 2>&1 &
 SLAVEPID=$!
@@ -188,7 +204,7 @@
 
 sleep 1
 
-echo "Using ldapsearch to check that consumer slapd is running..."
+echo "Using ldapsearch to check that consumer1 slapd is running..."
 for i in 0 1 2 3 4 5; do
 	$LDAPSEARCH -s base -b "" -H $URI2 \
 		'objectclass=*' > /dev/null 2>&1
@@ -206,7 +222,7 @@
 	exit $RC
 fi
 
-echo "Configuring syncrepl on consumer..."
+echo "Configuring syncrepl on consumer1..."
 $LDAPMODIFY -D cn=config -H $URI2 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
 dn: olcDatabase={0}config,cn=config
 changetype: modify
@@ -320,14 +336,14 @@
 olcRootDN: $MANAGERDN
 olcRootPW: $PASSWD
 olcSyncRepl: rid=004 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
-  credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
-  interval=00:00:00:10 retry="5 5 300 5" timeout=3
+  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
+  retry="5 5 300 5" timeout=3
 olcSyncRepl: rid=005 provider=$URI2 binddn="$MANAGERDN" bindmethod=simple
-  credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
-  interval=00:00:00:10 retry="5 5 300 5" timeout=3
+  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
+  retry="5 5 300 5" timeout=3
 olcSyncRepl: rid=006 provider=$URI3 binddn="$MANAGERDN" bindmethod=simple
-  credentials=$PASSWD searchbase="$BASEDN" type=refreshOnly
-  interval=00:00:00:10 retry="5 5 300 5" timeout=3
+  credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
+  retry="5 5 300 5" timeout=3
 olcMirrorMode: TRUE
 
 dn: olcOverlay=syncprov,olcDatabase={1}${BACKEND},cn=config
@@ -343,6 +359,24 @@
 	exit $RC
 fi
 
+case $BACKEND in
+bdb | hdb)
+	$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcDbIndex
+olcDbIndex: objectClass,entryUUID,entryCSN eq
+olcDbIndex: cn,uid pres,eq,sub
+EOF
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapadd modify for database config ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+	;;
+esac
+
 echo "Using ldapadd to populate producer..."
 $LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
 	>> $TESTOUT 2>&1
@@ -357,12 +391,12 @@
 echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
 sleep $SLEEP
 
-echo "Using ldapadd to populate consumer..."
+echo "Using ldapadd to populate consumer1..."
 $LDAPADD -D "$MANAGERDN" -H $URI2 -w $PASSWD -f $LDIFADD1 \
 	>> $TESTOUT 2>&1
 RC=$?
 if test $RC != 0 ; then
-	echo "ldapadd failed for consumer database ($RC)!"
+	echo "ldapadd failed for consumer1 database ($RC)!"
 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
 	exit $RC
 fi
@@ -371,6 +405,91 @@
 echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
 sleep $SLEEP
 
+echo "Using ldapadd to populate consumer2..."
+$LDAPADD -D "$MANAGERDN" -H $URI3 -w $PASSWD \
+	<< EOMODS >> $TESTOUT 2>&1
+dn: cn=Consumer 2 Test,dc=example,dc=com
+changetype: add
+objectClass: device
+cn: Consumer 2 Test
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapadd failed for consumer2 database ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+SLEEP=20
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
+echo "Using ldapmodify to add to the producer entries that will be deleted..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+	>> $TESTOUT 2>&1 << EOADDS
+dn: cn=To be deleted by producer,dc=example,dc=com
+changetype: add
+objectClass: device
+# no distinguished values, will be added by DSA
+
+dn: cn=To be deleted by consumer1,dc=example,dc=com
+changetype: add
+objectClass: device
+# no distinguished values, will be added by DSA
+
+dn: cn=To be deleted by consumer2,dc=example,dc=com
+changetype: add
+objectClass: device
+# no distinguished values, will be added by DSA
+
+dn: cn=To be deleted by producer,dc=example,dc=com
+changetype: delete
+EOADDS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed for producer database ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+SLEEP=20
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
+echo "Using ldapmodify to delete entries from consumer1..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI2 -w $PASSWD \
+	>> $TESTOUT 2>&1 << EOADDS
+dn: cn=To be deleted by consumer1,dc=example,dc=com
+changetype: delete
+EOADDS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed for consumer1 database ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+SLEEP=20
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
+echo "Using ldapmodify to delete entries from consumer2..."
+$LDAPMODIFY -D "$MANAGERDN" -H $URI3 -w $PASSWD \
+	>> $TESTOUT 2>&1 << EOADDS
+dn: cn=To be deleted by consumer2,dc=example,dc=com
+changetype: delete
+EOADDS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed for consumer2 database ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+SLEEP=20
+echo "Waiting $SLEEP seconds for syncrepl to receive changes..."
+sleep $SLEEP
+
 echo "Using ldapsearch to check that syncrepl received database changes..."
 RC=32
 for i in 0 1 2 3 4 5; do
@@ -422,13 +541,13 @@
 	exit $RC
 fi
 
-echo "Using ldapsearch to read config from the consumer..."
+echo "Using ldapsearch to read config from consumer1..."
 $LDAPSEARCH -b cn=config -D cn=config -H $URI2 -y $CONFIGPWF \
 	'objectclass=*' > $SLAVEOUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
-	echo "ldapsearch failed at consumer ($RC)!"
+	echo "ldapsearch failed at consumer1 ($RC)!"
 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
 	exit $RC
 fi
@@ -446,16 +565,16 @@
 
 echo "Filtering producer results..."
 . $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering consumer results..."
+echo "Filtering consumer1 results..."
 . $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
 echo "Filtering consumer2 results..."
 . $LDIFFILTER < $SLAVE2OUT > $SLAVE2FLT
 
-echo "Comparing retrieved configs from producer and consumer..."
+echo "Comparing retrieved configs from producer and consumer1..."
 $CMP $MASTERFLT $SLAVEFLT > $CMPOUT
 
 if test $? != 0 ; then
-	echo "test failed - producer and consumer configs differ"
+	echo "test failed - producer and consumer1 configs differ"
 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
 	exit 1
 fi
@@ -480,18 +599,18 @@
 	exit $RC
 fi
 
-echo "Using ldapsearch to read all the entries from the consumer..."
+echo "Using ldapsearch to read all the entries from consumer1..."
 $LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI2 -w $PASSWD  \
 	'objectclass=*' > $SLAVEOUT 2>&1
 RC=$?
 
 if test $RC != 0 ; then
-	echo "ldapsearch failed at consumer ($RC)!"
+	echo "ldapsearch failed at consumer1 ($RC)!"
 	test $KILLSERVERS != no && kill -HUP $KILLPIDS
 	exit $RC
 fi
 
-echo "Using ldapsearch to read all the entries from the consumer2..."
+echo "Using ldapsearch to read all the entries from consumer2..."
 $LDAPSEARCH -S "" -b "$BASEDN" -D "$MANAGERDN" -H $URI3 -w $PASSWD  \
 	'objectclass=*' > $SLAVE2OUT 2>&1
 RC=$?
@@ -502,21 +621,22 @@
 	exit $RC
 fi
 
+# kill!
+# test $KILLSERVERS != no && kill -HUP $KILLPIDS
+kill -HUP $KILLPIDS
 
-test $KILLSERVERS != no && kill -HUP $KILLPIDS
-
 echo "Filtering producer results..."
 . $LDIFFILTER < $MASTEROUT > $MASTERFLT
-echo "Filtering consumer results..."
+echo "Filtering consumer1 results..."
 . $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
 echo "Filtering consumer2 results..."
 . $LDIFFILTER < $SLAVE2OUT > $SLAVE2FLT
 
-echo "Comparing retrieved entries from producer and consumer..."
+echo "Comparing retrieved entries from producer and consumer1..."
 $CMP $MASTERFLT $SLAVEFLT > $CMPOUT
 
 if test $? != 0 ; then
-	echo "test failed - producer and consumer databases differ"
+	echo "test failed - producer and consumer1 databases differ"
 	exit 1
 fi
 
@@ -528,7 +648,9 @@
 	exit 1
 fi
 
-test $KILLSERVERS != no && wait
+# kill!
+# test $KILLSERVERS != no && wait
+wait
 
 echo "Restarting servers..."
 echo "Starting producer slapd on TCP/IP port $PORT1..."
@@ -560,7 +682,7 @@
 	exit $RC
 fi
 #exit 0
-echo "Starting consumer slapd on TCP/IP port $PORT2..."
+echo "Starting consumer1 slapd on TCP/IP port $PORT2..."
 cd $CONDIR
 echo "======================= RESTART =======================" >> $LOG2
 $SLAPD -F ./slapd.d -h $URI2 -d $LVL $TIMING >> $LOG2 2>&1 &
@@ -574,7 +696,7 @@
 
 sleep 1
 
-echo "Using ldapsearch to check that consumer slapd is running..."
+echo "Using ldapsearch to check that consumer1 slapd is running..."
 for i in 0 1 2 3 4 5; do
 	$LDAPSEARCH -s base -b "" -H $URI2 \
 		'objectclass=*' > /dev/null 2>&1

Modified: openldap/vendor/openldap-release/tests/scripts/test051-config-undo
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test051-config-undo	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test051-config-undo	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test051-config-undo,v 1.2.2.3 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test051-config-undo,v 1.2.2.4 2009/01/22 00:01:20 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without

Modified: openldap/vendor/openldap-release/tests/scripts/test052-memberof
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test052-memberof	2008-10-11 17:27:51 UTC (rev 1194)
+++ openldap/vendor/openldap-release/tests/scripts/test052-memberof	2009-02-17 16:18:54 UTC (rev 1195)
@@ -1,8 +1,8 @@
 #! /bin/sh
-# $OpenLDAP: pkg/ldap/tests/scripts/test052-memberof,v 1.4.2.2 2008/02/11 23:26:51 kurt Exp $
+# $OpenLDAP: pkg/ldap/tests/scripts/test052-memberof,v 1.4.2.4 2009/02/03 19:06:20 quanah Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2008 The OpenLDAP Foundation.
+## Copyright 1998-2009 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -75,6 +75,26 @@
 echo "Running ldapadd to build slapd config database..."
 $LDAPADD -h $LOCALHOST -p $PORT1 -D 'cn=config' -w `cat $CONFIGPWF` \
 	>> $TESTOUT 2>&1 <<EOF
+dn: cn=symas group example,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: symas group example
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.1 
+ NAME 'memberA' SUP distinguishedName )
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.2
+ NAME 'memberOfA' SUP distinguishedName )
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.3 
+ NAME 'memberB' SUP distinguishedName )
+olcAttributeTypes: ( 1.3.6.1.4.1.4754.31.1.4 
+ NAME 'memberOfB' SUP distinguishedName )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.1 
+ NAME 'groupA' SUP top STRUCTURAL MUST cn MAY memberA )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.2 
+ NAME 'groupMemberA' SUP top AUXILIARY MAY memberOfA )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.3 
+ NAME 'groupB' SUP top STRUCTURAL MUST cn MAY memberB )
+olcObjectClasses: ( 1.3.6.1.4.1.4754.31.2.4 
+ NAME 'groupMemberB' SUP top AUXILIARY MAY memberOfB )
+
 dn: olcDatabase={1}$BACKEND,cn=config
 objectClass: olcDatabaseConfig
 objectClass: olc${BACKEND}Config
@@ -91,7 +111,6 @@
 olcDbIndex: sn pres,eq,sub
 olcDbMode: 384
 
-# {0}memberof, {1}$BACKEND, config
 dn: olcOverlay={0}memberof,olcDatabase={1}$BACKEND,cn=config
 objectClass: olcOverlayConfig
 objectClass: olcMemberOf
@@ -100,6 +119,25 @@
 olcMemberOfGroupOC: groupOfNames
 olcMemberOfMemberAD: member
 olcMemberOfMemberOfAD: memberOf
+
+dn: olcOverlay={1}memberof,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {1}memberof
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupA
+olcMemberOfMemberAD: memberA
+olcMemberOfMemberOfAD: memberOfA
+
+dn: olcOverlay={2}memberof,olcDatabase={1}$BACKEND,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: {2}memberof
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupB
+olcMemberOfMemberAD: memberB
+olcMemberOfMemberOfAD: memberOfB
+
 EOF
 RC=$?
 if test $RC != 0 ; then
@@ -227,6 +265,66 @@
 	exit $RC
 fi
 
+echo "Adding groups with MAY member type schemas..."
+$LDAPMODIFY -h $LOCALHOST -p $PORT1 \
+	-D "cn=Manager,$BASEDN" -w secret \
+	>> $TESTOUT 2>&1 <<EOF
+dn: cn=Roger Rabbit,ou=People,$BASEDN
+changetype: delete
+
+dn: cn=Jessica Rabbit,ou=People,$BASEDN
+changetype: delete
+
+dn: cn=Cartoonia,ou=Groups,$BASEDN
+changetype: delete
+
+dn: cn=person1,ou=People,$BASEDN
+changetype: add
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person1
+sn: person1
+
+dn: cn=person2,ou=People,$BASEDN
+changetype: add
+objectClass: person
+objectClass: groupMemberA
+objectClass: groupMemberB
+cn: person2
+sn: person2
+
+dn: cn=group1,ou=Groups,$BASEDN
+changetype: add
+objectclass: groupA
+cn: group1
+memberA: cn=person1,ou=People,$BASEDN
+memberA: cn=person2,ou=People,$BASEDN
+
+dn: cn=group2,ou=Groups,$BASEDN
+changetype: add
+objectclass: groupB
+cn: group2
+memberB: cn=person1,ou=People,$BASEDN
+memberB: cn=person2,ou=People,$BASEDN
+
+dn: cn=group1,ou=Groups,$BASEDN
+changetype: modify
+delete: memberA
+
+EOF
+
+echo "Re-search the entire database..."
+echo "# Re-search the entire database..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+	'(objectClass=*)' '*' memberOf >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 LDIF=$MEMBEROFOUT

Added: openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load	                        (rev 0)
+++ openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,382 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test054-syncreplication-parallel-load,v 1.1.2.2 2009/01/22 00:01:20 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+if test "$BACKEND" != "bdb" && test "$BACKEND" != "hdb" ; then
+	echo "Test does not support $BACKEND"
+	exit 0
+fi
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $SYNCPROV = syncprovno; then 
+	echo "Syncrepl provider overlay not available, test skipped"
+	exit 0
+fi 
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR4
+
+#
+# Test replication:
+# - start producer
+# - start consumer
+# - populate over ldap
+# - perform some modifies and deleted
+# - attempt to modify the consumer (referral or chain)
+# - retrieve database over ldap and compare against expected results
+#
+
+echo "Starting producer slapd on TCP/IP port $PORT1..."
+. $CONFFILTER $BACKEND $MONITORDB < $SRMASTERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+    echo PID $PID
+    read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that producer slapd is running..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Using ldapadd to create the context prefix entry in the producer..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+	$LDIFORDEREDCP > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapadd failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Starting consumer slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRSLAVECONF > $CONF4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING > $LOG4 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+    echo SLAVEPID $SLAVEPID
+    read foo
+fi
+KILLPIDS="$KILLPIDS $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that consumer slapd is running..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT4 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+MORELDIF=$TESTDIR/more.ldif
+TESTOUT1=$TESTDIR/testout1.out
+TESTOUT2=$TESTDIR/testout2.out
+sed -e 's/[Oo][Uu]=/ou=More /g' -e 's/^[Oo][Uu]: /ou: More /' \
+	-e 's/cn=Manager/cn=More Manager/g' \
+	-e 's/^cn: Manager/cn: More Manager/' \
+	$LDIFORDEREDNOCP > $MORELDIF
+
+echo "Using ldapadd to populate the producer directory..."
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+	$LDIFORDEREDNOCP > $TESTOUT1 2>&1  &
+C1PID=$!
+$LDAPADD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD < \
+	$MORELDIF > $TESTOUT2 2>&1 &
+C2PID=$!
+wait $C1PID $C2PID
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Stopping the provider, sleeping 10 seconds and restarting it..."
+kill -HUP "$PID"
+wait $PID
+sleep 10
+echo "RESTART" >> $LOG1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+    echo PID $PID
+    read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that producer slapd is running..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting 10 seconds to let the system catch up"
+sleep 10
+
+echo "Using ldapmodify to modify producer directory..."
+
+#
+# Do some modifications
+#
+
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD > \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Orange Juice
+-
+delete: sn
+sn: Jones
+-
+add: sn
+sn: Jones
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+replace: drink
+drink: Iced Tea
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: uniquemember
+uniquemember: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+uniquemember: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+-
+add: uniquemember
+uniquemember: cn=Dorothy Stevens, ou=Alumni Association, ou=People, dc=example,dc=com
+uniquemember: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example,dc=com
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: description
+
+dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103
+seealso: cn=All Staff, ou=Groups, dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen at mailgw.example.com
+homephone: +1 313 555 8844
+
+dn: ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Retired
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+description: Fat tycoon
+
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modrdn
+newrdn: cn=Rosco P. Coltrane
+deleteoldrdn: 1
+newsuperior: ou=Retired, ou=People, dc=example,dc=com
+
+dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: delete
+
+EOMODS
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Using ldappasswd to change some passwords..."
+$LDAPPASSWD -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD \
+	'cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' \
+	> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Waiting 15 seconds for syncrepl to receive changes..."
+sleep 15
+
+echo "Stopping consumer to test recovery..."
+kill -HUP $SLAVEPID
+wait $SLAVEPID
+
+echo "Modifying more entries on the producer..."
+$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT1 -w $PASSWD >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
+changetype: delete
+
+dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: modify
+add: drink
+drink: Mad Dog 20/20
+
+dn: cn=Rosco P. Coltrane, ou=Retired, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+sn: Coltrane
+uid: rosco
+cn: Rosco P. Coltrane
+
+EOMODS
+
+echo "Restarting consumer..."
+echo "RESTART" >> $LOG4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL $TIMING >> $LOG4 2>&1 &
+SLAVEPID=$!
+if test $WAIT != 0 ; then
+    echo SLAVEPID $SLAVEPID
+    read foo
+fi
+KILLPIDS="$PID $SLAVEPID"
+
+echo "Waiting 25 seconds for syncrepl to receive changes..."
+sleep 25
+
+if test ! $BACKLDAP = "ldapno" ; then
+	echo "Try updating the consumer slapd..."
+	$LDAPMODIFY -v -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD > \
+		$TESTOUT 2>&1 << EOMODS
+dn: cn=James A Jones 1, ou=Alumni Association, ou=People, dc=example, dc=com
+changetype: modify
+add: description
+description: This write must fail because directed to a shadow context,
+description: unless the chain overlay is configured appropriately ;)
+
+EOMODS
+
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+
+	# ITS#4964
+	echo "Trying to change some passwords on the consumer..."
+	$LDAPPASSWD -D "$MANAGERDN" -h $LOCALHOST -p $PORT4 -w $PASSWD \
+		'cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com' \
+		> $TESTOUT 2>&1
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+
+	echo "Waiting 15 seconds for syncrepl to receive changes..."
+	sleep 15
+fi
+
+OPATTRS="entryUUID creatorsName createTimestamp modifiersName modifyTimestamp"
+
+echo "Using ldapsearch to read all the entries from the producer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+	'(objectclass=*)' '*' $OPATTRS > $MASTEROUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed at producer ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Using ldapsearch to read all the entries from the consumer..."
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT4 \
+	'(objectclass=*)' '*' $OPATTRS > $SLAVEOUT 2>&1
+RC=$?
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed at consumer ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering producer results..."
+. $LDIFFILTER < $MASTEROUT > $MASTERFLT
+echo "Filtering consumer results..."
+. $LDIFFILTER < $SLAVEOUT > $SLAVEFLT
+
+echo "Comparing retrieved entries from producer and consumer..."
+$CMP $MASTERFLT $SLAVEFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "test failed - producer and consumer databases differ"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0


Property changes on: openldap/vendor/openldap-release/tests/scripts/test054-syncreplication-parallel-load
___________________________________________________________________
Name: svn:executable
   + *

Added: openldap/vendor/openldap-release/tests/scripts/test055-valregex
===================================================================
--- openldap/vendor/openldap-release/tests/scripts/test055-valregex	                        (rev 0)
+++ openldap/vendor/openldap-release/tests/scripts/test055-valregex	2009-02-17 16:18:54 UTC (rev 1195)
@@ -0,0 +1,123 @@
+#! /bin/sh
+# $OpenLDAP: pkg/ldap/tests/scripts/test055-valregex,v 1.2.2.2 2009/01/22 00:01:20 kurt Exp $
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2009 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+case "$BACKEND" in
+bdb|hdb)
+	;;
+*)
+	echo "Test does not support $BACKEND backend"
+	exit 0
+esac
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+LVL=acl
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $VALREGEXCONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+    echo PID $PID
+    read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Testing attribute value regex subsitution..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "# Try an attribute vale regex that match, but substitute does not"
+echo "# this should fail"
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: modify
+replace: sn
+sn: foobarbuz
+EOMODS
+RC=$?
+case $RC in
+50)
+	echo "ldapmodify failed as expected"
+	;;
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "# Try an attribute vale regex that match and substitute does"
+echo "# this should succeed"
+$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: modify
+replace: sn
+sn: James A Jones 1
+EOMODS
+RC=$?
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+case $RC in
+0)
+	echo "ldapmodify succeed as expected"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	exit $RC
+	;;
+esac
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0


Property changes on: openldap/vendor/openldap-release/tests/scripts/test055-valregex
___________________________________________________________________
Name: svn:executable
   + *




More information about the Pkg-openldap-devel mailing list